diff --git a/CODE_OF_CONDUCT b/CODE_OF_CONDUCT new file mode 100644 index 0000000..d8d160a --- /dev/null +++ b/CODE_OF_CONDUCT @@ -0,0 +1,7 @@ +The Tor Project is committed to fostering a inclusive community +where people feel safe to engage, share their points of view, and +participate. For the latest version of our Code of Conduct, please +see + +https://gitweb.torproject.org/community/policies.git/plain/code_of_conduct.txt + diff --git a/CONTRIBUTING b/CONTRIBUTING new file mode 100644 index 0000000..3569f45 --- /dev/null +++ b/CONTRIBUTING @@ -0,0 +1,39 @@ +Contributing to Tor +------------------- + +### Getting started + +Welcome! + +We have a bunch of documentation about how to develop Tor in the +doc/HACKING/ directory. We recommend that you start with +doc/HACKING/README.1st.md , and then go from there. It will tell +you how to find your way around the source code, how to get +involved with the Tor community, how to write patches, and much +more! + +You don't have to be a C developer to help with Tor: have a look +at https://www.torproject.org/getinvolved/volunteer ! + +The Tor Project is committed to fostering a inclusive community +where people feel safe to engage, share their points of view, and +participate. For the latest version of our Code of Conduct, please +see + +https://gitweb.torproject.org/community/policies.git/plain/code_of_conduct.txt + + + +### License issues + +Tor is distributed under the license terms in the LICENSE -- in +brief, the "3-clause BSD license". If you send us code to +distribute with Tor, it needs to be code that we can distribute +under those terms. Please don't send us patches unless you agree +to allow this. + +Some compatible licenses include: + + - 3-clause BSD + - 2-clause BSD + - CC0 Public Domain Dedication diff --git a/ChangeLog b/ChangeLog new file mode 100644 index 0000000..39f668a --- /dev/null +++ b/ChangeLog @@ -0,0 +1,38267 @@ +Changes in version 0.4.6.5 - 2021-06-14 + Tor 0.4.6.5 is the first stable release in its series. The 0.4.6.x + series includes numerous features and bugfixes, including a significant + improvement to our circuit timeout algorithm that should improve + observed client performance, and a way for relays to report when they are + overloaded. + + This release also includes security fixes for several security issues, + including a denial-of-service attack against onion service clients, + and another denial-of-service attack against relays. Everybody should + upgrade to one of 0.3.5.15, 0.4.4.9, 0.4.5.9, or 0.4.6.5. + + Below are the changes since 0.4.6.4-rc. For a complete list of changes + since 0.4.5.8, see the ReleaseNotes file. + + o Major bugfixes (security): + - Don't allow relays to spoof RELAY_END or RELAY_RESOLVED cell on + half-closed streams. Previously, clients failed to validate which + hop sent these cells: this would allow a relay on a circuit to end + a stream that wasn't actually built with it. Fixes bug 40389; + bugfix on 0.3.5.1-alpha. This issue is also tracked as TROVE-2021- + 003 and CVE-2021-34548. + + o Major bugfixes (security, defense-in-depth): + - Detect more failure conditions from the OpenSSL RNG code. + Previously, we would detect errors from a missing RNG + implementation, but not failures from the RNG code itself. + Fortunately, it appears those failures do not happen in practice + when Tor is using OpenSSL's default RNG implementation. Fixes bug + 40390; bugfix on 0.2.8.1-alpha. This issue is also tracked as + TROVE-2021-004. Reported by Jann Horn at Google's Project Zero. + + o Major bugfixes (security, denial of service): + - Resist a hashtable-based CPU denial-of-service attack against + relays. Previously we used a naive unkeyed hash function to look + up circuits in a circuitmux object. An attacker could exploit this + to construct circuits with chosen circuit IDs, to create + collisions and make the hash table inefficient. Now we use a + SipHash construction here instead. Fixes bug 40391; bugfix on + 0.2.4.4-alpha. This issue is also tracked as TROVE-2021-005 and + CVE-2021-34549. Reported by Jann Horn from Google's Project Zero. + - Fix an out-of-bounds memory access in v3 onion service descriptor + parsing. An attacker could exploit this bug by crafting an onion + service descriptor that would crash any client that tried to visit + it. Fixes bug 40392; bugfix on 0.3.0.1-alpha. This issue is also + tracked as TROVE-2021-006 and CVE-2021-34550. Reported by Sergei + Glazunov from Google's Project Zero. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/06/10. + + o Minor features (logging, diagnostic): + - Log decompression failures at a higher severity level, since they + can help provide missing context for other warning messages. We + rate-limit these messages, to avoid flooding the logs if they + begin to occur frequently. Closes ticket 40175. + + +Changes in version 0.4.6.4-rc - 2021-05-28 + Tor 0.4.6.4-rc fixes a few bugs from previous releases. This, we hope, + the final release candidate in its series: unless major new issues are + found, the next release will be stable. + + o Minor features (compatibility): + - Remove an assertion function related to TLS renegotiation. It was + used nowhere outside the unit tests, and it was breaking + compilation with recent alpha releases of OpenSSL 3.0.0. Closes + ticket 40399. + + o Minor bugfixes (consensus handling): + - Avoid a set of bugs that could be caused by inconsistently + preferring an out-of-date consensus stored in a stale directory + cache over a more recent one stored on disk as the latest + consensus. Fixes bug 40375; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (control, sandbox): + - Allow the control command SAVECONF to succeed when the seccomp + sandbox is enabled, and make SAVECONF keep only one backup file to + simplify implementation. Previously SAVECONF allowed a large + number of backup files, which made it incompatible with the + sandbox. Fixes bug 40317; bugfix on 0.2.5.4-alpha. Patch by + Daniel Pinto. + + o Minor bugfixes (metrics port): + - Fix a bug that made tor try to re-bind() on an already open + MetricsPort every 60 seconds. Fixes bug 40370; bugfix + on 0.4.5.1-alpha. + + o Removed features: + - Remove unneeded code for parsing private keys in directory + documents. This code was only used for client authentication in v2 + onion services, which are now unsupported. Closes ticket 40374. + + +Changes in version 0.4.5.8 - 2021-05-10 + Tor 0.4.5.8 fixes several bugs in earlier version, backporting fixes + from the 0.4.6.x series. + + o Minor features (compatibility, Linux seccomp sandbox, backport from 0.4.6.3-rc): + - Add a workaround to enable the Linux sandbox to work correctly + with Glibc 2.33. This version of Glibc has started using the + fstatat() system call, which previously our sandbox did not allow. + Closes ticket 40382; see the ticket for a discussion of trade-offs. + + o Minor features (compilation, backport from 0.4.6.3-rc): + - Make the autoconf script build correctly with autoconf versions + 2.70 and later. Closes part of ticket 40335. + + o Minor features (fallback directory list, backport from 0.4.6.2-alpha): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/05/07. + + o Minor features (onion services): + - Add warning message when connecting to now deprecated v2 onion + services. As announced, Tor 0.4.5.x is the last series that will + support v2 onions. Closes ticket 40373. + + o Minor bugfixes (bridge, pluggable transport, backport from 0.4.6.2-alpha): + - Fix a regression that made it impossible start Tor using a bridge + line with a transport name and no fingerprint. Fixes bug 40360; + bugfix on 0.4.5.4-rc. + + o Minor bugfixes (build, cross-compilation, backport from 0.4.6.3-rc): + - Allow a custom "ar" for cross-compilation. Our previous build + script had used the $AR environment variable in most places, but + it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (channel, DoS, backport from 0.4.6.2-alpha): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compiler warnings, backport from 0.4.6.3-rc): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (controller, backport from 0.4.6.1-alpha): + - Fix a "BUG" warning that would appear when a controller chooses + the first hop for a circuit, and that circuit completes. Fixes bug + 40285; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, client, memory leak, backport from 0.4.6.3-rc): + - Fix a bug where an expired cached descriptor could get overwritten + with a new one without freeing it, leading to a memory leak. Fixes + bug 40356; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, BSD, backport from 0.4.6.2-alpha): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + +Changes in version 0.4.6.3-rc - 2021-05-10 + Tor 0.4.6.3-rc is the first release candidate in its series. It fixes + a few small bugs from previous versions, and adds a better error + message when trying to use (no longer supported) v2 onion services. + + Though we anticipate that we'll be doing a bit more clean-up between + now and the stable release, we expect that our remaining changes will + be fairly simple. There will likely be at least one more release + candidate before 0.4.6.x is stable. + + o Major bugfixes (onion service, control port): + - Make the ADD_ONION command properly configure client authorization. + Before this fix, the created onion failed to add the client(s). + Fixes bug 40378; bugfix on 0.4.6.1-alpha. + + o Minor features (compatibility, Linux seccomp sandbox): + - Add a workaround to enable the Linux sandbox to work correctly + with Glibc 2.33. This version of Glibc has started using the + fstatat() system call, which previously our sandbox did not allow. + Closes ticket 40382; see the ticket for a discussion of trade-offs. + + o Minor features (compilation): + - Make the autoconf script build correctly with autoconf versions + 2.70 and later. Closes part of ticket 40335. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/05/07. + + o Minor features (onion services): + - Add a warning message when trying to connect to (no longer + supported) v2 onion services. Closes ticket 40373. + + o Minor bugfixes (build, cross-compilation): + - Allow a custom "ar" for cross-compilation. Our previous build + script had used the $AR environment variable in most places, but + it missed one. Fixes bug 40369; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (compiler warnings): + - Fix an indentation problem that led to a warning from GCC 11.1.1. + Fixes bug 40380; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (logging, relay): + - Emit a warning if an Address is found to be internal and tor can't + use it. Fixes bug 40290; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service, client, memory leak): + - Fix a bug where an expired cached descriptor could get overwritten + with a new one without freeing it, leading to a memory leak. Fixes + bug 40356; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.4.6.2-alpha - 2021-04-15 + Tor 0.4.6.2-alpha is the second alpha in its series. It fixes several + small bugs in previous releases, and solves other issues that had + enabled denial-of-service attacks and affected integration with + other tools. + + o Minor features (client): + - Clients now check whether their streams are attempting to re-enter + the Tor network (i.e. to send Tor traffic over Tor), and close + them preemptively if they think exit relays will refuse them for + this reason. See ticket 2667 for details. Closes ticket 40271. + + o Minor features (command line): + - Add long format name "--torrc-file" equivalent to the existing + command-line option "-f". Closes ticket 40324. Patch by + Daniel Pinto. + + o Minor features (dormant mode): + - Add a new 'DormantTimeoutEnabled' option to allow coarse-grained + control over whether the client ever becomes dormant from + inactivity. Most people won't need this. Closes ticket 40228. + + o Minor features (fallback directory list): + - Regenerate the list of fallback directories to contain a new set + of 200 relays. Closes ticket 40265. + + o Minor features (geoip data): + - Update the geoip files to match the IPFire Location Database, as + retrieved on 2021/04/13. + + o Minor features (logging): + - Edit heartbeat log messages so that more of them begin with the + string "Heartbeat: ". Closes ticket 40322; patch + from 'cypherpunks'. + + o Minor bugfixes (bridge, pluggable transport): + - Fix a regression that made it impossible start Tor using a bridge + line with a transport name and no fingerprint. Fixes bug 40360; + bugfix on 0.4.5.4-rc. + + o Minor bugfixes (channel, DoS): + - Fix a non-fatal BUG() message due to a too-early free of a string, + when listing a client connection from the DoS defenses subsystem. + Fixes bug 40345; bugfix on 0.4.3.4-rc. + + o Minor bugfixes (compilation): + - Fix a compilation warning about unused functions when building + with a libc that lacks the GLOB_ALTDIRFUNC constant. Fixes bug + 40354; bugfix on 0.4.5.1-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (configuration): + - Fix pattern-matching for directories on all platforms when using + %include options in configuration files. This patch also fixes + compilation on musl libc based systems. Fixes bug 40141; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Move the "overload-general" line from extrainfo to the server + descriptor. Fixes bug 40364; bugfix on 0.4.6.1-alpha. + + o Minor bugfixes (testing, BSD): + - Fix pattern-matching errors when patterns expand to invalid paths + on BSD systems. Fixes bug 40318; bugfix on 0.4.5.1-alpha. Patch by + Daniel Pinto. + + o Documentation (manual): + - Move the ServerTransport* options to the "SERVER OPTIONS" section. + Closes issue 40331. + - Indicate that the HiddenServiceStatistics option also applies to + bridges. Closes ticket 40346. + - Move the description of BridgeRecordUsageByCountry to the section + "STATISTICS OPTIONS". Closes ticket 40323. + + +Changes in version 0.4.6.1-alpha - 2021-03-18 + Tor 0.4.6.1-alpha is the first alpha release in the 0.4.6.x series. It + improves client circuit performance, adds missing features, and + improves some of our DoS handling and statistics reporting. It also + includes numerous smaller bugfixes. + + Below are the changes since 0.4.5.7. (Note that this release DOES + include the fixes for the security bugs already fixed in 0.4.5.7.) + + o Major features (control port, onion services): + - Add controller support for creating version 3 onion services with + client authorization. Previously, only v2 onion services could be + created with client authorization. Closes ticket 40084. Patch by + Neel Chauhan. + + o Major features (directory authority): + - When voting on a relay with a Sybil-like appearance, add the Sybil + flag when clearing out the other flags. This lets a relay operator + know why their relay hasn't been included in the consensus. Closes + ticket 40255. Patch by Neel Chauhan. + + o Major features (metrics): + - Relays now report how overloaded they are in their extrainfo + documents. This information is controlled with the + OverloadStatistics torrc option, and it will be used to improve + decisions about the network's load balancing. Implements proposal + 328; closes ticket 40222. + + o Major features (relay, denial of service): + - Add a new DoS subsystem feature to control the rate of client + connections for relays. Closes ticket 40253. + + o Major features (statistics): + - Relays now publish statistics about the number of v3 onion + services and volume of v3 onion service traffic, in the same + manner they already do for v2 onions. Closes ticket 23126. + + o Major bugfixes (circuit build timeout): + - Improve the accuracy of our circuit build timeout calculation for + 60%, 70%, and 80% build rates for various guard choices. We now + use a maximum likelihood estimator for Pareto parameters of the + circuit build time distribution, instead of a "right-censored + estimator". This causes clients to ignore circuits that never + finish building in their timeout calculations. Previously, clients + were counting such unfinished circuits as having the highest + possible build time value, when in reality these circuits most + likely just contain relays that are offline. We also now wait a + bit longer to let circuits complete for measurement purposes, + lower the minimum possible effective timeout from 1.5 seconds to + 10ms, and increase the resolution of the circuit build time + histogram from 50ms bin widths to 10ms bin widths. Additionally, + we alter our estimate Xm by taking the maximum of the top 10 most + common build time values of the 10ms histogram, and compute Xm as + the average of these. Fixes bug 40168; bugfix on 0.2.2.14-alpha. + - Remove max_time calculation and associated warning from circuit + build timeout 'alpha' parameter estimation, as this is no longer + needed by our new estimator from 40168. Fixes bug 34088; bugfix + on 0.2.2.9-alpha. + + o Major bugfixes (signing key): + - In the tor-gencert utility, give an informative error message if + the passphrase given in `--create-identity-key` is too short. + Fixes bug 40189; bugfix on 0.2.0.1-alpha. Patch by Neel Chauhan. + + o Minor features (bridge): + - We now announce the URL to Tor's new bridge status at + https://bridges.torproject.org/ when Tor is configured to run as a + bridge relay. Closes ticket 30477. + + o Minor features (build system): + - New "make lsp" command to auto generate the compile_commands.json + file used by the ccls server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (command-line interface): + - Add build informations to `tor --version` in order to ease + reproducible builds. Closes ticket 32102. + - When parsing command-line flags that take an optional argument, + treat the argument as absent if it would start with a '-' + character. Arguments in that form are not intelligible for any of + our optional-argument flags. Closes ticket 40223. + - Allow a relay operator to list the ed25519 keys on the command + line by adding the `rsa` and `ed25519` arguments to the + --list-fingerprint flag to show the respective RSA and ed25519 + relay fingerprint. Closes ticket 33632. Patch by Neel Chauhan. + + o Minor features (control port, stream handling): + - Add the stream ID to the event line in the ADDRMAP control event. + Closes ticket 40249. Patch by Neel Chauhan. + + o Minor features (dormant mode): + - Add a new 'DormantTimeoutEnabled' option for coarse-grained + control over whether the client can become dormant from + inactivity. Most people won't need this. Closes ticket 40228. + + o Minor features (logging): + - Change the DoS subsystem heartbeat line format to be more clear on + what has been detected/rejected, and which option is disabled (if + any). Closes ticket 40308. + - In src/core/mainloop/mainloop.c and src/core/mainloop/connection.c, + put brackets around IPv6 addresses in log messages. Closes ticket + 40232. Patch by Neel Chauhan. + + o Minor features (performance, windows): + - Use SRWLocks to implement locking on Windows. Replaces the + "critical section" locking implementation with the faster + SRWLocks, available since Windows Vista. Closes ticket 17927. + Patch by Daniel Pinto. + + o Minor features (protocol, proxy support, defense in depth): + - Close HAProxy connections if they somehow manage to send us data + before we start reading. Closes another case of ticket 40017. + + o Minor features (tests, portability): + - Port the hs_build_address.py test script to work with recent + versions of python. Closes ticket 40213. Patch from + Samanta Navarro. + + o Minor features (vote document): + - Add a "stats" line to directory authority votes, to report various + statistics that authorities compute about the relays. This will + help us diagnose the network better. Closes ticket 40314. + + o Minor bugfixes (build): + - The configure script now shows whether or not lzma and zstd have + been used, not just if the enable flag was passed in. Fixes bug + 40236; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (compatibility): + - Fix a failure in the test cases when running on the "hppa" + architecture, along with a related test that might fail on other + architectures in the future. Fixes bug 40274; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (controller): + - Fix a "BUG" warning that would appear when a controller chooses + the first hop for a circuit, and that circuit completes. Fixes bug + 40285; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (directory authorities, voting): + - Add a new consensus method (31) to support any future changes that + authorities decide to make to the value of bwweightscale or + maxunmeasuredbw. Previously, there was a bug that prevented the + authorities from parsing these consensus parameters correctly under + most circumstances. Fixes bug 19011; bugfix on 0.2.2.10-alpha. + + o Minor bugfixes (ipv6): + - Allow non-SOCKSPorts to disable IPv4, IPv6, and PreferIPv4. Some + rare configurations might break, but in this case you can disable + NoIPv4Traffic and NoIPv6Traffic as needed. Fixes bug 33607; bugfix + on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (key generation): + - Do not require a valid torrc when using the `--keygen` argument to + generate a signing key. This allows us to generate keys on systems + or users which may not run Tor. Fixes bug 40235; bugfix on + 0.2.7.2-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (onion services, logging): + - Downgrade the severity of a few rendezvous circuit-related + warnings from warning to info. Fixes bug 40207; bugfix on + 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (relay): + - Reduce the compression level for data streaming from HIGH to LOW. + This should reduce the CPU and memory burden for directory caches. + Fixes bug 40301; bugfix on 0.3.5.1-alpha. + + o Code simplification and refactoring: + - Remove the orconn_ext_or_id_map structure and related functions. + (Nothing outside of unit tests used them.) Closes ticket 33383. + Patch by Neel Chauhan. + + o Removed features: + - As of this release, Tor no longer supports the old v2 onion + services. They were deprecated last July for security, and support + will be removed entirely later this year. We strongly encourage + everybody to migrate to v3 onion services. For more information, + see https://blog.torproject.org/v2-deprecation-timeline . Closes + ticket 40266. (NOTE: We accidentally released an earlier version + of the 0.4.6.1-alpha changelog without this entry. Sorry for + the confusion!) + + o Code simplification and refactoring (metrics, DoS): + - Move the DoS subsystem into the subsys manager, including its + configuration options. Closes ticket 40261. + + o Removed features (relay): + - Because DirPorts are only used on authorities, relays no longer + advertise them. Similarly, self-testing for DirPorts has been + disabled, since an unreachable DirPort is no reason for a relay + not to advertise itself. (Configuring a DirPort will still work, + for now.) Closes ticket 40282. + + +Changes in version 0.3.5.14 - 2021-03-16 + Tor 0.3.5.14 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.4.8 - 2021-03-16 + Tor 0.4.4.8 backports fixes for two important denial-of-service bugs + in earlier versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a + compatibility issue. + + o Major bugfixes (security, denial of service, backport from 0.4.5.7): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data, backport from 0.4.5.7): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Removed features (mallinfo deprecated, backport from 0.4.5.7): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.5.7 - 2021-03-16 + Tor 0.4.5.7 fixes two important denial-of-service bugs in earlier + versions of Tor. + + One of these vulnerabilities (TROVE-2021-001) would allow an attacker + who can send directory data to a Tor instance to force that Tor + instance to consume huge amounts of CPU. This is easiest to exploit + against authorities, since anybody can upload to them, but directory + caches could also exploit this vulnerability against relays or clients + when they download. The other vulnerability (TROVE-2021-002) only + affects directory authorities, and would allow an attacker to remotely + crash the authority with an assertion failure. Patches have already + been provided to the authority operators, to help ensure + network stability. + + We recommend that everybody upgrade to one of the releases that fixes + these issues (0.3.5.14, 0.4.4.8, or 0.4.5.7) as they become available + to you. + + This release also updates our GeoIP data source, and fixes a few + smaller bugs in earlier releases. + + o Major bugfixes (security, denial of service): + - Disable the dump_desc() function that we used to dump unparseable + information to disk. It was called incorrectly in several places, + in a way that could lead to excessive CPU usage. Fixes bug 40286; + bugfix on 0.2.2.1-alpha. This bug is also tracked as TROVE-2021- + 001 and CVE-2021-28089. + - Fix a bug in appending detached signatures to a pending consensus + document that could be used to crash a directory authority. Fixes + bug 40316; bugfix on 0.2.2.6-alpha. Tracked as TROVE-2021-002 + and CVE-2021-28090. + + o Minor features (geoip data): + - We have switched geoip data sources. Previously we shipped IP-to- + country mappings from Maxmind's GeoLite2, but in 2019 they changed + their licensing terms, so we were unable to update them after that + point. We now ship geoip files based on the IPFire Location + Database instead. (See https://location.ipfire.org/ for more + information). This release updates our geoip files to match the + IPFire Location Database as retrieved on 2021/03/12. Closes + ticket 40224. + + o Minor bugfixes (directory authority): + - Now that exit relays don't allow exit connections to directory + authority DirPorts (to prevent network reentry), disable + authorities' reachability self test on the DirPort. Fixes bug + 40287; bugfix on 0.4.5.5-rc. + + o Minor bugfixes (documentation): + - Fix a formatting error in the documentation for + VirtualAddrNetworkIPv6. Fixes bug 40256; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (Linux, relay): + - Fix a bug in determining total available system memory that would + have been triggered if the format of Linux's /proc/meminfo file + had ever changed to include "MemTotal:" in the middle of a line. + Fixes bug 40315; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (metrics port): + - Fix a BUG() warning on the MetricsPort for an internal missing + handler. Fixes bug 40295; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (onion service): + - Remove a harmless BUG() warning when reloading tor configured with + onion services. Fixes bug 40334; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (portability): + - Fix a non-portable usage of "==" with "test" in the configure + script. Fixes bug 40298; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay): + - Remove a spammy log notice falsely claiming that the IPv4/v6 + address was missing. Fixes bug 40300; bugfix on 0.4.5.1-alpha. + - Do not query the address cache early in the boot process when + deciding if a relay needs to fetch early directory information + from an authority. This bug resulted in a relay falsely believing + it didn't have an address and thus triggering an authority fetch + at each boot. Related to our fix for 40300. + + o Removed features (mallinfo deprecated): + - Remove mallinfo() usage entirely. Libc 2.33+ now deprecates it. + Closes ticket 40309. + + +Changes in version 0.4.5.6 - 2021-02-15 + The Tor 0.4.5.x release series is dedicated to the memory of Karsten + Loesing (1979-2020), Tor developer, cypherpunk, husband, and father. + Karsten is best known for creating the Tor metrics portal and leading + the metrics team, but he was involved in Tor from the early days. For + example, while he was still a student he invented and implemented the + v2 onion service directory design, and he also served as an ambassador + to the many German researchers working in the anonymity field. We + loved him and respected him for his patience, his consistency, and his + welcoming approach to growing our community. + + This release series introduces significant improvements in relay IPv6 + address discovery, a new "MetricsPort" mechanism for relay operators + to measure performance, LTTng support, build system improvements to + help when using Tor as a static library, and significant bugfixes + related to Windows relay performance. It also includes numerous + smaller features and bugfixes. + + Below are the changes since 0.4.4.4-rc. For a complete list of changes + since 0.4.4.7, see the ReleaseNotes file. + + o Major bugfixes (IPv6, relay): + - Fix a bug that prevented a relay from publishing its descriptor if + an auto-discovered IPv6 that was found unreachable. Fixes bug + 40279; bugfix on 0.4.5.1-alpha. + + o Minor features (protocol versions): + - Stop claiming to support the "DirCache=1" subprotocol version. + Technically, we stopped supporting this subprotocol back in + 0.4.5.1-alpha, but we needed to wait for the authorities to stop + listing it as "required" before we could drop it from the list. + Closes ticket 40221. + + o Minor bugfixes (logging): + - Avoid a spurious log message about missing subprotocol versions, + when the consensus that we're reading from is older than the + current release. Previously we had made this message nonfatal, but + in practice, it is never relevant when the consensus is older than + the current release. Fixes bug 40281; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (metrics port): + - Fix a bug warning when a metrics port socket was unexpectedly + closed. Fixes bug 40257; bugfix on 0.4.5.1-alpha + + o Minor bugfixes (relay): + - Allow relays to have a RFC1918 address if PublishServerDescriptor + is set to 0 and AssumeReachable is set to 1. This is to support + the use case of a bridge on a local network, exposed via a + pluggable transport. Fixes bug 40208; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay, config): + - Fix a problem in the removal of duplicate ORPorts from the + internal port list when loading the config file. We were removing + the wrong ports, breaking valid torrc uses cases for multiple + ORPorts of the same address family. Fixes bug 40289; bugfix + on 0.4.5.1-alpha. + + +Changes in version 0.4.4.7 - 2021-02-03 + Tor 0.4.4.7 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.3.8 - 2021-02-03 + Tor 0.4.3.8 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + Note that this is, in all likelihood, the last release of Tor 0.4.3.x, + which will reach end-of-life on 15 Feb 2021. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (stats, onion services, backport from 0.4.4.5): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.1-rc): + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.3.5.13 - 2020-02-03 + Tor 0.3.5.13 backports numerous bugfixes from later releases, + including one that made v3 onion services more susceptible to + denial-of-service attacks, and a feature that makes some kinds of + DoS attacks harder to perform. + + o Major bugfixes (onion service v3, backport from 0.4.5.3-rc): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Major bugfixes (stats, onion services, backport from 0.4.4.5): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Major feature (exit, backport from 0.4.5.5-rc): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor feature (build system, backport from 0.4.5.4-rc): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (compilation, backport from 0.4.5.2-rc): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (crypto, backport from 0.4.5.3-rc): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor bugfixes (compatibility, backport from 0.4.5.1-rc): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation, backport from 0.4.5.1-rc): + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.3-rc): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (SOCKS5, backport from 0.4.5.3-rc): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.5.2-alpha): + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.5.5-rc - 2021-02-01 + Tor 0.4.5.5-rc is the third release candidate in its series. We're + coming closer and closer to a stable release series. This release + fixes an annoyance with address detection code, and somewhat mitigates + an ongoing denial-of-service attack. + + We anticipate no more code changes between this and the stable + release, though of course that could change. + + o Major feature (exit): + - Re-entry into the network is now denied at the Exit level to all + relays' ORPorts and authorities' ORPorts and DirPorts. This change + should help mitgate a set of denial-of-service attacks. Closes + ticket 2667. + + o Minor bugfixes (relay, configuration): + - Don't attempt to discover our address (IPv4 or IPv6) if no ORPort + for it can be found in the configuration. Fixes bug 40254; bugfix + on 0.4.5.1-alpha. + + +Changes in version 0.4.5.4-rc - 2021-01-22 + Tor 0.4.5.4-rc is the second release candidate in its series. It fixes + several bugs present in previous releases. + + We expect that the stable release will be the same, or almost the + same, as this release candidate, unless serious bugs are found. + + o Major bugfixes (authority, IPv6): + - Do not consider multiple relays in the same IPv6 /64 network to be + sybils. Fixes bug 40243; bugfix on 0.4.5.1-alpha. + + o Major bugfixes (directory cache, performance, windows): + - Limit the number of items in the consensus diff cache to 64 on + Windows. We hope this will mitigate an issue where Windows relay + operators reported Tor using 100% CPU, while we investigate better + solutions. Fixes bug 24857; bugfix on 0.3.1.1-alpha. + + o Minor feature (build system): + - New "make lsp" command to generate the compile_commands.json file + used by the ccls language server. The "bear" program is needed for + this. Closes ticket 40227. + + o Minor features (authority, logging): + - Log more information for directory authority operators during the + consensus voting process, and while processing relay descriptors. + Closes ticket 40245. + - Reject obsolete router/extrainfo descriptors earlier and more + quietly, to avoid spamming the logs. Fixes bug 40238; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (compilation): + - Fix another warning about unreachable fallthrough annotations when + building with "--enable-all-bugs-are-fatal" on some compilers. + Fixes bug 40241; bugfix on 0.4.5.3-rc. + - Change the linker flag ordering in our library search code so that + it works for compilers that need the libraries to be listed in the + right order. Fixes bug 33624; bugfix on 0.1.1.0-alpha. + + o Minor bugfixes (config, bridge): + - Don't initiate a connection to a bridge configured to use a + missing transport. This change reverts an earlier fix that would + try to avoid such situations during configuration chcecking, but + which doesn't work with DisableNetwork. Fixes bug 40106; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (onion services): + - Avoid a non-fatal assertion in certain edge-cases when + establishing a circuit to an onion service. Fixes bug 32666; + bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (relay): + - If we were unable to build our descriptor, don't mark it as having + been advertised. Also remove an harmless BUG(). Fixes bug 40231; + bugfix on 0.4.5.1-alpha. + + +Changes in version 0.4.5.3-rc - 2021-01-12 + Tor 0.4.5.3-rc is the first release candidate in its series. It fixes + several bugs, including one that broke onion services on certain older + ARM CPUs, and another that made v3 onion services less reliable. + + Though we anticipate that we'll be doing a bit more clean-up between + now and the stable release, we expect that our remaining changes will + be fairly simple. There will be at least one more release candidate + before 0.4.5.x is stable. + + o Major bugfixes (onion service v3): + - Stop requiring a live consensus for v3 clients and services, and + allow a "reasonably live" consensus instead. This allows v3 onion + services to work even if the authorities fail to generate a + consensus for more than 2 hours in a row. Fixes bug 40237; bugfix + on 0.3.5.1-alpha. + + o Minor features (crypto): + - Fix undefined behavior on our Keccak library. The bug only + appeared on platforms with 32-byte CPU cache lines (e.g. armv5tel) + and would result in wrong digests. Fixes bug 40210; bugfix on + 0.2.8.1-alpha. Thanks to Bernhard Übelacker, Arnd Bergmann and + weasel for diagnosing this. + + o Minor features (documentation): + - Mention the "!badexit" directive that can appear in an authority's + approved-routers file, and update the description of the + "!invalid" directive. Closes ticket 40188. + + o Minor bugfixes (compilation): + - Fix a compilation warning about unreachable fallthrough + annotations when building with "--enable-all-bugs-are-fatal" on + some compilers. Fixes bug 40241; bugfix on 0.3.5.4-alpha. + - Fix the "--enable-static-tor" switch to properly set the "-static" + compile option onto the tor binary only. Fixes bug 40111; bugfix + on 0.2.3.1-alpha. + + o Minor bugfixes (config, bridge): + - Really fix the case where torrc has a missing ClientTransportPlugin + but is configured with a Bridge line and UseBridges. Previously, + we didn't look at the managed proxy list and thus would fail for + the "exec" case. Fixes bug 40106; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (logging, relay): + - Log our address as reported by the directory authorities, if none + was configured or detected before. Fixes bug 40201; bugfix + on 0.4.5.1-alpha. + - When a launching bandwidth testing circuit, don't incorrectly call + it a reachability test, or trigger a "CHECKING_REACHABILITY" + control event. Fixes bug 40205; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (relay, statistics): + - Report the correct connection statistics in our extrainfo + documents. Previously there was a problem in the file loading + function which would wrongly truncate a state file, causing the + wrong information to be reported. Fixes bug 40226; bugfix + on 0.4.5.1-alpha. + + o Minor bugfixes (SOCKS5): + - Handle partial SOCKS5 messages correctly. Previously, our code + would send an incorrect error message if it got a SOCKS5 request + that wasn't complete. Fixes bug 40190; bugfix on 0.3.5.1-alpha. + + +Changes in version 0.4.5.2-alpha - 2020-11-23 + Tor 0.4.5.2-alpha is the second alpha release in the 0.4.5.x series. + It fixes several bugs present in earlier releases, including one that + made it impractical to run relays on Windows. It also adds a few small + safety features to improve Tor's behavior in the presence of strange + compile-time options, misbehaving proxies, and future versions + of OpenSSL. + + o Major bugfixes (relay, windows): + - Fix a bug in our implementation of condition variables on Windows. + Previously, a relay on Windows would use 100% CPU after running + for some time. Because of this change, Tor now require Windows + Vista or later to build and run. Fixes bug 30187; bugfix on + 0.2.6.3-alpha. (This bug became more serious in 0.3.1.1-alpha with + the introduction of consensus diffs.) Patch by Daniel Pinto. + + o Minor features (compilation): + - Disable deprecation warnings when building with OpenSSL 3.0.0 or + later. There are a number of APIs newly deprecated in OpenSSL + 3.0.0 that Tor still requires. (A later version of Tor will try to + stop depending on these APIs.) Closes ticket 40165. + + o Minor features (protocol, proxy support, defense in depth): + - Respond more deliberately to misbehaving proxies that leave + leftover data on their connections, so as to make Tor even less + likely to allow the proxies to pass their data off as having come + from a relay. Closes ticket 40017. + + o Minor features (safety): + - Log a warning at startup if Tor is built with compile-time options + that are likely to make it less stable or reliable. Closes + ticket 18888. + + o Minor bugfixes (circuit, handshake): + - In the v3 handshaking code, use connection_or_change_state() to + change the state. Previously, we changed the state directly, but + this did not pass the state change to the pubsub or channel + objects, potentially leading to bugs. Fixes bug 32880; bugfix on + 0.2.3.6-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (compilation): + - Use the correct 'ranlib' program when building libtor.a. + Previously we used the default ranlib, which broke some kinds of + cross-compilation. Fixes bug 40172; bugfix on 0.4.5.1-alpha. + - Remove a duplicate typedef in metrics_store.c. Fixes bug 40177; + bugfix on 0.4.5.1-alpha. + - When USDT tracing is enabled, and STAP_PROBEV() is missing, don't + attempt to build. Linux supports that macro but not the BSDs. + Fixes bug 40174; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (configuration): + - Exit Tor on a misconfiguration when the Bridge line is configured + to use a transport but no corresponding ClientTransportPlugin can + be found. Prior to this fix, Tor would attempt to connect to the + bridge directly without using the transport, making it easier for + adversaries to notice the bridge. Fixes bug 25528; bugfix + on 0.2.6.1-alpha. + - Fix an issue where an ORPort was compared with other kinds of + ports, when it should have been only checked against other + ORPorts. This bug would lead to "DirPort auto" getting ignored. + Fixes bug 40195; bugfix on 0.4.5.1-alpha. + - Fix a bug where a second non-ORPort with a variant family (ex: + SocksPort [::1]:9050) would be ignored due to a configuration + parsing error. Fixes bug 40183; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (crash, relay, signing key): + - Avoid assertion failures when we run Tor from the command line + with `--key-expiration sign`, but an ORPort is not set. Fixes bug + 40015; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (logging): + - Remove trailing whitespace from control event log messages. Fixes + bug 32178; bugfix on 0.1.1.1-alpha. Based on a patch by + Amadeusz Pawlik. + - Turn warning-level log message about SENDME failure into a debug- + level message. (This event can happen naturally, and is no reason + for concern). Fixes bug 40142; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (relay, address discovery): + - Don't trigger an IP change when no new valid IP can be found. + Fixes bug 40071; bugfix on 0.4.5.1-alpha. + - When attempting to discover our IP, use a simple test circuit, + rather than a descriptor fetch: the same address information is + present in NETINFO cells, and is better authenticated there. Fixes + bug 40071; bugfix on 0.4.5.1-alpha. + + o Minor bugfixes (testing): + - Fix the `config/parse_tcp_proxy_line` test so that it works + correctly on systems where the DNS provider hijacks invalid + queries. Fixes part of bug 40179; bugfix on 0.4.3.1-alpha. + - Fix unit tests that used newly generated list of routers so that + they check them with respect to the date when they were generated, + not with respect to the current time. Fixes bug 40187; bugfix + on 0.4.5.1-alpha. + - Fix our Python reference-implementation for the v3 onion service + handshake so that it works correctly with the version of hashlib + provided by Python 3.9. Fixes part of bug 40179; bugfix + on 0.3.1.6-rc. + - Fix the `tortls/openssl/log_one_error` test to work with OpenSSL + 3.0.0. Fixes bug 40170; bugfix on 0.2.8.1-alpha. + + o Removed features (controller): + - Remove the "GETINFO network-status" controller command. It has + been deprecated since 0.3.1.1-alpha. Closes ticket 22473. + + +Changes in version 0.4.4.6 - 2020-11-12 + Tor 0.4.4.6 is the second stable release in the 0.4.4.x series. It + backports fixes from later releases, including a fix for TROVE-2020- + 005, a security issue that could be used, under certain cases, by an + adversary to observe traffic patterns on a limited number of circuits + intended for a different relay. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Minor features (directory authorities, backport from 0.4.5.1-alpha): + - Authorities now list a different set of protocols as required and + recommended. These lists have been chosen so that only truly + recommended and/or required protocols are included, and so that + clients using 0.2.9 or later will continue to work (even though + they are not supported), whereas only relays running 0.3.5 or + later will meet the requirements. Closes ticket 40162. + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.5.1-alpha): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + +Changes in version 0.4.3.7 - 2020-11-12 + Tor 0.4.3.7 backports several bugfixes from later releases. It + includes a fix for TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. + + Please be aware that support for the 0.4.3.x series will end on 15 + February 2021. Please upgrade to 0.4.4.x or 0.4.5.x before then, or + downgrade to 0.3.5.x, which will be supported until at least 1 + February 2022. + + o Major features (fallback directory list, backport form 0.4.4.3-alpha): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (NSS, backport from 0.4.4.3-alpha): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor features (security, backport from 0.4.4.4-rc): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, backport from 0.4.4.5): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (tests, 0.4.4.5): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (v2 onion services, backport from 0.4.5.1-alpha): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (windows, backport from 0.4.4.4-rc): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Deprecated features (onion service v2, backport form 0.4.4.2-alpha): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + o Removed features (backport from 0.4.4.3-alpha): + - Our "check-local" test target no longer tries to use the + Coccinelle semantic patching tool parse all the C files. While it + is a good idea to try to make sure Coccinelle works on our C + before we run a Coccinelle patch, doing so on every test run has + proven to be disruptive. You can still run this tool manually with + "make check-cocci". Closes ticket 40030. ticket 40030. + + +Changes in version 0.3.5.12 - 2020-11-12 + Tor 0.4.3.7 backports several bugfixes from later releases. It + includes a fix for TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. + + o Major features (fallback directory list, backport form 0.4.4.3-alpha): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (security, backport from 0.4.5.1-alpha): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (NSS, backport from 0.4.4.3-alpha): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor features (security, backport from 0.4.4.4-rc): + - Channels using obsolete versions of the Tor link protocol are no + longer allowed to circumvent address-canonicity checks. (This is + only a minor issue, since such channels have no way to set ed25519 + keys, and therefore should always be rejected for circuits that + specify ed25519 identities.) Closes ticket 40081. + + o Minor features (debugging, directory system): + - Don't crash when we find a non-guard with a guard-fraction value + set. Instead, log a bug warning, in an attempt to figure out how + this happened. Diagnostic for ticket 32868. + + o Minor features (subprotocol versions, backport from 0.4.5.1-alpha): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + + o Minor features (tests, backport from 0.4.4.5): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor features (tests, v2 onion services, backport from 0.4.5.1-alpha): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (correctness, buffers, backport from 0.4.4.4-rc): + - Fix a correctness bug that could cause an assertion failure if we + ever tried using the buf_move_all() function with an empty input + buffer. As far as we know, no released versions of Tor do this. + Fixes bug 40076; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.5.1-alpha): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + + o Minor bugfixes (rate limiting, bridges, pluggable transports, backport from 0.4.4.4-rc): + - On a bridge, treat all connections from an ExtORPort as remote by + default for the purposes of rate-limiting. Previously, bridges + would treat the connection as local unless they explicitly + received a "USERADDR" command. ExtORPort connections still count + as local if there is a USERADDR command with an explicit local + address. Fixes bug 33747; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (relay configuration, crash, backport from 0.4.5.1-alpha): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (relay, usability, backport from 0.4.4.3-alpha): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (relays, backport from 0.4.4.1-alpha): + - Stop advertising incorrect IPv6 ORPorts in relay and bridge + descriptors, when the IPv6 port was configured as "auto". Fixes + bug 32588; bugfix on 0.2.3.9-alpha. + + o Minor bugfixes (tests, 0.4.4.5): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (windows, backport from 0.4.4.4-rc): + - Fix a bug that prevented Tor from starting if its log file grew + above 2GB. Fixes bug 31036; bugfix on 0.2.1.8-alpha. + + o Deprecated features (onion service v2, backport form 0.4.4.2-alpha): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + +Changes in version 0.4.5.1-alpha - 2020-11-01 + Tor 0.4.5.1-alpha is the first alpha release in the 0.4.5.x series. It + improves support for IPv6, address discovery and self-testing, code + metrics and tracing. + + This release also fixes TROVE-2020-005, a security issue that could be + used, under certain cases, by an adversary to observe traffic patterns + on a limited number of circuits intended for a different relay. To + mount this attack, the adversary would need to actively extend + circuits to an incorrect address, as well as compromise a relay's + legacy RSA-1024 key. We'll be backporting this fix to other release + series soon, after it has had some testing. + + Here are the changes since 0.4.4.5. + + o Major features (build): + - When building Tor, first link all object files into a single + static library. This may help with embedding Tor in other + programs. Note that most Tor functions do not constitute a part of + a stable or supported API: only those functions in tor_api.h + should be used if embedding Tor. Closes ticket 40127. + + o Major features (metrics): + - Introduce a new MetricsPort which exposes, through an HTTP + interface, a series of metrics that tor collects at runtime. At + the moment, the only supported output format is Prometheus data + model. Closes ticket 40063. See the manual page for more + information and security considerations. + o Major features (relay, IPv6): + - The torrc option Address now supports IPv6. This unifies our + address discovery interface to support IPv4, IPv6, and hostnames. + Closes ticket 33233. + - Launch IPv4 and IPv6 ORPort self-test circuits on relays and + bridges. Closes ticket 33222. + - Relays now automatically bind on IPv6 for their ORPort, unless + specified otherwise with the IPv4Only flag. Closes ticket 33246. + - When a relay with IPv6 support is told to open a connection to + another relay, and the extend cell lists both IPv4 and IPv6 + addresses, the first relay now picks randomly which address to + use. Closes ticket 33220. + - Relays now track their IPv6 ORPort reachability separately from + the reachability of their IPv4 ORPort. They will not publish a + descriptor unless _both_ ports appear to be externally reachable. + Closes ticket 34067. + + o Major features (tracing): + - Add event-tracing library support for USDT and LTTng-UST, and a + few tracepoints in the circuit subsystem. More will come + incrementally. This feature is compiled out by default: it needs + to be enabled at configure time. See documentation in + doc/HACKING/Tracing.md. Closes ticket 32910. + + o Major bugfixes (security): + - When completing a channel, relays now check more thoroughly to + make sure that it matches any pending circuits before attaching + those circuits. Previously, address correctness and Ed25519 + identities were not checked in this case, but only when extending + circuits on an existing channel. Fixes bug 40080; bugfix on + 0.2.7.2-alpha. Resolves TROVE-2020-005. + + o Major bugfixes (TLS, buffer): + - When attempting to read N bytes on a TLS connection, really try to + read all N bytes. Previously, Tor would stop reading after the + first TLS record, which can be smaller than the N bytes requested, + and not check for more data until the next mainloop event. Fixes + bug 40006; bugfix on 0.1.0.5-rc. + + o Minor features (address discovery): + - If no Address statements are found, relays now prioritize guessing + their address by looking at the local interface instead of the + local hostname. If the interface address can't be found, the local + hostname is used. Closes ticket 33238. + + o Minor features (admin tools): + - Add a new --format argument to -key-expiration option to allow + specifying the time format of the expiration date. Adds Unix + timestamp format support. Patch by Daniel Pinto. Closes + ticket 30045. + + o Minor features (bootstrap reporting): + - When reporting bootstrapping status on a relay, do not consider + connections that have never been the target of an origin circuit. + Previously, all connection failures were treated as potential + bootstrapping failures, including connections that had been opened + because of client requests. Closes ticket 25061. + + o Minor features (build): + - When running the configure script, try to detect version + mismatches between the OpenSSL headers and libraries, and suggest + that the user should try "--with-openssl-dir". Closes 40138. + - If the configure script has given any warnings, remind the user + about them at the end of the script. Related to 40138. + + o Minor features (configuration): + - Allow using wildcards (* and ?) with the %include option on + configuration files. Closes ticket 25140. Patch by Daniel Pinto. + - Allow the configuration options EntryNodes, ExcludeNodes, + ExcludeExitNodes, ExitNodes, MiddleNodes, HSLayer2Nodes and + HSLayer3Nodes to be specified multiple times. Closes ticket 28361. + Patch by Daniel Pinto. + + o Minor features (control port): + - Add a DROPTIMEOUTS command to drop circuit build timeout history + and reset the current timeout. Closes ticket 40002. + - When a stream enters the AP_CONN_STATE_CONTROLLER_WAIT status, + send a control port event. Closes ticket 32190. Patch by + Neel Chauhan. + - Introduce GETINFO "stats/ntor/{assigned/requested}" and + "stats/tap/{assigned/requested}" to get the NTor and TAP circuit + onion handshake counts respectively. Closes ticket 28279. Patch by + Neel Chauhan. + + o Minor features (control port, IPv6): + - Tor relays now try to report to the controller when they are + launching an IPv6 self-test. Closes ticket 34068. + - Introduce "GETINFO address/v4" and "GETINFO address/v6" in the + control port to fetch the Tor host's respective IPv4 or IPv6 + address. We keep "GETINFO address" for backwards-compatibility. + Closes ticket 40039. Patch by Neel Chauhan. + + o Minor features (directory authorities): + - Authorities now list a different set of protocols as required and + recommended. These lists have been chosen so that only truly + recommended and/or required protocols are included, and so that + clients using 0.2.9 or later will continue to work (even though + they are not supported), whereas only relays running 0.3.5 or + later will meet the requirements. Closes ticket 40162. + - Add a new consensus method 30 that removes the unnecessary "=" + padding from ntor-onion-key. Closes ticket 7869. Patch by + Daniel Pinto. + - Directory authorities now reject descriptors from relays running + Tor versions from the obsolete 0.4.1 series. Resolves ticket + 34357. Patch by Neel Chauhan. + - Make it possible to specify multiple ConsensusParams torrc lines. + Now directory authority operators can for example put the main + ConsensusParams config in one torrc file and then add to it from a + different torrc file. Closes ticket 40164. + - The AssumeReachable option no longer stops directory authorities + from checking whether other relays are running. A new + AuthDirTestReachability option can be used to disable these + checks. Closes ticket 34445. + - When looking for possible Sybil attacks, also consider IPv6 + addresses. Two routers are considered to have "the same" address + by this metric if they are in the same /64 network. Patch from + Maurice Pibouin. Closes ticket 7193. + + o Minor features (directory authorities, IPv6): + - Make authorities add their IPv6 ORPort (if any) to the trusted + servers list. Authorities previously added only their IPv4 + addresses. Closes ticket 32822. + + o Minor features (ed25519, relay): + - Save a relay's base64-encoded ed25519 identity key to the data + directory in a file named fingerprint-ed25519. Closes ticket + 30642. Patch by Neel Chauhan. + + o Minor features (heartbeat): + - Include the total number of inbound and outbound IPv4 and IPv6 + connections in the heartbeat message. Closes ticket 29113. + + o Minor features (IPv6, ExcludeNodes): + - Handle IPv6 addresses in ExcludeNodes; previously they were + ignored. Closes ticket 34065. Patch by Neel Chauhan. + + o Minor features (logging): + - Add the running glibc version to the log, and the compiled glibc + version to the library list returned when using --library-versions. + Patch from Daniel Pinto. Closes ticket 40047. + - Consider an HTTP 301 response to be an error (like a 404) when + processing a directory response. Closes ticket 40053. + - Log directory fetch statistics as a single line. Closes + ticket 40159. + - Provide more complete descriptions of our connections when logging + about them. Closes ticket 40041. + - When describing a relay in the logs, we now include its ed25519 + identity. Closes ticket 22668. + + o Minor features (onion services): + - Only overwrite an onion service's existing hostname file if its + contents are wrong. This enables read-only onion-service + directories. Resolves ticket 40062. Patch by Neel Chauhan. + + o Minor features (pluggable transports): + - Add an OutboundBindAddressPT option to allow users to specify + which IPv4 and IPv6 address pluggable transports should use for + outgoing IP packets. Tor does not have a way to enforce that the + pluggable transport honors this option, so each pluggable transport + needs to implement support on its own. Closes ticket 5304. + + o Minor features (relay address tracking): + - We now store relay addresses for OR connections in a more logical + way. Previously we would sometimes overwrite the actual address of + a connection with a "canonical address", and then store the "real + address" elsewhere to remember it. We now track the "canonical + address" elsewhere for the cases where we need it, and leave the + connection's address alone. Closes ticket 33898. + + o Minor features (relay): + - If a relay is unable to discover its address, attempt to learn it + from the NETINFO cell. Closes ticket 40022. + - Log immediately when launching a relay self-check. Previously we + would try to log before launching checks, or approximately when we + intended to launch checks, but this tended to be error-prone. + Closes ticket 34137. + + o Minor features (relay, address discovery): + - If Address option is not found in torrc, attempt to learn our + address with the configured ORPort address if any. Closes + ticket 33236. + + o Minor features (relay, IPv6): + - Add an AssumeReachableIPv6 option to disable self-checking IPv6 + reachability. Closes part of ticket 33224. + - Add new "assume-reachable" and "assume-reachable-ipv6" consensus + parameters to be used in an emergency to tell relays that they + should publish even if they cannot complete their ORPort self- + checks. Closes ticket 34064 and part of 33224. + - Allow relays to send IPv6-only extend cells. Closes ticket 33222. + - Declare support for the Relay=3 subprotocol version. Closes + ticket 33226. + - When launching IPv6 ORPort self-test circuits, make sure that the + second-last hop can initiate an IPv6 extend. Closes ticket 33222. + + o Minor features (specification update): + - Several fields in microdescriptors, router descriptors, and + consensus documents that were formerly optional are now required. + Implements proposal 315; closes ticket 40132. + + o Minor features (state management): + - When loading the state file, remove entries from the statefile + that have been obsolete for a long time. Ordinarily Tor preserves + unrecognized entries in order to keep forward-compatibility, but + these entries have not actually been used in any release since + before 0.3.5.x. Closes ticket 40137. + + o Minor features (statistics, ipv6): + - Relays now publish IPv6-specific counts of single-direction versus + bidirectional relay connections. Closes ticket 33264. + - Relays now publish their IPv6 read and write statistics over time, + if statistics are enabled. Closes ticket 33263. + + o Minor features (subprotocol versions): + - Tor no longer allows subprotocol versions larger than 63. + Previously version numbers up to UINT32_MAX were allowed, which + significantly complicated our code. Implements proposal 318; + closes ticket 40133. + - Use the new limitations on subprotocol versions due to proposal + 318 to simplify our implementation. Part of ticket 40133. + + o Minor features (testing configuration): + - The TestingTorNetwork option no longer implicitly sets + AssumeReachable to 1. This change allows us to test relays' self- + testing mechanisms, and to test authorities' relay-testing + functionality. Closes ticket 34446. + + o Minor features (testing): + - Added unit tests for channel_matches_target_addr_for_extend(). + Closes Ticket 33919. Patch by MrSquanchee. + + o Minor features (tests, v2 onion services): + - Fix a rendezvous cache unit test that was triggering an underflow + on the global rend cache allocation. Fixes bug 40125; bugfix + on 0.2.8.1-alpha. + - Fix another rendezvous cache unit test that was triggering an + underflow on the global rend cache allocation. Fixes bug 40126; + bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (circuit padding): + - When circpad_send_padding_cell_for_callback is called, + `is_padding_timer_scheduled` flag was not reset. Now it is set to + 0 at the top of that function. Fixes bug 32671; bugfix + on 0.4.0.1-alpha. + - Add a per-circuit padding machine instance counter, so we can + differentiate between shutdown requests for old machines on a + circuit. Fixes bug 30992; bugfix on 0.4.1.1-alpha. + - Add the ability to keep circuit padding machines if they match a + set of circuit states or purposes. This allows us to have machines + that start up under some conditions but don't shut down under + others. We now use this mask to avoid starting up introduction + circuit padding again after the machines have already completed. + Fixes bug 32040; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (compatibility): + - Strip '\r' characters when reading text files on Unix platforms. + This should resolve an issue where a relay operator migrates a + relay from Windows to Unix, but does not change the line ending of + Tor's various state files to match the platform, and the CRLF line + endings from Windows end up leaking into other files such as the + extra-info document. Fixes bug 33781; bugfix on 0.0.9pre5. + + o Minor bugfixes (compilation): + - Fix compiler warnings that would occur when building with + "--enable-all-bugs-are-fatal" and "--disable-module-relay" at the + same time. Fixes bug 40129; bugfix on 0.4.4.1-alpha. + - Resolve a compilation warning that could occur in + test_connection.c. Fixes bug 40113; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (configuration): + - Fix bug where %including a pattern ending with */ would include + files and folders (instead of folders only) in versions of glibc < + 2.19. Fixes bug 40141; bugfix on 0.4.5.0-alpha-dev. Patch by + Daniel Pinto. + + o Minor bugfixes (control port): + - Make sure we send the SOCKS request address in relay begin cells + when a stream is attached with the purpose + CIRCUIT_PURPOSE_CONTROLLER. Fixes bug 33124; bugfix on 0.0.5. + Patch by Neel Chauhan. + + o Minor bugfixes (logging): + - Remove a debug logging statement that uselessly spammed the logs. + Fixes bug 40135; bugfix on 0.3.5.0-alpha. + - When logging a rate-limited message about how many messages have + been suppressed in the last N seconds, give an accurate value for + N, rounded up to the nearest minute. Previously we would report + the size of the rate-limiting interval, regardless of when the + messages started to occur. Fixes bug 19431; bugfix + on 0.2.2.16-alpha. + + o Minor bugfixes (relay configuration, crash): + - Avoid a fatal assert() when failing to create a listener + connection for an address that was in use. Fixes bug 40073; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (rust, protocol versions): + - Declare support for the onion service introduction point denial of + service extensions when building with Rust. Fixes bug 34248; + bugfix on 0.4.2.1-alpha. + - Make Rust protocol version support checks consistent with the + undocumented error behavior of the corresponding C code. Fixes bug + 34251; bugfix on 0.3.3.5-rc. + + o Minor bugfixes (self-testing): + - When receiving an incoming circuit, only accept it as evidence + that we are reachable if the declared address of its channel is + the same address we think that we have. Otherwise, it could be + evidence that we're reachable on some other address. Fixes bug + 20165; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (spec conformance): + - Use the correct key type when generating signing->link + certificates. Fixes bug 40124; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (subprotocol versions): + - Consistently reject extra commas, instead of only rejecting + leading commas. Fixes bug 27194; bugfix on 0.2.9.4-alpha. + - In summarize_protover_flags(), treat empty strings the same as + NULL. This prevents protocols_known from being set. Previously, we + treated empty strings as normal strings, which led to + protocols_known being set. Fixes bug 34232; bugfix on + 0.3.3.2-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (v2 onion services): + - For HSFETCH commands on v2 onion services addresses, check the + length of bytes decoded, not the base32 length. Fixes bug 34400; + bugfix on 0.4.1.1-alpha. Patch by Neel Chauhan. + + o Code simplification and refactoring: + - Add and use a set of functions to perform down-casts on constant + connection and channel pointers. Closes ticket 40046. + - Refactor our code that logs descriptions of connections, channels, + and the peers on them, to use a single call path. This change + enables us to refactor the data types that they use, and eliminates + many confusing usages of those types. Closes ticket 40041. + - Refactor some common node selection code into a single function. + Closes ticket 34200. + - Remove the now-redundant 'outbuf_flushlen' field from our + connection type. It was previously used for an older version of + our rate-limiting logic. Closes ticket 33097. + - Rename "fascist_firewall_*" identifiers to "reachable_addr_*" + instead, for consistency with other code. Closes ticket 18106. + - Rename functions about "advertised" ports which are not in fact + guaranteed to return the ports that have been advertised. Closes + ticket 40055. + - Split implementation of several command line options from + options_init_from_torrc into smaller isolated functions. Patch by + Daniel Pinto. Closes ticket 40102. + - When an extend cell is missing an IPv4 or IPv6 address, fill in + the address from the extend info. This is similar to what was done + in ticket 33633 for ed25519 keys. Closes ticket 33816. Patch by + Neel Chauhan. + + o Deprecated features: + - The "non-builtin" argument to the "--dump-config" command is now + deprecated. When it works, it behaves the same as "short", which + you should use instead. Closes ticket 33398. + + o Documentation: + - Replace URLs from our old bugtracker so that they refer to the new + bugtracker and wiki. Closes ticket 40101. + + o Removed features: + - We no longer ship or build a "tor.service" file for use with + systemd. No distribution included this script unmodified, and we + don't have the expertise ourselves to maintain this in a way that + all the various systemd-based distributions can use. Closes + ticket 30797. + - We no longer ship support for the Android logging API. Modern + versions of Android can use the syslog API instead. Closes + ticket 32181. + - The "optimistic data" feature is now always on; there is no longer + an option to disable it from the torrc file or from the consensus + directory. Closes part of 40139. + - The "usecreatefast" network parameter is now removed; there is no + longer an option for authorities to turn it off. Closes part + of 40139. + + o Testing: + - Add unit tests for bandwidth statistics manipulation functions. + Closes ticket 33812. Patch by MrSquanchee. + + o Code simplification and refactoring (autoconf): + - Remove autoconf checks for unused funcs and headers. Closes ticket + 31699; Patch by @bduszel + + o Code simplification and refactoring (maintainer scripts): + - Disable by default the pre-commit hook. Use the environment + variable TOR_EXTRA_PRE_COMMIT_CHECKS in order to run it. + Furthermore, stop running practracker in the pre-commit hook and + make check-local. Closes ticket 40019. + + o Code simplification and refactoring (relay address): + - Most of IPv4 representation was using "uint32_t". It has now been + moved to use the internal "tor_addr_t" interface instead. This is + so we can properly integrate IPv6 along IPv4 with common + interfaces. Closes ticket 40043. + + o Documentation (manual page): + - Move them from doc/ to doc/man/. Closes ticket 40044. + - Describe the status of the "Sandbox" option more accurately. It is + no longer "experimental", but it _is_ dependent on kernel and libc + versions. Closes ticket 23378. + + o Documentation (tracing): + - Document in depth the circuit subsystem trace events in the new + doc/tracing/EventsCircuit.md. Closes ticket 40036. + + +Changes in version 0.4.4.5 - 2020-09-15 + Tor 0.4.4.5 is the first stable release in the 0.4.4.x series. This + series improves our guard selection algorithms, adds v3 onion balance + support, improves the amount of code that can be disabled when running + without relay support, and includes numerous small bugfixes and + enhancements. It also lays the ground for some IPv6 features that + we'll be developing more in the next (0.4.5) series. + + Per our support policy, we support each stable release series for nine + months after its first stable release, or three months after the first + stable release of the next series: whichever is longer. This means + that 0.4.4.x will be supported until around June 2021--or later, if + 0.4.5.x is later than anticipated. + + Note also that support for 0.4.2.x has just ended; support for 0.4.3 + will continue until Feb 15, 2021. We still plan to continue supporting + 0.3.5.x, our long-term stable series, until Feb 2022. + + Below are the changes since 0.4.4.4-rc. For a complete list of changes + since 0.4.3.6, see the ReleaseNotes file. + + o Major bugfixes (onion services, DoS): + - Correct handling of parameters for the onion service DoS defense. + Previously, the consensus parameters for the onion service DoS + defenses were overwriting the parameters set by the service + operator using HiddenServiceEnableIntroDoSDefense. Fixes bug + 40109; bugfix on 0.4.2.1-alpha. + + o Major bugfixes (stats, onion services): + - Fix a bug where we were undercounting the Tor network's total + onion service traffic, by ignoring any traffic originating from + clients. Now we count traffic from both clients and services. + Fixes bug 40117; bugfix on 0.2.6.2-alpha. + + o Minor features (control port): + - If a ClientName was specified in ONION_CLIENT_AUTH_ADD for an + onion service, display it when we use ONION_CLIENT_AUTH_VIEW. + Closes ticket 40089. Patch by Neel Chauhan. + + o Minor features (denial-of-service memory limiter): + - Allow the user to configure even lower values for the + MaxMemInQueues parameter. Relays now enforce a minimum of 64 MB, + when previously the minimum was 256 MB. On clients, there is no + minimum. Relays and clients will both warn if the value is set so + low that Tor is likely to stop working. Closes ticket 24308. + + o Minor features (tests): + - Our "make check" target now runs the unit tests in 8 parallel + chunks. Doing this speeds up hardened CI builds by more than a + factor of two. Closes ticket 40098. + + o Minor bugfixes (guard selection algorithm): + - Avoid needless guard-related warning when upgrading from 0.4.3 to + 0.4.4. Fixes bug 40105; bugfix on 0.4.4.1-alpha. + + o Minor bugfixes (tests): + - Fix the behavior of the rend_cache/clean_v2_descs_as_dir when run + on its own. Previously, it would exit with an error. Fixes bug + 40099; bugfix on 0.2.8.1-alpha. + + +Changes in version 0.4.4.3-alpha - 2020-07-27 + Tor 0.4.4.3-alpha fixes several annoyances in previous versions, + including one affecting NSS users, and several affecting the Linux + seccomp2 sandbox. + + o Major features (fallback directory list): + - Replace the 148 fallback directories originally included in Tor + 0.4.1.4-rc (of which around 105 are still functional) with a list + of 144 fallbacks generated in July 2020. Closes ticket 40061. + + o Major bugfixes (NSS): + - When running with NSS enabled, make sure that NSS knows to expect + nonblocking sockets. Previously, we set our TCP sockets as + nonblocking, but did not tell NSS, which in turn could lead to + unexpected blocking behavior. Fixes bug 40035; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Fix a regression on sandboxing rules for the openat() syscall. The + fix for bug 25440 fixed the problem on systems with glibc >= 2.27 + but broke with versions of glibc. We now choose a rule based on + the glibc version. Patch from Daniel Pinto. Fixes bug 27315; + bugfix on 0.3.5.11. + - Makes the seccomp sandbox allow the correct syscall for opendir + according to the running glibc version. This fixes crashes when + reloading torrc with sandbox enabled when running on glibc 2.15 to + 2.21 and 2.26. Patch from Daniel Pinto. Fixes bug 40020; bugfix + on 0.3.5.11. + + o Minor bugfixes (relay, usability): + - Adjust the rules for when to warn about having too many + connections to other relays. Previously we'd tolerate up to 1.5 + connections per relay on average. Now we tolerate more connections + for directory authorities, and raise the number of total + connections we need to see before we warn. Fixes bug 33880; bugfix + on 0.3.1.1-alpha. + + o Documentation: + - Replace most http:// URLs in our code and documentation with + https:// URLs. (We have left unchanged the code in src/ext/, and + the text in LICENSE.) Closes ticket 31812. Patch from Jeremy Rand. + + o Removed features: + - Our "check-local" test target no longer tries to use the + Coccinelle semantic patching tool parse all the C files. While it + is a good idea to try to make sure Coccinelle works on our C + before we run a Coccinelle patch, doing so on every test run has + proven to be disruptive. You can still run this tool manually with + "make check-cocci". Closes ticket 40030. + + +Changes in version 0.3.5.11 - 2020-07-09 + Tor 0.3.5.11 backports fixes from later tor releases, including several + usability, portability, and reliability fixes. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + + o Major bugfixes (DoS defenses, bridges, pluggable transport, backport from 0.4.3.4-rc): + - Fix a bug that was preventing DoS defenses from running on bridges + with a pluggable transport. Previously, the DoS subsystem was not + given the transport name of the client connection, thus failed to + find the GeoIP cache entry for that client address. Fixes bug + 33491; bugfix on 0.3.3.2-alpha. + + o Minor features (testing, backport from 0.4.3.4-rc): + - The unit tests now support a "TOR_SKIP_TESTCASES" environment + variable to specify a list of space-separated test cases that + should not be executed. We will use this to disable certain tests + that are failing on Appveyor because of mismatched OpenSSL + libraries. Part of ticket 33643. + + o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfix (relay, configuration, backport from 0.4.3.3-alpha): + - Warn if the ContactInfo field is not set, and tell the relay + operator that not having a ContactInfo field set might cause their + relay to get rejected in the future. Fixes bug 33361; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (client performance, backport from 0.4.4.1-alpha): + - Resume use of preemptively-built circuits when UseEntryGuards is set + to 0. We accidentally disabled this feature with that config + setting, leading to slower load times. Fixes bug 34303; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (compiler compatibility, backport from 0.4.3.5): + - Avoid compiler warnings from Clang 10 related to the use of GCC- + style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using + now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + + o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + + o Minor bugfixes (embedded Tor, backport from 0.4.3.1-alpha): + - When starting Tor any time after the first time in a process, + register the thread in which it is running as the main thread. + Previously, we only did this on Windows, which could lead to bugs + like 23081 on non-Windows platforms. Fixes bug 32884; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (key portability, backport from 0.4.3.4-rc): + - When reading PEM-encoded key data, tolerate CRLF line-endings even + if we are not running on Windows. Previously, non-Windows hosts + would reject these line-endings in certain positions, making + certain key files hard to move from one host to another. Fixes bug + 33032; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.4.2-alpha): + - Downgrade a noisy log message that could occur naturally when + receiving an extrainfo document that we no longer want. Fixes bug + 16016; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion service v3, client, backport from 0.4.3.3-alpha): + - Remove a BUG() warning that would cause a stack trace if an onion + service descriptor was freed while we were waiting for a + rendezvous circuit to complete. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Testing (CI, backport from 0.4.3.4-rc): + - In our Appveyor Windows CI, copy required DLLs to test and app + directories, before running tor's tests. This ensures that tor.exe + and test*.exe use the correct version of each DLL. This fix is not + required, but we hope it will avoid DLL search issues in future. + Fixes bug 33673; bugfix on 0.3.4.2-alpha. + - On Appveyor, skip the crypto/openssl_version test, which is + failing because of a mismatched library installation. Fix + for 33643. + + +Changes in version 0.4.2.8 - 2020-07-09 + Tor 0.4.2.8 backports various fixes from later releases, including + several that affect usability and portability. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + + o Major bugfixes (DoS defenses, bridges, pluggable transport, backport from 0.4.3.4-rc): + - Fix a bug that was preventing DoS defenses from running on bridges + with a pluggable transport. Previously, the DoS subsystem was not + given the transport name of the client connection, thus failed to + find the GeoIP cache entry for that client address. Fixes bug + 33491; bugfix on 0.3.3.2-alpha. + + o Minor feature (sendme, flow control, backport form 0.4.3.4-rc): + - Default to sending SENDME version 1 cells. (Clients are already + sending these, because of a consensus parameter telling them to do + so: this change only affects what clients would do if the + consensus didn't contain a recommendation.) Closes ticket 33623. + + o Minor features (diagnostic, backport from 0.4.3.3-alpha): + - Improve assertions and add some memory-poisoning code to try to + track down possible causes of a rare crash (32564) in the EWMA + code. Closes ticket 33290. + + o Minor features (testing, backport from 0.4.3.4-rc): + - The unit tests now support a "TOR_SKIP_TESTCASES" environment + variable to specify a list of space-separated test cases that + should not be executed. We will use this to disable certain tests + that are failing on Appveyor because of mismatched OpenSSL + libraries. Part of ticket 33643. + + o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfix (relay, configuration, backport from 0.4.3.3-alpha): + - Warn if the ContactInfo field is not set, and tell the relay + operator that not having a ContactInfo field set might cause their + relay to get rejected in the future. Fixes bug 33361; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (client performance, backport from 0.4.4.1-alpha): + - Resume use of preemptively-built circuits when UseEntryGuards is set + to 0. We accidentally disabled this feature with that config + setting, leading to slower load times. Fixes bug 34303; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (compiler compatibility, backport from 0.4.3.5): + - Avoid compiler warnings from Clang 10 related to the use of GCC- + style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using + now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix + on 0.4.0.3-alpha. + + o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + + o Minor bugfixes (controller protocol, backport from 0.4.3.2-alpha): + - When receiving "ACTIVE" or "DORMANT" signals on the control port, + report them as SIGNAL events. Previously we would log a bug + warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (embedded Tor, backport from 0.4.3.1-alpha): + - When starting Tor any time after the first time in a process, + register the thread in which it is running as the main thread. + Previously, we only did this on Windows, which could lead to bugs + like 23081 on non-Windows platforms. Fixes bug 32884; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (key portability, backport from 0.4.3.4-rc): + - When reading PEM-encoded key data, tolerate CRLF line-endings even + if we are not running on Windows. Previously, non-Windows hosts + would reject these line-endings in certain positions, making + certain key files hard to move from one host to another. Fixes bug + 33032; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-rc): + - When logging a bug, do not say "Future instances of this warning + will be silenced" unless we are actually going to silence them. + Previously we would say this whenever a BUG() check failed in the + code. Fixes bug 33095; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.4-rc): + - Flush stderr, stdout, and file logs during shutdown, if supported + by the OS. This change helps make sure that any final logs are + recorded. Fixes bug 33087; bugfix on 0.4.1.6. + + o Minor bugfixes (logging, backport from 0.4.4.2-alpha): + - Downgrade a noisy log message that could occur naturally when + receiving an extrainfo document that we no longer want. Fixes bug + 16016; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion service v3, client, backport from 0.4.3.3-alpha): + - Remove a BUG() warning that would cause a stack trace if an onion + service descriptor was freed while we were waiting for a + rendezvous circuit to complete. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Testing (CI, backport from 0.4.3.4-rc): + - In our Appveyor Windows CI, copy required DLLs to test and app + directories, before running tor's tests. This ensures that tor.exe + and test*.exe use the correct version of each DLL. This fix is not + required, but we hope it will avoid DLL search issues in future. + Fixes bug 33673; bugfix on 0.3.4.2-alpha. + - On Appveyor, skip the crypto/openssl_version test, which is + failing because of a mismatched library installation. Fix + for 33643. + + +Changes in version 0.4.3.6 - 2020-07-09 + Tor 0.4.3.6 backports several bugfixes from later releases, including + some affecting usability. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security, backport from 0.4.4.2-alpha): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + + o Minor bugfix (CI, Windows, backport from 0.4.4.2-alpha): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfixes (client performance, backport from 0.4.4.1-alpha): + - Resume use of preemptively-built circuits when UseEntryGuards is set + to 0. We accidentally disabled this feature with that config + setting, leading to slower load times. Fixes bug 34303; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (compiler warnings, backport from 0.4.4.2-alpha): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + + o Minor bugfixes (linux seccomp sandbox, nss, backport from 0.4.4.1-alpha): + - Fix a startup crash when tor is compiled with --enable-nss and + sandbox support is enabled. Fixes bug 34130; bugfix on + 0.3.5.1-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (logging, backport from 0.4.4.2-alpha): + - Downgrade a noisy log message that could occur naturally when + receiving an extrainfo document that we no longer want. Fixes bug + 16016; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (manual page, backport from 0.4.4.1-alpha): + - Update the man page to reflect that MinUptimeHidServDirectoryV2 + defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion service v3, backport from 0.4.4.1-alpha): + - Prevent an assert() that would occur when cleaning the client + descriptor cache, and attempting to close circuits for a non- + decrypted descriptor (lacking client authorization). Fixes bug + 33458; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (portability, backport from 0.4.4.1-alpha): + - Fix a portability error in the configure script, where we were + using "==" instead of "=". Fixes bug 34233; bugfix on 0.4.3.5. + + o Minor bugfixes (relays, backport from 0.4.4.1-alpha): + - Stop advertising incorrect IPv6 ORPorts in relay and bridge + descriptors, when the IPv6 port was configured as "auto". Fixes + bug 32588; bugfix on 0.2.3.9-alpha. + + o Documentation (backport from 0.4.4.1-alpha): + - Fix several doxygen warnings related to imbalanced groups. Closes + ticket 34255. + + +Changes in version 0.4.4.2-alpha - 2020-07-09 + This is the second alpha release in the 0.4.4.x series. It fixes a few + bugs in the previous release, and solves a few usability, + compatibility, and portability issues. + + This release also fixes TROVE-2020-001, a medium-severity denial of + service vulnerability affecting all versions of Tor when compiled with + the NSS encryption library. (This is not the default configuration.) + Using this vulnerability, an attacker could cause an affected Tor + instance to crash remotely. This issue is also tracked as CVE-2020- + 15572. Anybody running a version of Tor built with the NSS library + should upgrade to 0.3.5.11, 0.4.2.8, 0.4.3.6, or 0.4.4.2-alpha + or later. + + o Major bugfixes (NSS, security): + - Fix a crash due to an out-of-bound memory access when Tor is + compiled with NSS support. Fixes bug 33119; bugfix on + 0.3.5.1-alpha. This issue is also tracked as TROVE-2020-001 + and CVE-2020-15572. + + o Minor features (bootstrap reporting): + - Report more detailed reasons for bootstrap failure when the + failure happens due to a TLS error. Previously we would just call + these errors "MISC" when they happened during read, and "DONE" + when they happened during any other TLS operation. Closes + ticket 32622. + + o Minor features (directory authority): + - Authorities now recommend the protocol versions that are supported + by Tor 0.3.5 and later. (Earlier versions of Tor have been + deprecated since January of this year.) This recommendation will + cause older clients and relays to give a warning on startup, or + when they download a consensus directory. Closes ticket 32696. + + o Minor features (entry guards): + - Reinstate support for GUARD NEW/UP/DOWN control port events. + Closes ticket 40001. + + o Minor features (linux seccomp2 sandbox, portability): + - Allow Tor to build on platforms where it doesn't know how to + report which syscall caused the linux seccomp2 sandbox to fail. + This change should make the sandbox code more portable to less + common Linux architectures. Closes ticket 34382. + - Permit the unlinkat() syscall, which some Libc implementations use + to implement unlink(). Closes ticket 33346. + + o Minor bugfix (CI, Windows): + - Use the correct 64-bit printf format when compiling with MINGW on + Appveyor. Fixes bug 40026; bugfix on 0.3.5.5-alpha. + + o Minor bugfix (onion service v3 client): + - Remove a BUG() warning that could occur naturally. Fixes bug + 34087; bugfix on 0.3.2.1-alpha. + + o Minor bugfix (SOCKS, onion service client): + - Detect v3 onion service addresses of the wrong length when + returning the F6 ExtendedErrors code. Fixes bug 33873; bugfix + on 0.4.3.1-alpha. + + o Minor bugfixes (compiler warnings): + - Fix a compiler warning on platforms with 32-bit time_t values. + Fixes bug 40028; bugfix on 0.3.2.8-rc. + + o Minor bugfixes (control port, onion service): + - Consistently use 'address' in "Invalid v3 address" response to + ONION_CLIENT_AUTH commands. Previously, we would sometimes say + 'addr'. Fixes bug 40005; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (logging): + - Downgrade a noisy log message that could occur naturally when + receiving an extrainfo document that we no longer want. Fixes bug + 16016; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion services v3): + - Avoid a non-fatal assertion failure in certain edge-cases when + opening an intro circuit as a client. Fixes bug 34084; bugfix + on 0.3.2.1-alpha. + + o Deprecated features (onion service v2): + - Add a deprecation warning for version 2 onion services. Closes + ticket 40003. + + o Removed features (IPv6, revert): + - Revert the change in the default value of ClientPreferIPv6OrPort: + it breaks the torsocks use case. The SOCKS resolve command has no + mechanism to ask for a specific address family (v4 or v6), and so + prioritizing IPv6 when an IPv4 address is requested on the SOCKS + interface resulted in a failure. Tor Browser explicitly sets + PreferIPv6, so this should not affect the majority of our users. + Closes ticket 33796; bugfix on 0.4.4.1-alpha. + + +Changes in version 0.4.4.1-alpha - 2020-06-16 + This is the first alpha release in the 0.4.4.x series. It improves + our guard selection algorithms, improves the amount of code that + can be disabled when running without relay support, and includes numerous + small bugfixes and enhancements. It also lays the ground for some IPv6 + features that we'll be developing more in the next (0.4.5) series. + + Here are the changes since 0.4.3.5. + + o Major features (Proposal 310, performance + security): + - Implements Proposal 310, "Bandaid on guard selection". Proposal + 310 solves load-balancing issues with older versions of the guard + selection algorithm, and improves its security. Under this new + algorithm, a newly selected guard never becomes Primary unless all + previously sampled guards are unreachable. Implements + recommendation from 32088. (Proposal 310 is linked to the CLAPS + project researching optimal client location-aware path selections. + This project is a collaboration between the UCLouvain Crypto Group, + the U.S. Naval Research Laboratory, and Princeton University.) + + o Major features (IPv6, relay): + - Consider IPv6-only EXTEND2 cells valid on relays. Log a protocol + warning if the IPv4 or IPv6 address is an internal address, and + internal addresses are not allowed. But continue to use the other + address, if it is valid. Closes ticket 33817. + - If a relay can extend over IPv4 and IPv6, and both addresses are + provided, it chooses between them uniformly at random. Closes + ticket 33817. + - Re-use existing IPv6 connections for circuit extends. Closes + ticket 33817. + - Relays may extend circuits over IPv6, if the relay has an IPv6 + ORPort, and the client supplies the other relay's IPv6 ORPort in + the EXTEND2 cell. IPv6 extends will be used by the relay IPv6 + ORPort self-tests in 33222. Closes ticket 33817. + + o Major features (v3 onion services): + - Allow v3 onion services to act as OnionBalance backend instances, + by using the HiddenServiceOnionBalanceInstance torrc option. + Closes ticket 32709. + + o Minor feature (developer tools): + - Add a script to help check the alphabetical ordering of option + names in the manual page. Closes ticket 33339. + + o Minor feature (onion service client, SOCKS5): + - Add 3 new SocksPort ExtendedErrors (F2, F3, F7) that reports back + new type of onion service connection failures. The semantics of + these error codes are documented in proposal 309. Closes + ticket 32542. + + o Minor feature (onion service v3): + - If a service cannot upload its descriptor(s), log why at INFO + level. Closes ticket 33400; bugfix on 0.3.2.1-alpha. + + o Minor feature (python scripts): + - Stop assuming that /usr/bin/python exists. Instead of using a + hardcoded path in scripts that still use Python 2, use + /usr/bin/env, similarly to the scripts that use Python 3. Fixes + bug 33192; bugfix on 0.4.2. + + o Minor features (client-only compilation): + - Disable more code related to the ext_orport protocol when + compiling without support for relay mode. Closes ticket 33368. + - Disable more of our self-testing code when support for relay mode + is disabled. Closes ticket 33370. + + o Minor features (code safety): + - Check for failures of tor_inet_ntop() and tor_inet_ntoa() + functions in DNS and IP address processing code, and adjust + codepaths to make them less likely to crash entire Tor instances. + Resolves issue 33788. + + o Minor features (compilation size): + - Most server-side DNS code is now disabled when building without + support for relay mode. Closes ticket 33366. + + o Minor features (continuous integration): + - Run unit-test and integration test (Stem, Chutney) jobs with + ALL_BUGS_ARE_FATAL macro being enabled on Travis and Appveyor. + Resolves ticket 32143. + + o Minor features (control port): + - Return a descriptive error message from the 'GETINFO status/fresh- + relay-descs' command on the control port. Previously, we returned + a generic error of "Error generating descriptor". Closes ticket + 32873. Patch by Neel Chauhan. + + o Minor features (developer tooling): + - Refrain from listing all .a files that are generated by the Tor + build in .gitignore. Add a single wildcard *.a entry that covers + all of them for present and future. Closes ticket 33642. + - Add a script ("git-install-tools.sh") to install git hooks and + helper scripts. Closes ticket 33451. + + o Minor features (directory authority, shared random): + - Refactor more authority-only parts of the shared-random scheduling + code to reside in the dirauth module, and to be disabled when + compiling with --disable-module-dirauth. Closes ticket 33436. + + o Minor features (directory): + - Remember the number of bytes we have downloaded for each directory + purpose while bootstrapping, and while fully bootstrapped. Log + this information as part of the heartbeat message. Closes + ticket 32720. + + o Minor features (IPv6 support): + - Adds IPv6 support to tor_addr_is_valid(). Adds tests for the above + changes and tor_addr_is_null(). Closes ticket 33679. Patch + by MrSquanchee. + - Allow clients and relays to send dual-stack and IPv6-only EXTEND2 + cells. Parse dual-stack and IPv6-only EXTEND2 cells on relays. + Closes ticket 33901. + + o Minor features (logging): + - When trying to find our own address, add debug-level logging to + report the sources of candidate addresses. Closes ticket 32888. + + o Minor features (testing, architecture): + - Our test scripts now double-check that subsystem initialization + order is consistent with the inter-module dependencies established + by our .may_include files. Implements ticket 31634. + - Initialize all subsystems at the beginning of our unit test + harness, to avoid crashes due to uninitialized subsystems. Follow- + up from ticket 33316. + + o Minor features (v3 onion services): + - Add v3 onion service status to the dumpstats() call which is + triggered by a SIGUSR1 signal. Previously, we only did v2 onion + services. Closes ticket 24844. Patch by Neel Chauhan. + + o Minor features (windows): + - Add support for console control signals like Ctrl+C in Windows. + Closes ticket 34211. Patch from Damon Harris (TheDcoder). + + o Minor bugfix (onion service v3): + - Prevent an assert() that would occur when cleaning the client + descriptor cache, and attempting to close circuits for a non- + decrypted descriptor (lacking client authorization). Fixes bug + 33458; bugfix on 0.4.2.1-alpha. + + o Minor bugfix (refactoring): + - Lift circuit_build_times_disabled() out of the + circuit_expire_building() loop, to save CPU time when there are + many circuits open. Fixes bug 33977; bugfix on 0.3.5.9. + + o Minor bugfixes (client performance): + - Resume use of preemptively-built circuits when UseEntryGuards is set + to 0. We accidentally disabled this feature with that config + setting, leading to slower load times. Fixes bug 34303; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (directory authorities): + - Directory authorities now reject votes that arrive too late. In + particular, once an authority has started fetching missing votes, + it no longer accepts new votes posted by other authorities. This + change helps prevent a consensus split, where only some authorities + have the late vote. Fixes bug 4631; bugfix on 0.2.0.5-alpha. + + o Minor bugfixes (git scripts): + - Stop executing the checked-out pre-commit hook from the pre-push + hook. Instead, execute the copy in the user's git directory. Fixes + bug 33284; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (initialization): + - Initialize the subsystems in our code in an order more closely + corresponding to their dependencies, so that every system is + initialized before the ones that (theoretically) depend on it. + Fixes bug 33316; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (IPv4, relay): + - Check for invalid zero IPv4 addresses and ports when sending and + receiving extend cells. Fixes bug 33900; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (IPv6, relay): + - Consider IPv6 addresses when checking if a connection is + canonical. In 17604, relays assumed that a remote relay could + consider an IPv6 connection canonical, but did not set the + canonical flag on their side of the connection. Fixes bug 33899; + bugfix on 0.3.1.1-alpha. + - Log IPv6 addresses on connections where this relay is the + responder. Previously, responding relays would replace the remote + IPv6 address with the IPv4 address from the consensus. Fixes bug + 33899; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (linux seccomp sandbox nss): + - Fix a startup crash when tor is compiled with --enable-nss and + sandbox support is enabled. Fixes bug 34130; bugfix on + 0.3.5.1-alpha. Patch by Daniel Pinto. + + o Minor bugfixes (logging, testing): + - Make all of tor's assertion macros support the ALL_BUGS_ARE_FATAL + and DISABLE_ASSERTS_IN_UNIT_TESTS debugging modes. (IF_BUG_ONCE() + used to log a non-fatal warning, regardless of the debugging + mode.) Fixes bug 33917; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (logs): + - Remove surprising empty line in the INFO-level log about circuit + build timeout. Fixes bug 33531; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (mainloop): + - Better guard against growing a buffer past its maximum 2GB in + size. Fixes bug 33131; bugfix on 0.3.0.4-rc. + + o Minor bugfixes (manual page): + - Update the man page to reflect that MinUptimeHidServDirectoryV2 + defaults to 96 hours. Fixes bug 34299; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (onion service v3, client): + - Remove a BUG() that was causing a stacktrace when a descriptor + changed at an unexpected time. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion service, logging): + - Fix a typo in a log message PublishHidServDescriptors is set to 0. + Fixes bug 33779; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (portability): + - Fix a portability error in the configure script, where we were + using "==" instead of "=". Fixes bug 34233; bugfix on 0.4.3.5. + + o Minor bugfixes (protocol versions): + - Sort tor's supported protocol version lists, as recommended by the + tor directory specification. Fixes bug 33285; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (relays): + - Stop advertising incorrect IPv6 ORPorts in relay and bridge + descriptors, when the IPv6 port was configured as "auto". Fixes + bug 32588; bugfix on 0.2.3.9-alpha. + + o Code simplification and refactoring: + - Define and use a new constant TOR_ADDRPORT_BUF_LEN which is like + TOR_ADDR_BUF_LEN but includes enough space for an IP address, + brackets, separating colon, and port number. Closes ticket 33956. + Patch by Neel Chauhan. + - Merge the orconn and ocirc events into the "core" subsystem, which + manages or connections and origin circuits. Previously they were + isolated in subsystems of their own. + - Move LOG_PROTOCOL_WARN to app/config. Resolves a dependency + inversion. Closes ticket 33633. + - Move the circuit extend code to the relay module. Split the + circuit extend function into smaller functions. Closes + ticket 33633. + - Rewrite port_parse_config() to use the default port flags from + port_cfg_new(). Closes ticket 32994. Patch by MrSquanchee. + - Updated comments in 'scheduler.c' to reflect old code changes, and + simplified the scheduler channel state change code. Closes + ticket 33349. + + o Documentation: + - Document the limitations of using %include on config files with + seccomp sandbox enabled. Fixes documentation bug 34133; bugfix on + 0.3.1.1-alpha. Patch by Daniel Pinto. + - Fix several doxygen warnings related to imbalanced groups. Closes + ticket 34255. + + o Removed features: + - Remove the ClientAutoIPv6ORPort option. This option attempted to + randomly choose between IPv4 and IPv6 for client connections, and + wasn't a true implementation of Happy Eyeballs. Often, this option + failed on IPv4-only or IPv6-only connections. Closes ticket 32905. + Patch by Neel Chauhan. + - Stop shipping contrib/dist/rc.subr file, as it is not being used + on FreeBSD anymore. Closes issue 31576. + + o Testing: + - Add a basic IPv6 test to "make test-network". This test only runs + when the local machine has an IPv6 stack. Closes ticket 33300. + - Add test-network-ipv4 and test-network-ipv6 jobs to the Makefile. + These jobs run the IPv4-only and dual-stack chutney flavours from + test-network-all. Closes ticket 33280. + - Remove a redundant distcheck job. Closes ticket 33194. + - Run the test-network-ipv6 Makefile target in the Travis CI IPv6 + chutney job. This job runs on macOS, so it's a bit slow. Closes + ticket 33303. + - Sort the Travis jobs in order of speed. Putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - Test v3 onion services to tor's mixed IPv4 chutney network. And + add a mixed IPv6 chutney network. These networks are used in the + test-network-all, test-network-ipv4, and test-network-ipv6 make + targets. Closes ticket 33334. + - Use the "bridges+hs-v23" chutney network flavour in "make test- + network". This test requires a recent version of chutney (mid- + February 2020). Closes ticket 28208. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + o Code simplification and refactoring (onion service): + - Refactor configuration parsing to use the new config subsystem + code. Closes ticket 33014. + + o Code simplification and refactoring (relay address): + - Move a series of functions related to address resolving into their + own files. Closes ticket 33789. + + o Documentation (manual page): + - Add cross reference links and a table of contents to the HTML tor + manual page. Closes ticket 33369. Work by Swati Thacker as part of + Google Season of Docs. + - Alphabetize the Denial of Service Mitigation Options, Directory + Authority Server Options, Hidden Service Options, and Testing + Network Options sections of the tor(1) manual page. Closes ticket + 33275. Work by Swati Thacker as part of Google Season of Docs. + - Refrain from mentioning nicknames in manpage section for MyFamily + torrc option. Resolves issue 33417. + - Updated the options set by TestingTorNetwork in the manual page. + Closes ticket 33778. + + +Changes in version 0.4.3.5 - 2020-05-15 + Tor 0.4.3.5 is the first stable release in the 0.4.3.x series. This + series adds support for building without relay code enabled, and + implements functionality needed for OnionBalance with v3 onion + services. It includes significant refactoring of our configuration and + controller functionality, and fixes numerous smaller bugs and + performance issues. + + Per our support policy, we support each stable release series for nine + months after its first stable release, or three months after the first + stable release of the next series: whichever is longer. This means + that 0.4.3.x will be supported until around February 2021--later, if + 0.4.4.x is later than anticipated. + + Note also that support for 0.4.1.x is about to end on May 20 of this + year; 0.4.2.x will be supported until September 15. We still plan to + continue supporting 0.3.5.x, our long-term stable series, until + Feb 2022. + + Below are the changes since 0.4.3.4-rc. For a complete list of changes + since 0.4.2.6, see the ReleaseNotes file. + + o Minor bugfixes (compiler compatibility): + - Avoid compiler warnings from Clang 10 related to the use of GCC- + style "/* falls through */" comments. Both Clang and GCC allow + __attribute__((fallthrough)) instead, so that's what we're using + now. Fixes bug 34078; bugfix on 0.3.1.3-alpha. + - Fix compilation warnings with GCC 10.0.1. Fixes bug 34077; bugfix + on 0.4.0.3-alpha. + + o Minor bugfixes (logging): + - Stop truncating IPv6 addresses and ports in channel and connection + logs. Fixes bug 33918; bugfix on 0.2.4.4-alpha. + - Fix a logic error in a log message about whether an address was + invalid. Previously, the code would never report that onion + addresses were onion addresses. Fixes bug 34131; bugfix + on 0.4.3.1-alpha. + + +Changes in version 0.4.3.4-rc - 2020-04-13 + Tor 0.4.3.4-rc is the first release candidate in its series. It fixes + several bugs from earlier versions, including one affecting DoS + defenses on bridges using pluggable transports. + + o Major bugfixes (DoS defenses, bridges, pluggable transport): + - Fix a bug that was preventing DoS defenses from running on bridges + with a pluggable transport. Previously, the DoS subsystem was not + given the transport name of the client connection, thus failed to + find the GeoIP cache entry for that client address. Fixes bug + 33491; bugfix on 0.3.3.2-alpha. + + o Minor feature (sendme, flow control): + - Default to sending SENDME version 1 cells. (Clients are already + sending these, because of a consensus parameter telling them to do + so: this change only affects what clients would do if the + consensus didn't contain a recommendation.) Closes ticket 33623. + + o Minor features (testing): + - The unit tests now support a "TOR_SKIP_TESTCASES" environment + variable to specify a list of space-separated test cases that + should not be executed. We will use this to disable certain tests + that are failing on Appveyor because of mismatched OpenSSL + libraries. Part of ticket 33643. + + o Minor bugfixes (--disable-module-relay): + - Fix an assertion failure when Tor is built without the relay + module, and then invoked with the "User" option. Fixes bug 33668; + bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (--disable-module-relay,--disable-module-dirauth): + - Set some output arguments in the relay and dirauth module stubs, + to guard against future stub argument handling bugs like 33668. + Fixes bug 33674; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (build system): + - Correctly output the enabled module in the configure summary. + Before that, the list shown was just plain wrong. Fixes bug 33646; + bugfix on 0.4.3.2-alpha. + + o Minor bugfixes (client, IPv6): + - Stop forcing all non-SocksPorts to prefer IPv6 exit connections. + Instead, prefer IPv6 connections by default, but allow users to + change their configs using the "NoPreferIPv6" port flag. Fixes bug + 33608; bugfix on 0.4.3.1-alpha. + - Revert PreferIPv6 set by default on the SocksPort because it broke + the torsocks use case. Tor doesn't have a way for an application + to request the hostname to be resolved for a specific IP version, + but torsocks requires that. Up until now, IPv4 was used by default + so torsocks is expecting that, and can't handle a possible IPv6 + being returned. Fixes bug 33804; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (key portability): + - When reading PEM-encoded key data, tolerate CRLF line-endings even + if we are not running on Windows. Previously, non-Windows hosts + would reject these line-endings in certain positions, making + certain key files hard to move from one host to another. Fixes bug + 33032; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging): + - Flush stderr, stdout, and file logs during shutdown, if supported + by the OS. This change helps make sure that any final logs are + recorded. Fixes bug 33087; bugfix on 0.4.1.6. + - Stop closing stderr and stdout during shutdown. Closing these file + descriptors can hide sanitiser logs. Fixes bug 33087; bugfix + on 0.4.1.6. + + o Minor bugfixes (onion services v3): + - Relax severity of a log message that can appear naturally when + decoding onion service descriptors as a relay. Also add some + diagnostics to debug any future bugs in that area. Fixes bug + 31669; bugfix on 0.3.0.1-alpha. + - Block a client-side assertion by disallowing the registration of + an x25519 client auth key that's all zeroes. Fixes bug 33545; + bugfix on 0.4.3.1-alpha. Based on patch from "cypherpunks". + + o Code simplification and refactoring: + - Disable our coding standards best practices tracker in our git + hooks. (0.4.3 branches only.) Closes ticket 33678. + + o Testing: + - Avoid conflicts between the fake sockets in tor's unit tests, and + real file descriptors. Resolves issues running unit tests with + GitHub Actions, where the process that embeds or launches the + tests has already opened a large number of file descriptors. Fixes + bug 33782; bugfix on 0.2.8.1-alpha. Found and fixed by + Putta Khunchalee. + + o Testing (CI): + - In our Appveyor Windows CI, copy required DLLs to test and app + directories, before running tor's tests. This ensures that tor.exe + and test*.exe use the correct version of each DLL. This fix is not + required, but we hope it will avoid DLL search issues in future. + Fixes bug 33673; bugfix on 0.3.4.2-alpha. + - On Appveyor, skip the crypto/openssl_version test, which is + failing because of a mismatched library installation. Fix + for 33643. + + +Changes in version 0.4.3.3-alpha - 2020-03-18 + Tor 0.4.3.3-alpha fixes several bugs in previous releases, including + TROVE-2020-002, a major denial-of-service vulnerability that affected + all released Tor instances since 0.2.1.5-alpha. Using this + vulnerability, an attacker could cause Tor instances to consume a huge + amount of CPU, disrupting their operations for several seconds or + minutes. This attack could be launched by anybody against a relay, or + by a directory cache against any client that had connected to it. The + attacker could launch this attack as much as they wanted, thereby + disrupting service or creating patterns that could aid in traffic + analysis. This issue was found by OSS-Fuzz, and is also tracked + as CVE-2020-10592. + + We do not have reason to believe that this attack is currently being + exploited in the wild, but nonetheless we advise everyone to upgrade + as soon as packages are available. + + o Major bugfixes (security, denial-of-service): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. + + o Major bugfixes (circuit padding, memory leak): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. + Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. + This is also tracked as TROVE-2020-004 and CVE-2020-10593. + + o Major bugfixes (directory authority): + - Directory authorities will now send a 503 (not enough bandwidth) + code to clients when under bandwidth pressure. Known relays and + other authorities will always be answered regardless of the + bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. + + o Minor features (diagnostic): + - Improve assertions and add some memory-poisoning code to try to + track down possible causes of a rare crash (32564) in the EWMA + code. Closes ticket 33290. + + o Minor features (directory authorities): + - Directory authorities now reject descriptors from relays running + Tor versions from the 0.2.9 and 0.4.0 series. The 0.3.5 series is + still allowed. Resolves ticket 32672. Patch by Neel Chauhan. + + o Minor features (usability): + - Include more information when failing to parse a configuration + value. This should make it easier to tell what's going wrong when + a configuration file doesn't parse. Closes ticket 33460. + + o Minor bugfix (relay, configuration): + - Warn if the ContactInfo field is not set, and tell the relay + operator that not having a ContactInfo field set might cause their + relay to get rejected in the future. Fixes bug 33361; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (coding best practices checks): + - Allow the "practracker" script to read unicode files when using + Python 2. We made the script use unicode literals in 0.4.3.1-alpha, + but didn't change the codec for opening files. Fixes bug 33374; + bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (continuous integration): + - Remove the buggy and unused mirroring job. Fixes bug 33213; bugfix + on 0.3.2.2-alpha. + + o Minor bugfixes (onion service v3, client): + - Remove a BUG() warning that would cause a stack trace if an onion + service descriptor was freed while we were waiting for a + rendezvous circuit to complete. Fixes bug 28992; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion services v3): + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + + o Documentation (manpage): + - Alphabetize the Server and Directory server sections of the tor + manpage. Also split Statistics options into their own section of + the manpage. Closes ticket 33188. Work by Swati Thacker as part of + Google Season of Docs. + - Document the __OwningControllerProcess torrc option and specify + its polling interval. Resolves issue 32971. + + o Testing (Travis CI): + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed: putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + +Changes in version 0.4.2.7 - 2020-03-18 + This is the third stable release in the 0.4.2.x series. It backports + numerous fixes from later releases, including a fix for TROVE-2020- + 002, a major denial-of-service vulnerability that affected all + released Tor instances since 0.2.1.5-alpha. Using this vulnerability, + an attacker could cause Tor instances to consume a huge amount of CPU, + disrupting their operations for several seconds or minutes. This + attack could be launched by anybody against a relay, or by a directory + cache against any client that had connected to it. The attacker could + launch this attack as much as they wanted, thereby disrupting service + or creating patterns that could aid in traffic analysis. This issue + was found by OSS-Fuzz, and is also tracked as CVE-2020-10592. + + We do not have reason to believe that this attack is currently being + exploited in the wild, but nonetheless we advise everyone to upgrade + as soon as packages are available. + + o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. + + o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. + Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. + This is also tracked as TROVE-2020-004 and CVE-2020-10593. + + o Major bugfixes (directory authority, backport from 0.4.3.3-alpha): + - Directory authorities will now send a 503 (not enough bandwidth) + code to clients when under bandwidth pressure. Known relays and + other authorities will always be answered regardless of the + bandwidth situation. Fixes bug 33029; bugfix on 0.1.2.5-alpha. + + o Minor features (continuous integration, backport from 0.4.3.2-alpha): + - Stop allowing failures on the Travis CI stem tests job. It looks + like all the stem hangs we were seeing before are now fixed. + Closes ticket 33075. + + o Minor bugfixes (bridges, backport from 0.4.3.1-alpha): + - Lowercase the configured value of BridgeDistribution before adding + it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-alpha): + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. + Previously we would log with every occurrence, which could cause + us to run out of disk space. Fixes bug 33093; bugfix + on 0.3.2.2-alpha. + + o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha): + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + + o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha): + - Fix a syntax warning given by newer versions of Rust that was + creating problems for our continuous integration. Fixes bug 33212; + bugfix on 0.3.5.1-alpha. + + o Testing (Travis CI, backport from 0.4.3.3-alpha): + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed: putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + +Changes in version 0.4.1.9 - 2020-03-18 + Tor 0.4.1.9 backports important fixes from later Tor releases, + including a fix for TROVE-2020-002, a major denial-of-service + vulnerability that affected all released Tor instances since + 0.2.1.5-alpha. Using this vulnerability, an attacker could cause Tor + instances to consume a huge amount of CPU, disrupting their operations + for several seconds or minutes. This attack could be launched by + anybody against a relay, or by a directory cache against any client + that had connected to it. The attacker could launch this attack as + much as they wanted, thereby disrupting service or creating patterns + that could aid in traffic analysis. This issue was found by OSS-Fuzz, + and is also tracked as CVE-2020-10592. + + We do not have reason to believe that this attack is currently being + exploited in the wild, but nonetheless we advise everyone to upgrade + as soon as packages are available. + + o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. + + o Major bugfixes (circuit padding, memory leak, backport from 0.4.3.3-alpha): + - Avoid a remotely triggered memory leak in the case that a circuit + padding machine is somehow negotiated twice on the same circuit. + Fixes bug 33619; bugfix on 0.4.0.1-alpha. Found by Tobias Pulls. + This is also tracked as TROVE-2020-004 and CVE-2020-10593. + + o Minor bugfixes (bridges, backport from 0.4.3.1-alpha): + - Lowercase the configured value of BridgeDistribution before adding + it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-alpha): + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. + Previously we would log with every occurrence, which could cause + us to run out of disk space. Fixes bug 33093; bugfix + on 0.3.2.2-alpha. + + o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha): + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + + o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha): + - Fix a syntax warning given by newer versions of Rust that was + creating problems for our continuous integration. Fixes bug 33212; + bugfix on 0.3.5.1-alpha. + + o Testing (Travis CI, backport from 0.4.3.3-alpha): + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed: putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + allow_failure), to speed up the build. Closes ticket 33195. + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + +Changes in version 0.3.5.10 - 2020-03-18 + Tor 0.3.5.10 backports many fixes from later Tor releases, including a + fix for TROVE-2020-002, a major denial-of-service vulnerability that + affected all released Tor instances since 0.2.1.5-alpha. Using this + vulnerability, an attacker could cause Tor instances to consume a huge + amount of CPU, disrupting their operations for several seconds or + minutes. This attack could be launched by anybody against a relay, or + by a directory cache against any client that had connected to it. The + attacker could launch this attack as much as they wanted, thereby + disrupting service or creating patterns that could aid in traffic + analysis. This issue was found by OSS-Fuzz, and is also tracked + as CVE-2020-10592. + + We do not have reason to believe that this attack is currently being + exploited in the wild, but nonetheless we advise everyone to upgrade + as soon as packages are available. + + o Major bugfixes (security, denial-of-service, backport from 0.4.3.3-alpha): + - Fix a denial-of-service bug that could be used by anyone to + consume a bunch of CPU on any Tor relay or authority, or by + directories to consume a bunch of CPU on clients or hidden + services. Because of the potential for CPU consumption to + introduce observable timing patterns, we are treating this as a + high-severity security issue. Fixes bug 33119; bugfix on + 0.2.1.5-alpha. Found by OSS-Fuzz. We are also tracking this issue + as TROVE-2020-002 and CVE-2020-10592. + + o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): + - Correct how we use libseccomp. Particularly, stop assuming that + rules are applied in a particular order or that more rules are + processed after the first match. Neither is the case! In + libseccomp <2.4.0 this lead to some rules having no effect. + libseccomp 2.4.0 changed how rules are generated, leading to a + different ordering, which in turn led to a fatal crash during + startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by + Peter Gerber. + + o Minor features (continuous integration, backport from 0.4.3.2-alpha): + - Stop allowing failures on the Travis CI stem tests job. It looks + like all the stem hangs we were seeing before are now fixed. + Closes ticket 33075. + + o Minor bugfixes (bridges, backport from 0.4.3.1-alpha): + - Lowercase the configured value of BridgeDistribution before adding + it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. + + o Minor bugfixes (crash, backport from 0.4.2.4-rc): + - When running Tor with an option like --verify-config or + --dump-config that does not start the event loop, avoid crashing + if we try to exit early because of an error. Fixes bug 32407; + bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.3.2-alpha): + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. + Previously we would log with every occurrence, which could cause + us to run out of disk space. Fixes bug 33093; bugfix + on 0.3.2.2-alpha. + + o Minor bugfixes (onion services v3, backport from 0.4.3.3-alpha): + - Fix an assertion failure that could result from a corrupted + ADD_ONION control port command. Found by Saibato. Fixes bug 33137; + bugfix on 0.3.3.1-alpha. This issue is also tracked + as TROVE-2020-003. + + o Minor bugfixes (rust, build, backport from 0.4.3.2-alpha): + - Fix a syntax warning given by newer versions of Rust that was + creating problems for our continuous integration. Fixes bug 33212; + bugfix on 0.3.5.1-alpha. + + o Testing (backport from 0.4.3.1-alpha): + - Re-enable the Travis CI macOS Chutney build, but don't let it + prevent the Travis job from finishing. (The Travis macOS jobs are + slow, so we don't want to have it delay the whole CI process.) + Closes ticket 32629. + - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on + Ubuntu Bionic. Turning off the Sandbox is a work-around, until we + fix the sandbox errors in 32722. Closes ticket 32240. + + o Testing (continuous integration, backport from 0.4.3.1-alpha): + - Use zstd in our Travis Linux builds. Closes ticket 32242. + + o Testing (Travis CI, backport from 0.4.3.3-alpha): + - Remove a redundant distcheck job. Closes ticket 33194. + - Sort the Travis jobs in order of speed: putting the slowest jobs + first takes full advantage of Travis job concurrency. Closes + ticket 33194. + - Stop allowing the Chutney IPv6 Travis job to fail. This job was + previously configured to fast_finish (which requires + - When a Travis chutney job fails, use chutney's new "diagnostics.sh" + tool to produce detailed diagnostic output. Closes ticket 32792. + + +Changes in version 0.4.3.2-alpha - 2020-02-10 + This is the second stable alpha release in the Tor 0.4.3.x series. It + fixes several bugs present in the previous alpha release. Anybody + running the previous alpha should upgrade, and look for bugs in this + one instead. + + o Major bugfixes (onion service client, authorization): + - On a NEWNYM signal, purge entries from the ephemeral client + authorization cache. The permanent ones are kept. Fixes bug 33139; + bugfix on 0.4.3.1-alpha. + + o Minor features (best practices tracker): + - Practracker now supports a --regen-overbroad option to regenerate + the exceptions file, but only to revise exceptions to be _less_ + tolerant of best-practices violations. Closes ticket 32372. + + o Minor features (continuous integration): + - Run Doxygen Makefile target on Travis, so we can learn about + regressions in our internal documentation. Closes ticket 32455. + - Stop allowing failures on the Travis CI stem tests job. It looks + like all the stem hangs we were seeing before are now fixed. + Closes ticket 33075. + + o Minor bugfixes (build system): + - Revise configure options that were either missing or incorrect in + the configure summary. Fixes bug 32230; bugfix on 0.4.3.1-alpha. + + o Minor bugfixes (controller protocol): + - Fix a memory leak introduced by refactoring of control reply + formatting code. Fixes bug 33039; bugfix on 0.4.3.1-alpha. + - Fix a memory leak in GETINFO responses. Fixes bug 33103; bugfix + on 0.4.3.1-alpha. + - When receiving "ACTIVE" or "DORMANT" signals on the control port, + report them as SIGNAL events. Previously we would log a bug + warning. Fixes bug 33104; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (logging): + - If we encounter a bug when flushing a buffer to a TLS connection, + only log the bug once per invocation of the Tor process. + Previously we would log with every occurrence, which could cause + us to run out of disk space. Fixes bug 33093; bugfix + on 0.3.2.2-alpha. + - When logging a bug, do not say "Future instances of this warning + will be silenced" unless we are actually going to silence them. + Previously we would say this whenever a BUG() check failed in the + code. Fixes bug 33095; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (onion service v2): + - Move a series of v2 onion service warnings to protocol-warning + level because they can all be triggered remotely by a malformed + request. Fixes bug 32706; bugfix on 0.1.1.14-alpha. + + o Minor bugfixes (onion service v3, client authorization): + - When removing client authorization credentials using the control + port, also remove the associated descriptor, so the onion service + can no longer be contacted. Fixes bug 33148; bugfix + on 0.4.3.1-alpha. + + o Minor bugfixes (pluggable transports): + - When receiving a message on standard error from a pluggable + transport, log it at info level, rather than as a warning. Fixes + bug 33005; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (rust, build): + - Fix a syntax warning given by newer versions of Rust that was + creating problems for our continuous integration. Fixes bug 33212; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (TLS bug handling): + - When encountering a bug in buf_read_from_tls(), return a "MISC" + error code rather than "WANTWRITE". This change might help avoid + some CPU-wasting loops if the bug is ever triggered. Bug reported + by opara. Fixes bug 32673; bugfix on 0.3.0.4-alpha. + + o Code simplification and refactoring (mainloop): + - Simplify the ip_address_changed() function by removing redundant + checks. Closes ticket 33091. + + o Documentation (manpage): + - Split "Circuit Timeout" options and "Node Selection" options into + their own sections of the tor manpage. Closes tickets 32928 and + 32929. Work by Swati Thacker as part of Google Season of Docs. + + +Changes in version 0.4.2.6 - 2020-01-30 + This is the second stable release in the 0.4.2.x series. It backports + several bugfixes from 0.4.3.1-alpha, including some that had affected + the Linux seccomp2 sandbox or Windows services. If you're running with + one of those configurations, you'll probably want to upgrade; + otherwise, you should be fine with 0.4.2.5. + + o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): + - Correct how we use libseccomp. Particularly, stop assuming that + rules are applied in a particular order or that more rules are + processed after the first match. Neither is the case! In + libseccomp <2.4.0 this led to some rules having no effect. + libseccomp 2.4.0 changed how rules are generated, leading to a + different ordering, which in turn led to a fatal crash during + startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by + Peter Gerber. + - Fix crash when reloading logging configuration while the + experimental sandbox is enabled. Fixes bug 32841; bugfix on + 0.4.1.7. Patch by Peter Gerber. + + o Minor bugfixes (correctness checks, backport from 0.4.3.1-alpha): + - Use GCC/Clang's printf-checking feature to make sure that + tor_assertf() arguments are correctly typed. Fixes bug 32765; + bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (logging, crash, backport from 0.4.3.1-alpha): + - Avoid a possible crash when trying to log a (fatal) assertion + failure about mismatched magic numbers in configuration objects. + Fixes bug 32771; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.3.1-alpha): + - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the + test_practracker.sh script. Doing so caused a test failure. Fixes + bug 32705; bugfix on 0.4.2.1-alpha. + - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when + skipping practracker checks. Fixes bug 32705; bugfix + on 0.4.2.1-alpha. + + o Minor bugfixes (windows service, backport from 0.4.3.1-alpha): + - Initialize the publish/subscribe system when running as a windows + service. Fixes bug 32778; bugfix on 0.4.1.1-alpha. + + o Testing (backport from 0.4.3.1-alpha): + - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on + Ubuntu Bionic. Turning off the Sandbox is a work-around, until we + fix the sandbox errors in 32722. Closes ticket 32240. + - Re-enable the Travis CI macOS Chutney build, but don't let it + prevent the Travis job from finishing. (The Travis macOS jobs are + slow, so we don't want to have it delay the whole CI process.) + Closes ticket 32629. + + o Testing (continuous integration, backport from 0.4.3.1-alpha): + - Use zstd in our Travis Linux builds. Closes ticket 32242. + + +Changes in version 0.4.1.8 - 2020-01-30 + This release backports several bugfixes from later release series, + including some that had affected the Linux seccomp2 sandbox or Windows + services. If you're running with one of those configurations, you'll + probably want to upgrade; otherwise, you should be fine with your + current version of 0.4.1.x. + + o Major bugfixes (linux seccomp sandbox, backport from 0.4.3.1-alpha): + - Correct how we use libseccomp. Particularly, stop assuming that + rules are applied in a particular order or that more rules are + processed after the first match. Neither is the case! In + libseccomp <2.4.0 this led to some rules having no effect. + libseccomp 2.4.0 changed how rules are generated, leading to a + different ordering, which in turn led to a fatal crash during + startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by + Peter Gerber. + - Fix crash when reloading logging configuration while the + experimental sandbox is enabled. Fixes bug 32841; bugfix on + 0.4.1.7. Patch by Peter Gerber. + + o Minor bugfixes (crash, backport form 0.4.2.4-rc): + - When running Tor with an option like --verify-config or + --dump-config that does not start the event loop, avoid crashing + if we try to exit early because of an error. Fixes bug 32407; + bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (windows service, backport from 0.4.3.1-alpha): + - Initialize the publish/subscribe system when running as a windows + service. Fixes bug 32778; bugfix on 0.4.1.1-alpha. + + o Testing (backport from 0.4.3.1-alpha): + - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on + Ubuntu Bionic. Turning off the Sandbox is a work-around, until we + fix the sandbox errors in 32722. Closes ticket 32240. + - Re-enable the Travis CI macOS Chutney build, but don't let it + prevent the Travis job from finishing. (The Travis macOS jobs are + slow, so we don't want to have it delay the whole CI process.) + Closes ticket 32629. + + o Testing (continuous integration, backport from 0.4.3.1-alpha): + - Use zstd in our Travis Linux builds. Closes ticket 32242. + + +Changes in version 0.4.3.1-alpha - 2020-01-22 + This is the first alpha release in the 0.4.3.x series. It includes + improved support for application integration of onion services, support + for building in a client-only mode, and newly improved internal + documentation (online at https://src-ref.docs.torproject.org/tor/). It + also has numerous other small bugfixes and features, as well as + improvements to our code's internal organization that should help us + write better code in the future. + + o New system requirements: + - When building Tor, you now need to have Python 3 in order to run + the integration tests. (Python 2 is officially unsupported + upstream, as of 1 Jan 2020.) Closes ticket 32608. + + o Major features (build system): + - The relay code can now be disabled using the --disable-module-relay + configure option. When this option is set, we also disable the + dirauth module. Closes ticket 32123. + - When Tor is compiled --disable-module-relay, we also omit the code + used to act as a directory cache. Closes ticket 32487. + + o Major features (directory authority, ed25519): + - Add support for banning a relay's ed25519 keys in the approved- + routers file. This will help us migrate away from RSA keys in the + future. Previously, only RSA keys could be banned in approved- + routers. Resolves ticket 22029. Patch by Neel Chauhan. + + o Major features (onion service, controller): + - New control port commands to manage client-side onion service + authorization credentials. The ONION_CLIENT_AUTH_ADD command adds + a credential, ONION_CLIENT_AUTH_REMOVE deletes a credential, and + ONION_CLIENT_AUTH_VIEW lists the credentials. Closes ticket 30381. + + o Major features (onion service, SOCKS5): + - Introduce a new SocksPort flag, ExtendedErrors, to support more + detailed error codes in information for applications that support + them. Closes ticket 30382; implements proposal 304. + + o Major features (proxy): + - In addition to its current supported proxy types (HTTP CONNECT, + SOCKS4, and SOCKS5), Tor can now make its OR connections through a + HAProxy server. A new torrc option was added to specify the + address/port of the server: TCPProxy :. + Currently the only supported protocol for the option is haproxy. + Closes ticket 31518. Patch done by Suphanat Chunhapanya (haxxpop). + + o Major bugfixes (linux seccomp sandbox): + - Correct how we use libseccomp. Particularly, stop assuming that + rules are applied in a particular order or that more rules are + processed after the first match. Neither is the case! In + libseccomp <2.4.0 this led to some rules having no effect. + libseccomp 2.4.0 changed how rules are generated, leading to a + different ordering, which in turn led to a fatal crash during + startup. Fixes bug 29819; bugfix on 0.2.5.1-alpha. Patch by + Peter Gerber. + - Fix crash when reloading logging configuration while the + experimental sandbox is enabled. Fixes bug 32841; bugfix on + 0.4.1.7. Patch by Peter Gerber. + + o Major bugfixes (networking): + - Correctly handle IPv6 addresses in SOCKS5 RESOLVE_PTR requests, + and accept strings as well as binary addresses. Fixes bug 32315; + bugfix on 0.3.5.1-alpha. + + o Major bugfixes (onion service): + - Report HS circuit failure back into the HS subsystem so we take + appropriate action with regards to the client introduction point + failure cache. This improves reachability of onion services, since + now clients notice failing introduction circuits properly. Fixes + bug 32020; bugfix on 0.3.2.1-alpha. + + o Minor feature (configure, build system): + - Output a list of enabled/disabled features at the end of the + configure process in a pleasing way. Closes ticket 31373. + + o Minor feature (heartbeat, onion service): + - Add the DoS INTRODUCE2 defenses counter to the heartbeat DoS + message. Closes ticket 31371. + + o Minor features (configuration validation): + - Configuration validation can now be done by per-module callbacks, + rather than a global validation function. This will let us reduce + the size of config.c and some of its more cumbersome functions. + Closes ticket 31241. + + o Minor features (configuration): + - If a configured hardware crypto accelerator in AccelName is + prefixed with "!", Tor now exits when it cannot be found. Closes + ticket 32406. + - We now use flag-driven logic to warn about obsolete configuration + fields, so that we can include their names. In 0.4.2, we used a + special type, which prevented us from generating good warnings. + Implements ticket 32404. + + o Minor features (controller): + - Add stream isolation data to STREAM event. Closes ticket 19859. + - Implement a new GETINFO command to fetch microdescriptor + consensus. Closes ticket 31684. + + o Minor features (debugging, directory system): + - Don't crash when we find a non-guard with a guard-fraction value + set. Instead, log a bug warning, in an attempt to figure out how + this happened. Diagnostic for ticket 32868. + + o Minor features (defense in depth): + - Add additional checks around tor_vasprintf() usage, in case the + function returns an error. Patch by Tobias Stoeckmann. Fixes + ticket 31147. + + o Minor features (developer tooling): + - Remove the 0.2.9.x series branches from git scripts (git-merge- + forward.sh, git-pull-all.sh, git-push-all.sh, git-setup-dirs.sh). + Closes ticket 32772. + + o Minor features (developer tools): + - Add a check_cocci_parse.sh script that checks that new code is + parseable by Coccinelle. Add an exceptions file for unparseable + files, and run the script from travis CI. Closes ticket 31919. + - Call the check_cocci_parse.sh script from a 'check-cocci' Makefile + target. Closes ticket 31919. + - Add a rename_c_identifiers.py tool to rename a bunch of C + identifiers at once, and generate a well-formed commit message + describing the change. This should help with refactoring. Closes + ticket 32237. + - Add some scripts in "scripts/coccinelle" to invoke the Coccinelle + semantic patching tool with the correct flags. These flags are + fairly easy to forget, and these scripts should help us use + Coccinelle more effectively in the future. Closes ticket 31705. + + o Minor features (Doxygen): + - Update Doxygen configuration file to a more recent template (from + 1.8.15). Closes ticket 32110. + - "make doxygen" now works with out-of-tree builds. Closes + ticket 32113. + - Make sure that doxygen outputs documentation for all of our C + files. Previously, some were missing @file declarations, causing + them to be ignored. Closes ticket 32307. + - Our "make doxygen" target now respects --enable-fatal-warnings by + default, and does not warn about items that are missing + documentation. To warn about missing documentation, run configure + with the "--enable-missing-doc-warnings" flag: doing so suspends + fatal warnings for doxygen. Closes ticket 32385. + + o Minor features (git scripts): + - Add TOR_EXTRA_CLONE_ARGS to git-setup-dirs.sh for git clone + customisation. Closes ticket 32347. + - Add git-setup-dirs.sh, which sets up an upstream git repository + and worktrees for tor maintainers. Closes ticket 29603. + - Add TOR_EXTRA_REMOTE_* to git-setup-dirs.sh for a custom extra + remote. Closes ticket 32347. + - Call the check_cocci_parse.sh script from the git commit and push + hooks. Closes ticket 31919. + - Make git-push-all.sh skip unchanged branches when pushing to + upstream. The script already skipped unchanged test branches. + Closes ticket 32216. + - Make git-setup-dirs.sh create a master symlink in the worktree + directory. Closes ticket 32347. + - Skip unmodified source files when doing some existing git hook + checks. Related to ticket 31919. + + o Minor features (IPv6, client): + - Make Tor clients tell dual-stack exits that they prefer IPv6 + connections. This change is equivalent to setting the PreferIPv6 + flag on SOCKSPorts (and most other listener ports). Tor Browser + has been setting this flag for some time, and we want to remove a + client distinguisher at exits. Closes ticket 32637. + + o Minor features (portability, android): + - When building for Android, disable some tests that depend on $HOME + and/or pwdb, which Android doesn't have. Closes ticket 32825. + Patch from Hans-Christoph Steiner. + + o Minor features (relay modularity): + - Split the relay and server pluggable transport config code into + separate files in the relay module. Disable this code when the + relay module is disabled. Closes part of ticket 32213. + - When the relay module is disabled, reject attempts to set the + ORPort, DirPort, DirCache, BridgeRelay, ExtORPort, or + ServerTransport* options, rather than ignoring the values of these + options. Closes part of ticket 32213. + + o Minor features (relay): + - When the relay module is disabled, change the default config so + that DirCache is 0, and ClientOnly is 1. Closes ticket 32410. + + o Minor features (release tools): + - Port our ChangeLog formatting and sorting tools to Python 3. + Closes ticket 32704. + + o Minor features (testing): + - Detect some common failure cases for test_parseconf.sh in + src/test/conf_failures. Closes ticket 32451. + - Allow test_parseconf.sh to test expected log outputs for successful + configs, as well as failed configs. Closes ticket 32451. + - The test_parseconf.sh script now supports result variants for any + combination of the optional libraries lzma, nss, and zstd. Closes + ticket 32397. + + o Minor features (tests, Android): + - When running the unit tests on Android, create temporary files in + a subdirectory of /data/local/tmp. Closes ticket 32172. Based on a + patch from Hans-Christoph Steiner. + + o Minor bugfixes (bridges): + - Lowercase the configured value of BridgeDistribution before adding + it to the descriptor. Fixes bug 32753; bugfix on 0.3.2.3-alpha. + + o Minor bugfixes (build system): + - Fix "make autostyle" for out-of-tree builds. Fixes bug 32370; + bugfix on 0.4.1.2-alpha. + + o Minor bugfixes (configuration handling): + - Make control_event_conf_changed() take in a config_line_t instead + of a smartlist of alternating key/value entries. Fixes bug 31531; + bugfix on 0.2.3.3-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (configuration): + - Check for multiplication overflow when parsing memory units inside + configuration. Fixes bug 30920; bugfix on 0.0.9rc1. + - When dumping the configuration, stop adding a trailing space after + the option name when there is no option value. This issue only + affects options that accept an empty value or list. (Most options + reject empty values, or delete the entire line from the dumped + options.) Fixes bug 32352; bugfix on 0.0.9pre6. + - Avoid changing the user's value of HardwareAccel as stored by + SAVECONF, when AccelName is set but HardwareAccel is not. Fixes + bug 32382; bugfix on 0.2.2.1-alpha. + - When creating a KeyDirectory with the same location as the + DataDirectory (not recommended), respect the DataDirectory's + group-readable setting if one has not been set for the + KeyDirectory. Fixes bug 27992; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (controller): + - In routerstatus_has_changed(), check all the fields that are + output over the control port. Fixes bug 20218; bugfix + on 0.1.1.11-alpha + + o Minor bugfixes (correctness checks): + - Use GCC/Clang's printf-checking feature to make sure that + tor_assertf() arguments are correctly typed. Fixes bug 32765; + bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (developer tools): + - Allow paths starting with ./ in scripts/add_c_file.py. Fixes bug + 31336; bugfix on 0.4.1.2-alpha. + + o Minor bugfixes (dirauth module): + - Split the dirauth config code into a separate file in the dirauth + module. Disable this code when the dirauth module is disabled. + Closes ticket 32213. + - When the dirauth module is disabled, reject attempts to set the + AuthoritativeDir option, rather than ignoring the value of the + option. Fixes bug 32213; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (embedded Tor): + - When starting Tor any time after the first time in a process, + register the thread in which it is running as the main thread. + Previously, we only did this on Windows, which could lead to bugs + like 23081 on non-Windows platforms. Fixes bug 32884; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (git scripts): + - Avoid sleeping before the last push in git-push-all.sh. Closes + ticket 32216. + - Forward all unrecognised arguments in git-push-all.sh to git push. + Closes ticket 32216. + + o Minor bugfixes (hidden service v3): + - Do not rely on a "circuit established" flag for intro circuits but + instead always query the HS circuit map. This is to avoid sync + issue with that flag and the map. Fixes bug 32094; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (logging, crash): + - Avoid a possible crash when trying to log a (fatal) assertion + failure about mismatched magic numbers in configuration objects. + Fixes bug 32771; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (onion service v2): + - When sending the INTRO cell for a v2 Onion Service, look at the + failure cache alongside timeout values to check if the intro point + is marked as failed. Previously, we only looked at the relay + timeout values. Fixes bug 25568; bugfix on 0.2.7.3-rc. Patch by + Neel Chauhan. + + o Minor bugfixes (onion services v3, client): + - Properly handle the client rendezvous circuit timeout. Previously + Tor would sometimes timeout a rendezvous circuit awaiting the + introduction ACK, and find itself unable to re-establish all + circuits because the rendezvous circuit timed out too early. Fixes + bug 32021; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion services): + - In cancel_descriptor_fetches(), use + connection_list_by_type_purpose() instead of + connection_list_by_type_state(). Fixes bug 32639; bugfix on + 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (scripts): + - Fix update_versions.py for out-of-tree builds. Fixes bug 32371; + bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (test): + - Use the same code to find the tor binary in all of our test + scripts. This change makes sure we are always using the coverage + binary when coverage is enabled. Fixes bug 32368; bugfix + on 0.2.7.3-rc. + + o Minor bugfixes (testing): + - Stop ignoring "tor --dump-config" errors in test_parseconf.sh. + Fixes bug 32468; bugfix on 0.4.2.1-alpha. + - When TOR_DISABLE_PRACTRACKER is set, do not apply it to the + test_practracker.sh script. Doing so caused a test failure. Fixes + bug 32705; bugfix on 0.4.2.1-alpha. + - When TOR_DISABLE_PRACTRACKER is set, log a notice to stderr when + skipping practracker checks. Fixes bug 32705; bugfix + on 0.4.2.1-alpha. + + o Minor bugfixes (tests): + - Our option-validation tests no longer depend on specially + configured non-default, non-passing sets of options. Previously, + the tests had been written to assume that options would _not_ be + set to their defaults, which led to needless complexity and + verbosity. Fixes bug 32175; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (windows service): + - Initialize the publish/subscribe system when running as a windows + service. Fixes bug 32778; bugfix on 0.4.1.1-alpha. + + o Deprecated features: + - Deprecate the ClientAutoIPv6ORPort option. This option was not + true "Happy Eyeballs", and often failed on connections that + weren't reliably dual-stack. Closes ticket 32942. Patch by + Neel Chauhan. + + o Documentation: + - Provide a quickstart guide for a Circuit Padding Framework, and + documentation for researchers to implement and study circuit + padding machines. Closes ticket 28804. + - Add documentation in 'HelpfulTools.md' to describe how to build a + tag file. Closes ticket 32779. + - Create a high-level description of the long-term software + architecture goals. Closes ticket 32206. + - Describe the --dump-config command in the manual page. Closes + ticket 32467. + - Unite coding advice from this_not_that.md in torguts repo into our + coding standards document. Resolves ticket 31853. + + o Removed features: + - Our Doxygen configuration no longer generates LaTeX output. The + reference manual produced by doing this was over 4000 pages long, + and generally unusable. Closes ticket 32099. + - The option "TestingEstimatedDescriptorPropagationTime" is now + marked as obsolete. It has had no effect since 0.3.0.7, when + clients stopped rejecting consensuses "from the future". Closes + ticket 32807. + - We no longer support consensus methods before method 28; these + methods were only used by authorities running versions of Tor that + are now at end-of-life. In effect, this means that clients, + relays, and authorities now assume that authorities will be + running version 0.3.5.x or later. Closes ticket 32695. + + o Testing: + - Add more test cases for tor's UTF-8 validation function. Also, + check the arguments passed to the function for consistency. Closes + ticket 32845. + - Improve test coverage for relay and dirauth config code, focusing + on option validation and normalization. Closes ticket 32213. + - Improve the consistency of test_parseconf.sh output, and run all + the tests, even if one fails. Closes ticket 32213. + - Re-enable the Travis CI macOS Chutney build, but don't let it + prevent the Travis job from finishing. (The Travis macOS jobs are + slow, so we don't want to have it delay the whole CI process.) + Closes ticket 32629. + - Run the practracker unit tests in the pre-commit git hook. Closes + ticket 32609. + - Turn off Tor's Sandbox in Chutney jobs, and run those jobs on + Ubuntu Bionic. Turning off the Sandbox is a work-around, until we + fix the sandbox errors in 32722. Closes ticket 32240. + + o Code simplification and refactoring (channel): + - Channel layer had a variable length cell handler that was not used + and thus removed. Closes ticket 32892. + + o Code simplification and refactoring (configuration): + - Immutability is now implemented as a flag on individual + configuration options rather than as part of the option-transition + checking code. Closes ticket 32344. + - Instead of keeping a list of configuration options to check for + relative paths, check all the options whose type is "FILENAME". + Solves part of ticket 32339. + - Our default log (which ordinarily sends NOTICE-level messages to + standard output) is now handled in a more logical manner. + Previously, we replaced the configured log options if they were + empty. Now, we interpret an empty set of log options as meaning + "use the default log". Closes ticket 31999. + - Remove some unused arguments from the options_validate() function, + to simplify our code and tests. Closes ticket 32187. + - Simplify the options_validate() code so that it looks at the + default options directly, rather than taking default options as an + argument. This change lets us simplify its interface. Closes + ticket 32185. + - Use our new configuration architecture to move most authority- + related options to the directory authority module. Closes + ticket 32806. + - When parsing the command line, handle options that determine our + "quiet level" and our mode of operation (e.g., --dump-config and + so on) all in one table. Closes ticket 32003. + + o Code simplification and refactoring (controller): + - Create a new abstraction for formatting control protocol reply + lines based on key-value pairs. Refactor some existing control + protocol code to take advantage of this. Closes ticket 30984. + - Create a helper function that can fetch network status or + microdesc consensuses. Closes ticket 31684. + + o Code simplification and refactoring (dirauth modularization): + - Remove the last remaining HAVE_MODULE_DIRAUTH inside a function. + Closes ticket 32163. + - Replace some confusing identifiers in process_descs.c. Closes + ticket 29826. + - Simplify some relay and dirauth config code. Closes ticket 32213. + + o Code simplification and refactoring (misc): + - Make all the structs we declare follow the same naming convention + of ending with "_t". Closes ticket 32415. + - Move and rename some configuration-related code for clarity. + Closes ticket 32304. + - Our include.am files are now broken up by subdirectory. + Previously, src/core/include.am covered all of the subdirectories + in "core", "feature", and "app". Closes ticket 32137. + - Remove underused NS*() macros from test code: they make our tests + more confusing, especially for code-formatting tools. Closes + ticket 32887. + + o Code simplification and refactoring (relay modularization): + - Disable relay_periodic when the relay module is disabled. Closes + ticket 32244. + - Disable relay_sys when the relay module is disabled. Closes + ticket 32245. + + o Code simplification and refactoring (tool support): + - Add numerous missing dependencies to our include files, so that + they can be included in different reasonable orders and still + compile. Addresses part of ticket 32764. + - Fix some parts of our code that were difficult for Coccinelle to + parse. Related to ticket 31705. + - Fix some small issues in our code that prevented automatic + formatting tools from working. Addresses part of ticket 32764. + + o Documentation (manpage): + - Alphabetize the Client Options section of the tor manpage. Closes + ticket 32846. + - Alphabetize the General Options section of the tor manpage. Closes + ticket 32708. + - In the tor(1) manpage, reword and improve formatting of the + COMMAND-LINE OPTIONS and DESCRIPTION sections. Closes ticket + 32277. Based on work by Swati Thacker as part of Google Season + of Docs. + - In the tor(1) manpage, reword and improve formatting of the FILES, + SEE ALSO, and BUGS sections. Closes ticket 32176. Based on work by + Swati Thacker as part of Google Season of Docs. + + o Testing (circuit, EWMA): + - Add unit tests for circuitmux and EWMA subsystems. Closes + ticket 32196. + + o Testing (continuous integration): + - Use zstd in our Travis Linux builds. Closes ticket 32242. + + +Changes in version 0.4.2.5 - 2019-12-09 + This is the first stable release in the 0.4.2.x series. This series + improves reliability and stability, and includes several stability and + correctness improvements for onion services. It also fixes many smaller + bugs present in previous series. + + Per our support policy, we will support the 0.4.2.x series for nine + months, or until three months after the release of a stable 0.4.3.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Per our support policy, we will support the 0.4.2.x series for nine + months, or until three months after the release of a stable 0.4.3.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Below are the changes since 0.4.1.4-rc. For a complete list of changes + since 0.4.1.5, see the ReleaseNotes file. + + o Minor features (geoip): + - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 32685. + + o Testing: + - Require C99 standards-conforming code in Travis CI, but allow GNU + gcc extensions. Also activates clang's -Wtypedef-redefinition + warnings. Build some jobs with -std=gnu99, and some jobs without. + Closes ticket 32500. + + +Changes in version 0.4.1.7 - 2019-12-09 + This release backports several bugfixes to improve stability and + correctness. Anyone experiencing build problems or crashes with 0.4.1.6, + including all relays relying on AccountingMax, should upgrade. + + o Major features (directory authorities, backport from 0.4.2.2-alpha): + - Directory authorities now reject relays running all currently + deprecated release series. The currently supported release series + are: 0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2. Closes ticket 31549. + + o Major bugfixes (embedded Tor, backport from 0.4.2.2-alpha): + - Avoid a possible crash when restarting Tor in embedded mode and + enabling a different set of publish/subscribe messages. Fixes bug + 31898; bugfix on 0.4.1.1-alpha. + + o Major bugfixes (relay, backport from 0.4.2.3-alpha): + - Relays now respect their AccountingMax bandwidth again. When + relays entered "soft" hibernation (which typically starts when + we've hit 90% of our AccountingMax), we had stopped checking + whether we should enter hard hibernation. Soft hibernation refuses + new connections and new circuits, but the existing circuits can + continue, meaning that relays could have exceeded their configured + AccountingMax. Fixes bug 32108; bugfix on 0.4.0.1-alpha. + + o Major bugfixes (torrc parsing, backport from 0.4.2.2-alpha): + - Stop ignoring torrc options after an %include directive, when the + included directory ends with a file that does not contain any + config options (but does contain comments or whitespace). Fixes + bug 31408; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (v3 onion services, backport from 0.4.2.3-alpha): + - Onion services now always use the exact number of intro points + configured with the HiddenServiceNumIntroductionPoints option (or + fewer if nodes are excluded). Before, a service could sometimes + pick more intro points than configured. Fixes bug 31548; bugfix + on 0.3.2.1-alpha. + + o Minor features (continuous integration, backport from 0.4.2.2-alpha): + - When building on Appveyor and Travis, pass the "-k" flag to make, + so that we are informed of all compilation failures, not just the + first one or two. Closes ticket 31372. + + o Minor features (geoip, backport from 0.4.2.5): + - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 32685. + + o Minor bugfixes (Appveyor CI, backport from 0.4.2.2-alpha): + - Avoid spurious errors when Appveyor CI fails before the install step. + Fixes bug 31884; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (client, onion service v3, backport from 0.4.2.4-rc): + - Fix a BUG() assertion that occurs within a very small race window + between when a client intro circuit opens and when its descriptor + gets cleaned up from the cache. The circuit is now closed early, + which will trigger a re-fetch of the descriptor and continue the + connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (connections, backport from 0.4.2.3-rc): + - Avoid trying to read data from closed connections, which can cause + needless loops in Libevent and infinite loops in Shadow. Fixes bug + 30344; bugfix on 0.1.1.1-alpha. + + o Minor bugfixes (error handling, backport from 0.4.2.1-alpha): + - On abort, try harder to flush the output buffers of log messages. + On some platforms (macOS), log messages could be discarded when + the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - Report the tor version whenever an assertion fails. Previously, we + only reported the Tor version on some crashes, and some non-fatal + assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - When tor aborts due to an error, close log file descriptors before + aborting. Closing the logs makes some OSes flush log file buffers, + rather than deleting buffered log lines. Fixes bug 31594; bugfix + on 0.2.5.2-alpha. + + o Minor bugfixes (logging, backport from 0.4.2.2-alpha): + - Add a missing check for HAVE_PTHREAD_H, because the backtrace code + uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha. + - Disable backtrace signal handlers when shutting down tor. Fixes + bug 31614; bugfix on 0.2.5.2-alpha. + - Rate-limit our the logging message about the obsolete .exit + notation. Previously, there was no limit on this warning, which + could potentially be triggered many times by a hostile website. + Fixes bug 31466; bugfix on 0.2.2.1-alpha. + + o Minor bugfixes (logging, protocol violations, backport from 0.4.2.2-alpha): + - Do not log a nonfatal assertion failure when receiving a VERSIONS + cell on a connection using the obsolete v1 link protocol. Log a + protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (mainloop, periodic events, in-process API, backport from 0.4.2.3-alpha): + - Reset the periodic events' "enabled" flag when Tor is shut down + cleanly. Previously, this flag was left on, which caused periodic + events not to be re-enabled when Tor was relaunched in-process + with tor_api.h after a shutdown. Fixes bug 32058; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (multithreading, backport from 0.4.2.2-alpha): + - Avoid some undefined behaviour when freeing mutexes. Fixes bug + 31736; bugfix on 0.0.7. + + o Minor bugfixes (process management, backport from 0.4.2.3-alpha): + - Remove overly strict assertions that triggered when a pluggable + transport failed to launch. Fixes bug 31091; bugfix + on 0.4.0.1-alpha. + - Remove an assertion in the Unix process backend. This assertion + would trigger when we failed to find the executable for a child + process. Fixes bug 31810; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.4.2.2-alpha): + - Avoid crashing when starting with a corrupt keys directory where + the old ntor key and the new ntor key are identical. Fixes bug + 30916; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (testing, backport from 0.4.2.3-alpha): + - When testing port rebinding, don't busy-wait for tor to log. + Instead, actually sleep for a short time before polling again. + Also improve the formatting of control commands and log messages. + Fixes bug 31837; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (tests, SunOS, backport from 0.4.2.2-alpha): + - Avoid a map_anon_nofork test failure due to a signed/unsigned + integer comparison. Fixes bug 31897; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (tls, logging, backport from 0.4.2.3-alpha): + - Log bugs about the TLS read buffer's length only once, rather than + filling the logs with similar warnings. Fixes bug 31939; bugfix + on 0.3.0.4-rc. + + o Documentation (backport from 0.4.2.2-alpha): + - Explain why we can't destroy the backtrace buffer mutex. Explain + why we don't need to destroy the log mutex. Closes ticket 31736. + + o Testing (continuous integration, backport from 0.4.2.3-alpha): + - Disable all but one Travis CI macOS build, to mitigate slow + scheduling of Travis macOS jobs. Closes ticket 32177. + - Run the chutney IPv6 networks as part of Travis CI. Closes + ticket 30860. + - Simplify the Travis CI build matrix, and optimise for build time. + Closes ticket 31859. + - Use Windows Server 2019 instead of Windows Server 2016 in our + Appveyor builds. Closes ticket 32086. + + o Testing (continuous integration, backport from 0.4.2.4-rc): + - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241. + - Use Ubuntu Bionic images for our Travis CI builds, so we can get a + recent version of coccinelle. But leave chutney on Ubuntu Trusty, + until we can fix some Bionic permissions issues (see ticket + 32240). Related to ticket 31919. + - Install the mingw OpenSSL package in Appveyor. This makes sure + that the OpenSSL headers and libraries match in Tor's Appveyor + builds. (This bug was triggered by an Appveyor image update.) + Fixes bug 32449; bugfix on 0.3.5.6-rc. + + o Testing (continuous integration, backport from 0.4.2.5): + - Require C99 standards-conforming code in Travis CI, but allow GNU gcc + extensions. Also activates clang's -Wtypedef-redefinition warnings. + Build some jobs with -std=gnu99, and some jobs without. + Closes ticket 32500. + + +Changes in version 0.4.0.6 - 2019-12-09 + This is the second stable release in the 0.4.0.x series. This release + backports several bugfixes to improve stability and correctness. Anyone + experiencing build problems or crashes with 0.4.0.5, including all relays + relying on AccountingMax, should upgrade. + + Note that, per our support policy, support for the 0.4.0.x series will end + on 2 Feb 2020. Anyone still running 0.4.0.x should plan to upgrade to the + latest stable release, or downgrade to 0.3.5.x, which will get long-term + support until 1 Feb 2022. + + o Directory authority changes (backport from 0.4.1.5): + - The directory authority "dizum" has a new IP address. Closes + ticket 31406. + + o Major bugfixes (bridges, backport from 0.4.1.2-alpha): + - Consider our directory information to have changed when our list + of bridges changes. Previously, Tor would not re-compute the + status of its directory information when bridges changed, and + therefore would not realize that it was no longer able to build + circuits. Fixes part of bug 29875. + - Do not count previously configured working bridges towards our + total of working bridges. Previously, when Tor's list of bridges + changed, it would think that the old bridges were still usable, + and delay fetching router descriptors for the new ones. Fixes part + of bug 29875; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (circuit build, guard, backport from 0.4.1.4-rc): + - When considering upgrading circuits from "waiting for guard" to + "open", always ignore circuits that are marked for close. Otherwise, + we can end up in the situation where a subsystem is notified that + a closing circuit has just opened, leading to undesirable + behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (Onion service reachability, backport from 0.4.1.3-alpha): + - Properly clean up the introduction point map when circuits change + purpose from onion service circuits to pathbias, measurement, or + other circuit types. This should fix some service-side instances + of introduction point failure. Fixes bug 29034; bugfix + on 0.3.2.1-alpha. + + o Major bugfixes (onion service v3, backport from 0.4.1.1-alpha): + - Fix an unreachable bug in which an introduction point could try to + send an INTRODUCE_ACK with a status code that Trunnel would refuse + to encode, leading the relay to assert(). We've consolidated the + ABI values into Trunnel now. Fixes bug 30454; bugfix + on 0.3.0.1-alpha. + - Clients can now handle unknown status codes from INTRODUCE_ACK + cells. (The NACK behavior will stay the same.) This will allow us + to extend status codes in the future without breaking the normal + client behavior. Fixes another part of bug 30454; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (relay, backport from 0.4.2.3-alpha): + - Relays now respect their AccountingMax bandwidth again. When + relays entered "soft" hibernation (which typically starts when + we've hit 90% of our AccountingMax), we had stopped checking + whether we should enter hard hibernation. Soft hibernation refuses + new connections and new circuits, but the existing circuits can + continue, meaning that relays could have exceeded their configured + AccountingMax. Fixes bug 32108; bugfix on 0.4.0.1-alpha. + + o Major bugfixes (torrc parsing, backport from 0.4.2.2-alpha): + - Stop ignoring torrc options after an %include directive, when the + included directory ends with a file that does not contain any + config options (but does contain comments or whitespace). Fixes + bug 31408; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (v3 onion services, backport from 0.4.2.3-alpha): + - Onion services now always use the exact number of intro points + configured with the HiddenServiceNumIntroductionPoints option (or + fewer if nodes are excluded). Before, a service could sometimes + pick more intro points than configured. Fixes bug 31548; bugfix + on 0.3.2.1-alpha. + + o Minor features (compile-time modules, backport from version 0.4.1.1-alpha): + - Add a "--list-modules" command to print a list of which compile- + time modules are enabled. Closes ticket 30452. + + o Minor features (continuous integration, backport from 0.4.1.1-alpha): + - Remove sudo configuration lines from .travis.yml as they are no + longer needed with current Travis build environment. Resolves + issue 30213. + + o Minor features (continuous integration, backport from 0.4.1.4-rc): + - Our Travis configuration now uses Chutney to run some network + integration tests automatically. Closes ticket 29280. + + o Minor features (continuous integration, backport from 0.4.2.2-alpha): + - When building on Appveyor and Travis, pass the "-k" flag to make, + so that we are informed of all compilation failures, not just the + first one or two. Closes ticket 31372. + + o Minor features (fallback directory list, backport from 0.4.1.4-rc): + - Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc + in December 2018 (of which ~122 were still functional), with a + list of 148 fallbacks (70 new, 78 existing, 79 removed) generated + in June 2019. Closes ticket 28795. + + o Minor features (geoip, backport from 0.4.2.5): + - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 32685. + + o Minor features (stem tests, backport from 0.4.2.1-alpha): + - Change "make test-stem" so it only runs the stem tests that use + tor. This change makes test-stem faster and more reliable. Closes + ticket 31554. + + o Minor bugfixes (Appveyor CI, backport from 0.4.2.2-alpha): + - Avoid spurious errors when Appveyor CI fails before the install step. + Fixes bug 31884; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (build system, backport form 0.4.2.1-alpha): + - Do not include the deprecated on Linux or Windows + systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (circuit isolation, backport from 0.4.1.3-alpha): + - Fix a logic error that prevented the SessionGroup sub-option from + being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (circuit padding, backport from 0.4.1.4-rc): + - On relays, properly check that a padding machine is absent before + logging a warning about it being absent. Fixes bug 30649; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (client, onion service v3, backport from 0.4.2.4-rc): + - Fix a BUG() assertion that occurs within a very small race window + between when a client intro circuit opens and when its descriptor + gets cleaned up from the cache. The circuit is now closed early, + which will trigger a re-fetch of the descriptor and continue the + connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (clock skew detection, backport from 0.4.1.5): + - Don't believe clock skew results from NETINFO cells that appear to + arrive before we sent the VERSIONS cells they are responding to. + Previously, we would accept them up to 3 minutes "in the past". + Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (compilation warning, backport from 0.4.1.5): + - Fix a compilation warning on Windows about casting a function + pointer for GetTickCount64(). Fixes bug 31374; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.1.5): + - Avoid using labs() on time_t, which can cause compilation warnings + on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (compilation, backport from 0.4.2.1-alpha): + - Suppress spurious float-conversion warnings from GCC when calling + floating-point classifier functions on FreeBSD. Fixes part of bug + 31687; bugfix on 0.3.1.5-alpha. + + o Minor bugfixes (compilation, unusual configurations, backport from 0.4.1.1-alpha): + - Avoid failures when building with the ALL_BUGS_ARE_FATAL option + due to missing declarations of abort(), and prevent other such + failures in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (configuration, proxies, backport from 0.4.1.2-alpha): + - Fix a bug that prevented us from supporting SOCKS5 proxies that + want authentication along with configured (but unused!) + ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha. + + o Minor bugfixes (connections, backport from 0.4.2.3-rc): + - Avoid trying to read data from closed connections, which can cause + needless loops in Libevent and infinite loops in Shadow. Fixes bug + 30344; bugfix on 0.1.1.1-alpha. + + o Minor bugfixes (continuous integration, backport from 0.4.1.3-alpha): + - Allow the test-stem job to fail in Travis, because it sometimes + hangs. Fixes bug 30744; bugfix on 0.3.5.4-alpha. + - Skip test_rebind on macOS in Travis, because it is unreliable on + macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha. + - Skip test_rebind when the TOR_SKIP_TEST_REBIND environment + variable is set. Fixes bug 30713; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (crash on exit, backport from 0.4.1.4-rc): + - Avoid a set of possible code paths that could try to use freed + memory in routerlist_free() while Tor was exiting. Fixes bug + 31003; bugfix on 0.1.2.2-alpha. + + o Minor bugfixes (directory authorities, backport from 0.4.1.3-alpha): + - Stop crashing after parsing an unknown descriptor purpose + annotation. We think this bug can only be triggered by modifying a + local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha. + + o Minor bugfixes (directory authority, backport from 0.4.1.2-alpha): + - Move the "bandwidth-file-headers" line in directory authority + votes so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (error handling, backport from 0.4.2.1-alpha): + - On abort, try harder to flush the output buffers of log messages. + On some platforms (macOS), log messages could be discarded when + the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - Report the tor version whenever an assertion fails. Previously, we + only reported the Tor version on some crashes, and some non-fatal + assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (FreeBSD, PF-based proxy, IPv6, backport from 0.4.2.1-alpha): + - When extracting an IPv6 address from a PF-based proxy, verify that + we are actually configured to receive an IPv6 address, and log an + internal error if not. Fixes part of bug 31687; bugfix + on 0.2.3.4-alpha. + + o Minor bugfixes (guards, backport from 0.4.2.1-alpha): + - When tor is missing descriptors for some primary entry guards, + make the log message less alarming. It's normal for descriptors to + expire, as long as tor fetches new ones soon after. Fixes bug + 31657; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.1.1-alpha): + - Do not log a warning when running with an OpenSSL version other + than the one Tor was compiled with, if the two versions should be + compatible. Previously, we would warn whenever the version was + different. Fixes bug 30190; bugfix on 0.2.4.2-alpha. + + o Minor bugfixes (logging, backport from 0.4.2.1-alpha): + - Change log level of message "Hash of session info was not as + expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (logging, backport from 0.4.2.2-alpha): + - Rate-limit our the logging message about the obsolete .exit + notation. Previously, there was no limit on this warning, which + could potentially be triggered many times by a hostile website. + Fixes bug 31466; bugfix on 0.2.2.1-alpha. + + o Minor bugfixes (logging, protocol violations, backport from 0.4.2.2-alpha): + - Do not log a nonfatal assertion failure when receiving a VERSIONS + cell on a connection using the obsolete v1 link protocol. Log a + protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (mainloop, periodic events, in-process API, backport from 0.4.2.3-alpha): + - Reset the periodic events' "enabled" flag when Tor is shut down + cleanly. Previously, this flag was left on, which caused periodic + events not to be re-enabled when Tor was relaunched in-process + with tor_api.h after a shutdown. Fixes bug 32058; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leak, backport from 0.4.1.1-alpha): + - Avoid a minor memory leak that could occur on relays when failing + to create a "keys" directory. Fixes bug 30148; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leak, backport from 0.4.1.4-rc): + - Fix a trivial memory leak when parsing an invalid value + from a download schedule in the configuration. Fixes bug + 30894; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (NetBSD, backport from 0.4.1.2-alpha): + - Fix usage of minherit() on NetBSD and other platforms that define + MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug + 30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell. + + o Minor bugfixes (onion services, backport from 0.4.1.1-alpha): + - Avoid a GCC 9.1.1 warning (and possible crash depending on libc + implemenation) when failing to load an onion service client + authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (out-of-memory handler, backport from 0.4.1.2-alpha): + - When purging the DNS cache because of an out-of-memory condition, + try purging just the older entries at first. Previously, we would + always purge the whole thing. Fixes bug 29617; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (portability, backport from 0.4.1.2-alpha): + - Avoid crashing in our tor_vasprintf() implementation on systems + that define neither vasprintf() nor _vscprintf(). (This bug has + been here long enough that we question whether people are running + Tor on such systems, but we're applying the fix out of caution.) + Fixes bug 30561; bugfix on 0.2.8.2-alpha. Found and fixed by + Tobias Stoeckmann. + + o Minor bugfixes (process management, backport from 0.4.2.3-alpha): + - Remove overly strict assertions that triggered when a pluggable + transport failed to launch. Fixes bug 31091; bugfix + on 0.4.0.1-alpha. + - Remove an assertion in the Unix process backend. This assertion + would trigger when we failed to find the executable for a child + process. Fixes bug 31810; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.4.2.2-alpha): + - Avoid crashing when starting with a corrupt keys directory where + the old ntor key and the new ntor key are identical. Fixes bug + 30916; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (rust, backport from 0.4.2.1-alpha): + - Correctly exclude a redundant rust build job in Travis. Fixes bug + 31463; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (testing, backport from 0.4.2.3-alpha): + - When testing port rebinding, don't busy-wait for tor to log. + Instead, actually sleep for a short time before polling again. + Also improve the formatting of control commands and log messages. + Fixes bug 31837; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (tls, logging, backport from 0.4.2.3-alpha): + - Log bugs about the TLS read buffer's length only once, rather than + filling the logs with similar warnings. Fixes bug 31939; bugfix + on 0.3.0.4-rc. + + o Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha): + - Always retry v2 single onion service intro and rend circuits with + a 3-hop path. Previously, v2 single onion services used a 3-hop + path when rendezvous circuits were retried after a remote or + delayed failure, but a 1-hop path for immediate retries. Fixes bug + 23818; bugfix on 0.2.9.3-alpha. + - Make v3 single onion services fall back to a 3-hop intro, when all + intro points are unreachable via a 1-hop path. Previously, v3 + single onion services failed when all intro nodes were unreachable + via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha. + + o Documentation (backport from 0.4.2.1-alpha): + - Use RFC 2397 data URL scheme to embed an image into tor-exit- + notice.html so that operators no longer have to host it + themselves. Closes ticket 31089. + + o Testing (backport from 0.4.1.2-alpha): + - Specify torrc paths (with empty files) when launching tor in + integration tests; refrain from reading user and system torrcs. + Resolves issue 29702. + + o Testing (continuous integration, backport from 0.4.1.1-alpha): + - In Travis, show stem's tor log after failure. Closes ticket 30234. + + o Testing (continuous integration, backport from 0.4.1.5): + - In Travis, make stem log a controller trace to the console, and + tail stem's tor log after failure. Closes ticket 30591. + - In Travis, only run the stem tests that use a tor binary. Closes + ticket 30694. + + o Testing (continuous integration, backport from 0.4.2.3-alpha): + - Disable all but one Travis CI macOS build, to mitigate slow + scheduling of Travis macOS jobs. Closes ticket 32177. + - Run the chutney IPv6 networks as part of Travis CI. Closes + ticket 30860. + - Simplify the Travis CI build matrix, and optimise for build time. + Closes ticket 31859. + - Use Windows Server 2019 instead of Windows Server 2016 in our + Appveyor builds. Closes ticket 32086. + + o Testing (continuous integration, backport from 0.4.2.4-rc): + - Use Ubuntu Bionic images for our Travis CI builds, so we can get a + recent version of coccinelle. But leave chutney on Ubuntu Trusty, + until we can fix some Bionic permissions issues (see ticket + 32240). Related to ticket 31919. + - Install the mingw OpenSSL package in Appveyor. This makes sure + that the OpenSSL headers and libraries match in Tor's Appveyor + builds. (This bug was triggered by an Appveyor image update.) + Fixes bug 32449; bugfix on 0.3.5.6-rc. + - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241. + + o Testing (continuous integration, backport from 0.4.2.5): + - Require C99 standards-conforming code in Travis CI, but allow GNU gcc + extensions. Also activates clang's -Wtypedef-redefinition warnings. + Build some jobs with -std=gnu99, and some jobs without. + Closes ticket 32500. + +Changes in version 0.3.5.9 - 2019-12-09 + Tor 0.3.5.9 backports serveral fixes from later releases, including + several that affect bridge users, relay stability, onion services, + and much more. + + o Directory authority changes (backport from 0.4.1.5): + - The directory authority "dizum" has a new IP address. Closes + ticket 31406. + + o Major bugfixes (bridges, backport from 0.4.1.2-alpha): + - Consider our directory information to have changed when our list + of bridges changes. Previously, Tor would not re-compute the + status of its directory information when bridges changed, and + therefore would not realize that it was no longer able to build + circuits. Fixes part of bug 29875. + - Do not count previously configured working bridges towards our + total of working bridges. Previously, when Tor's list of bridges + changed, it would think that the old bridges were still usable, + and delay fetching router descriptors for the new ones. Fixes part + of bug 29875; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (circuit build, guard, backport from 0.4.1.4-rc): + - When considering upgrading circuits from "waiting for guard" to + "open", always ignore circuits that are marked for close. Otherwise, + we can end up in the situation where a subsystem is notified that + a closing circuit has just opened, leading to undesirable + behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (NSS, relay, backport from 0.4.0.4-rc): + - When running with NSS, disable TLS 1.2 ciphersuites that use + SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for + these ciphersuites don't work -- which caused relays to fail to + handshake with one another when these ciphersuites were enabled. + Fixes bug 29241; bugfix on 0.3.5.1-alpha. + + o Major bugfixes (Onion service reachability, backport from 0.4.1.3-alpha): + - Properly clean up the introduction point map when circuits change + purpose from onion service circuits to pathbias, measurement, or + other circuit types. This should fix some service-side instances + of introduction point failure. Fixes bug 29034; bugfix + on 0.3.2.1-alpha. + + o Major bugfixes (onion service v3, backport from 0.4.1.1-alpha): + - Fix an unreachable bug in which an introduction point could try to + send an INTRODUCE_ACK with a status code that Trunnel would refuse + to encode, leading the relay to assert(). We've consolidated the + ABI values into Trunnel now. Fixes bug 30454; bugfix + on 0.3.0.1-alpha. + - Clients can now handle unknown status codes from INTRODUCE_ACK + cells. (The NACK behavior will stay the same.) This will allow us + to extend status codes in the future without breaking the normal + client behavior. Fixes another part of bug 30454; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (torrc parsing, backport from 0.4.2.2-alpha): + - Stop ignoring torrc options after an %include directive, when the + included directory ends with a file that does not contain any + config options (but does contain comments or whitespace). Fixes + bug 31408; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (v3 onion services, backport from 0.4.2.3-alpha): + - Onion services now always use the exact number of intro points + configured with the HiddenServiceNumIntroductionPoints option (or + fewer if nodes are excluded). Before, a service could sometimes + pick more intro points than configured. Fixes bug 31548; bugfix + on 0.3.2.1-alpha. + + o Minor features (address selection, backport from 0.4.0.3-alpha): + - Treat the subnet 100.64.0.0/10 as public for some purposes; + private for others. This subnet is the RFC 6598 (Carrier Grade + NAT) IP range, and is deployed by many ISPs as an alternative to + RFC 1918 that does not break existing internal networks. Tor now + blocks SOCKS and control ports on these addresses and warns users + if client ports or ExtORPorts are listening on a RFC 6598 address. + Closes ticket 28525. Patch by Neel Chauhan. + + o Minor features (bandwidth authority, backport from 0.4.0.4-rc): + - Make bandwidth authorities ignore relays that are reported in the + bandwidth file with the flag "vote=0". This change allows us to + report unmeasured relays for diagnostic reasons without including + their bandwidth in the bandwidth authorities' vote. Closes + ticket 29806. + + o Minor features (compile-time modules, backport from version 0.4.1.1-alpha): + - Add a "--list-modules" command to print a list of which compile- + time modules are enabled. Closes ticket 30452. + + o Minor features (continuous integration, backport from 0.4.0.4-rc): + - On Travis Rust builds, cleanup Rust registry and refrain from + caching the "target/" directory to speed up builds. Resolves + issue 29962. + + o Minor features (continuous integration, backport from 0.4.0.5): + - In Travis, tell timelimit to use stem's backtrace signals, and + launch python directly from timelimit, so python receives the + signals from timelimit, rather than make. Closes ticket 30117. + + o Minor features (continuous integration, backport from 0.4.1.1-alpha): + - Remove sudo configuration lines from .travis.yml as they are no + longer needed with current Travis build environment. Resolves + issue 30213. + + o Minor features (continuous integration, backport from 0.4.1.4-rc): + - Our Travis configuration now uses Chutney to run some network + integration tests automatically. Closes ticket 29280. + + o Minor features (continuous integration, backport from 0.4.2.2-alpha): + - When building on Appveyor and Travis, pass the "-k" flag to make, + so that we are informed of all compilation failures, not just the + first one or two. Closes ticket 31372. + + o Minor features (fallback directory list, backport from 0.4.1.4-rc): + - Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc + in December 2018 (of which ~122 were still functional), with a + list of 148 fallbacks (70 new, 78 existing, 79 removed) generated + in June 2019. Closes ticket 28795. + + o Minor features (geoip, backport from 0.4.2.5): + - Update geoip and geoip6 to the December 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 32685. + + o Minor features (NSS, diagnostic, backport from 0.4.0.4-rc): + - Try to log an error from NSS (if there is any) and a more useful + description of our situation if we are using NSS and a call to + SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. + + o Minor features (stem tests, backport from 0.4.2.1-alpha): + - Change "make test-stem" so it only runs the stem tests that use + tor. This change makes test-stem faster and more reliable. Closes + ticket 31554. + + o Minor bugfixes (security, backport from 0.4.0.4-rc): + - Verify in more places that we are not about to create a buffer + with more than INT_MAX bytes, to avoid possible OOB access in the + event of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and + fixed by Tobias Stoeckmann. + - Fix a potential double free bug when reading huge bandwidth files. + The issue is not exploitable in the current Tor network because + the vulnerable code is only reached when directory authorities + read bandwidth files, but bandwidth files come from a trusted + source (usually the authorities themselves). Furthermore, the + issue is only exploitable in rare (non-POSIX) 32-bit architectures, + which are not used by any of the current authorities. Fixes bug + 30040; bugfix on 0.3.5.1-alpha. Bug found and fixed by + Tobias Stoeckmann. + + o Minor bugfix (continuous integration, backport from 0.4.0.4-rc): + - Reset coverage state on disk after Travis CI has finished. This + should prevent future coverage merge errors from causing the test + suite for the "process" subsystem to fail. The process subsystem + was introduced in 0.4.0.1-alpha. Fixes bug 29036; bugfix + on 0.2.9.15. + - Terminate test-stem if it takes more than 9.5 minutes to run. + (Travis terminates the job after 10 minutes of no output.) + Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (Appveyor CI, backport from 0.4.2.2-alpha): + - Avoid spurious errors when Appveyor CI fails before the install step. + Fixes bug 31884; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (build system, backport form 0.4.2.1-alpha): + - Do not include the deprecated on Linux or Windows + systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.4.0.4-rc): + - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug + 29824; bugfix on 0.3.1.1-alpha. This is Coverity warning + CID 1444119. + + o Minor bugfixes (circuit isolation, backport from 0.4.1.3-alpha): + - Fix a logic error that prevented the SessionGroup sub-option from + being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (client, onion service v3, backport from 0.4.2.4-rc): + - Fix a BUG() assertion that occurs within a very small race window + between when a client intro circuit opens and when its descriptor + gets cleaned up from the cache. The circuit is now closed early, + which will trigger a re-fetch of the descriptor and continue the + connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (clock skew detection, backport from 0.4.1.5): + - Don't believe clock skew results from NETINFO cells that appear to + arrive before we sent the VERSIONS cells they are responding to. + Previously, we would accept them up to 3 minutes "in the past". + Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (compilation warning, backport from 0.4.1.5): + - Fix a compilation warning on Windows about casting a function + pointer for GetTickCount64(). Fixes bug 31374; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.0.2-alpha): + - Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug + 29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (compilation, backport from 0.4.1.5): + - Avoid using labs() on time_t, which can cause compilation warnings + on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (compilation, backport from 0.4.2.1-alpha): + - Suppress spurious float-conversion warnings from GCC when calling + floating-point classifier functions on FreeBSD. Fixes part of bug + 31687; bugfix on 0.3.1.5-alpha. + + o Minor bugfixes (compilation, unusual configurations, backport from 0.4.1.1-alpha): + - Avoid failures when building with the ALL_BUGS_ARE_FATAL option + due to missing declarations of abort(), and prevent other such + failures in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (configuration, proxies, backport from 0.4.1.2-alpha): + - Fix a bug that prevented us from supporting SOCKS5 proxies that + want authentication along with configured (but unused!) + ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha. + + o Minor bugfixes (connections, backport from 0.4.2.3-rc): + - Avoid trying to read data from closed connections, which can cause + needless loops in Libevent and infinite loops in Shadow. Fixes bug + 30344; bugfix on 0.1.1.1-alpha. + + o Minor bugfixes (continuous integration, backport from 0.4.1.3-alpha): + - Allow the test-stem job to fail in Travis, because it sometimes + hangs. Fixes bug 30744; bugfix on 0.3.5.4-alpha. + - Skip test_rebind on macOS in Travis, because it is unreliable on + macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha. + - Skip test_rebind when the TOR_SKIP_TEST_REBIND environment + variable is set. Fixes bug 30713; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (crash on exit, backport from 0.4.1.4-rc): + - Avoid a set of possible code paths that could try to use freed + memory in routerlist_free() while Tor was exiting. Fixes bug + 31003; bugfix on 0.1.2.2-alpha. + + o Minor bugfixes (directory authorities, backport from 0.4.1.3-alpha): + - Stop crashing after parsing an unknown descriptor purpose + annotation. We think this bug can only be triggered by modifying a + local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha. + + o Minor bugfixes (directory authority, backport from 0.4.1.2-alpha): + - Move the "bandwidth-file-headers" line in directory authority + votes so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (error handling, backport from 0.4.2.1-alpha): + - On abort, try harder to flush the output buffers of log messages. + On some platforms (macOS), log messages could be discarded when + the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - Report the tor version whenever an assertion fails. Previously, we + only reported the Tor version on some crashes, and some non-fatal + assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (FreeBSD, PF-based proxy, IPv6, backport from 0.4.2.1-alpha): + - When extracting an IPv6 address from a PF-based proxy, verify that + we are actually configured to receive an IPv6 address, and log an + internal error if not. Fixes part of bug 31687; bugfix + on 0.2.3.4-alpha. + + o Minor bugfixes (guards, backport from 0.4.2.1-alpha): + - When tor is missing descriptors for some primary entry guards, + make the log message less alarming. It's normal for descriptors to + expire, as long as tor fetches new ones soon after. Fixes bug + 31657; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.0.2-alpha): + - Avoid logging that we are relaxing a circuit timeout when that + timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (logging, backport from 0.4.0.3-alpha): + - Correct a misleading error message when IPv4Only or IPv6Only is + used but the resolved address can not be interpreted as an address + of the specified IP version. Fixes bug 13221; bugfix on + 0.2.3.9-alpha. Patch from Kris Katterjohn. + - Log the correct port number for listening sockets when "auto" is + used to let Tor pick the port number. Previously, port 0 was + logged instead of the actual port number. Fixes bug 29144; bugfix + on 0.3.5.1-alpha. Patch from Kris Katterjohn. + - Stop logging a BUG() warning when Tor is waiting for exit + descriptors. Fixes bug 28656; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.1.1-alpha): + - Do not log a warning when running with an OpenSSL version other + than the one Tor was compiled with, if the two versions should be + compatible. Previously, we would warn whenever the version was + different. Fixes bug 30190; bugfix on 0.2.4.2-alpha. + + o Minor bugfixes (logging, backport from 0.4.2.1-alpha): + - Change log level of message "Hash of session info was not as + expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (logging, backport from 0.4.2.2-alpha): + - Rate-limit our the logging message about the obsolete .exit + notation. Previously, there was no limit on this warning, which + could potentially be triggered many times by a hostile website. + Fixes bug 31466; bugfix on 0.2.2.1-alpha. + + o Minor bugfixes (logging, protocol violations, backport from 0.4.2.2-alpha): + - Do not log a nonfatal assertion failure when receiving a VERSIONS + cell on a connection using the obsolete v1 link protocol. Log a + protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (mainloop, periodic events, in-process API, backport from 0.4.2.3-alpha): + - Reset the periodic events' "enabled" flag when Tor is shut down + cleanly. Previously, this flag was left on, which caused periodic + events not to be re-enabled when Tor was relaunched in-process + with tor_api.h after a shutdown. Fixes bug 32058; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leak, backport from 0.4.1.1-alpha): + - Avoid a minor memory leak that could occur on relays when failing + to create a "keys" directory. Fixes bug 30148; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leak, backport from 0.4.1.4-rc): + - Fix a trivial memory leak when parsing an invalid value + from a download schedule in the configuration. Fixes bug + 30894; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (memory management, backport from 0.4.0.3-alpha): + - Refactor the shared random state's memory management so that it + actually takes ownership of the shared random value pointers. + Fixes bug 29706; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (memory management, testing, backport from 0.4.0.3-alpha): + - Stop leaking parts of the shared random state in the shared-random + unit tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (onion services, backport from 0.4.1.1-alpha): + - Avoid a GCC 9.1.1 warning (and possible crash depending on libc + implemenation) when failing to load an onion service client + authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (out-of-memory handler, backport from 0.4.1.2-alpha): + - When purging the DNS cache because of an out-of-memory condition, + try purging just the older entries at first. Previously, we would + always purge the whole thing. Fixes bug 29617; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (portability, backport from 0.4.1.2-alpha): + - Avoid crashing in our tor_vasprintf() implementation on systems + that define neither vasprintf() nor _vscprintf(). (This bug has + been here long enough that we question whether people are running + Tor on such systems, but we're applying the fix out of caution.) + Fixes bug 30561; bugfix on 0.2.8.2-alpha. Found and fixed by + Tobias Stoeckmann. + + o Minor bugfixes (relay, backport from 0.4.2.2-alpha): + - Avoid crashing when starting with a corrupt keys directory where + the old ntor key and the new ntor key are identical. Fixes bug + 30916; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (rust, backport from 0.4.0.5): + - Abort on panic in all build profiles, instead of potentially + unwinding into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (rust, backport from 0.4.2.1-alpha): + - Correctly exclude a redundant rust build job in Travis. Fixes bug + 31463; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (single onion services, backport from 0.4.0.3-alpha): + - Allow connections to single onion services to remain idle without + being disconnected. Previously, relays acting as rendezvous points + for single onion services were mistakenly closing idle rendezvous + circuits after 60 seconds, thinking that they were unused + directory-fetching circuits that had served their purpose. Fixes + bug 29665; bugfix on 0.2.1.26. + + o Minor bugfixes (stats, backport from 0.4.0.3-alpha): + - When ExtraInfoStatistics is 0, stop including PaddingStatistics in + relay and bridge extra-info documents. Fixes bug 29017; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.0.3-alpha): + - Downgrade some LOG_ERR messages in the address/* tests to + warnings. The LOG_ERR messages were occurring when we had no + configured network. We were failing the unit tests, because we + backported 28668 to 0.3.5.8, but did not backport 29530. Fixes bug + 29530; bugfix on 0.3.5.8. + - Fix our gcov wrapper script to look for object files at the + correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, backport from 0.4.0.4-rc): + - Backport the 0.3.4 src/test/test-network.sh to 0.2.9. We need a + recent test-network.sh to use new chutney features in CI. Fixes + bug 29703; bugfix on 0.2.9.1-alpha. + - Fix a test failure on Windows caused by an unexpected "BUG" + warning in our tests for tor_gmtime_r(-1). Fixes bug 29922; bugfix + on 0.2.9.3-alpha. + + o Minor bugfixes (testing, backport from 0.4.2.3-alpha): + - When testing port rebinding, don't busy-wait for tor to log. + Instead, actually sleep for a short time before polling again. + Also improve the formatting of control commands and log messages. + Fixes bug 31837; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (TLS protocol, backport form 0.4.0.4-rc): + - When classifying a client's selection of TLS ciphers, if the + client ciphers are not yet available, do not cache the result. + Previously, we had cached the unavailability of the cipher list + and never looked again, which in turn led us to assume that the + client only supported the ancient V1 link protocol. This, in turn, + was causing Stem integration tests to stall in some cases. Fixes + bug 30021; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (tls, logging, backport from 0.4.2.3-alpha): + - Log bugs about the TLS read buffer's length only once, rather than + filling the logs with similar warnings. Fixes bug 31939; bugfix + on 0.3.0.4-rc. + + o Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha): + - Always retry v2 single onion service intro and rend circuits with + a 3-hop path. Previously, v2 single onion services used a 3-hop + path when rendezvous circuits were retried after a remote or + delayed failure, but a 1-hop path for immediate retries. Fixes bug + 23818; bugfix on 0.2.9.3-alpha. + - Make v3 single onion services fall back to a 3-hop intro, when all + intro points are unreachable via a 1-hop path. Previously, v3 + single onion services failed when all intro nodes were unreachable + via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (Windows, CI, backport from 0.4.0.3-alpha): + - Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit + Windows Server 2012 R2 job. The remaining 2 jobs still provide + coverage of 64/32-bit, and Windows Server 2016/2012 R2. Also set + fast_finish, so failed jobs terminate the build immediately. Fixes + bug 29601; bugfix on 0.3.5.4-alpha. + + o Documentation (backport from 0.4.2.1-alpha): + - Use RFC 2397 data URL scheme to embed an image into tor-exit- + notice.html so that operators no longer have to host it + themselves. Closes ticket 31089. + + o Testing (backport from 0.4.1.2-alpha): + - Specify torrc paths (with empty files) when launching tor in + integration tests; refrain from reading user and system torrcs. + Resolves issue 29702. + + o Testing (continuous integration, backport from 0.4.1.1-alpha): + - In Travis, show stem's tor log after failure. Closes ticket 30234. + + o Testing (continuous integration, backport from 0.4.1.5): + - In Travis, make stem log a controller trace to the console, and + tail stem's tor log after failure. Closes ticket 30591. + - In Travis, only run the stem tests that use a tor binary. Closes + ticket 30694. + + o Testing (continuous integration, backport from 0.4.2.3-alpha): + - Disable all but one Travis CI macOS build, to mitigate slow + scheduling of Travis macOS jobs. Closes ticket 32177. + - Run the chutney IPv6 networks as part of Travis CI. Closes + ticket 30860. + - Simplify the Travis CI build matrix, and optimise for build time. + Closes ticket 31859. + - Use Windows Server 2019 instead of Windows Server 2016 in our + Appveyor builds. Closes ticket 32086. + + o Testing (continuous integration, backport from 0.4.2.4-rc): + - Use Ubuntu Bionic images for our Travis CI builds, so we can get a + recent version of coccinelle. But leave chutney on Ubuntu Trusty, + until we can fix some Bionic permissions issues (see ticket + 32240). Related to ticket 31919. + - Install the mingw OpenSSL package in Appveyor. This makes sure + that the OpenSSL headers and libraries match in Tor's Appveyor + builds. (This bug was triggered by an Appveyor image update.) + Fixes bug 32449; bugfix on 0.3.5.6-rc. + - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241. + + o Testing (continuous integration, backport from 0.4.2.5): + - Require C99 standards-conforming code in Travis CI, but allow GNU gcc + extensions. Also activates clang's -Wtypedef-redefinition warnings. + Build some jobs with -std=gnu99, and some jobs without. + Closes ticket 32500. + +Changes in version 0.4.2.4-rc - 2019-11-15 + Tor 0.4.2.4-rc is the first release candidate in its series. It fixes + several bugs from earlier versions, including a few that would result in + stack traces or incorrect behavior. + + o Minor features (build system): + - Make pkg-config use --prefix when cross-compiling, if + PKG_CONFIG_PATH is not set. Closes ticket 32191. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2019 Maxmind GeoLite2 + Country database. Closes ticket 32440. + + o Minor bugfixes (client, onion service v3): + - Fix a BUG() assertion that occurs within a very small race window + between when a client intro circuit opens and when its descriptor + gets cleaned up from the cache. The circuit is now closed early, + which will trigger a re-fetch of the descriptor and continue the + connection. Fixes bug 28970; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (code quality): + - Fix "make check-includes" so it runs correctly on out-of-tree + builds. Fixes bug 31335; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (configuration): + - Log the option name when skipping an obsolete option. Fixes bug + 32295; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (crash): + - When running Tor with an option like --verify-config or + --dump-config that does not start the event loop, avoid crashing + if we try to exit early because of an error. Fixes bug 32407; + bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (directory): + - When checking if a directory connection is anonymous, test if the + circuit was marked for close before looking at its channel. This + avoids a BUG() stacktrace if the circuit was previously closed. + Fixes bug 31958; bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (shellcheck): + - Fix minor shellcheck errors in the git-*.sh scripts. Fixes bug + 32402; bugfix on 0.4.2.1-alpha. + - Start checking most scripts for shellcheck errors again. Fixes bug + 32402; bugfix on 0.4.2.1-alpha. + + o Testing (continuous integration): + - Use Ubuntu Bionic images for our Travis CI builds, so we can get a + recent version of coccinelle. But leave chutney on Ubuntu Trusty, + until we can fix some Bionic permissions issues (see ticket + 32240). Related to ticket 31919. + - Install the mingw OpenSSL package in Appveyor. This makes sure + that the OpenSSL headers and libraries match in Tor's Appveyor + builds. (This bug was triggered by an Appveyor image update.) + Fixes bug 32449; bugfix on 0.3.5.6-rc. + - In Travis, use Xcode 11.2 on macOS 10.14. Closes ticket 32241. + + +Changes in version 0.4.2.3-alpha - 2019-10-24 + This release fixes several bugs from the previous alpha release, and + from earlier versions of Tor. + + o Major bugfixes (relay): + - Relays now respect their AccountingMax bandwidth again. When + relays entered "soft" hibernation (which typically starts when + we've hit 90% of our AccountingMax), we had stopped checking + whether we should enter hard hibernation. Soft hibernation refuses + new connections and new circuits, but the existing circuits can + continue, meaning that relays could have exceeded their configured + AccountingMax. Fixes bug 32108; bugfix on 0.4.0.1-alpha. + + o Major bugfixes (v3 onion services): + - Onion services now always use the exact number of intro points + configured with the HiddenServiceNumIntroductionPoints option (or + fewer if nodes are excluded). Before, a service could sometimes + pick more intro points than configured. Fixes bug 31548; bugfix + on 0.3.2.1-alpha. + + o Minor feature (onion services, control port): + - The ADD_ONION command's keyword "BEST" now defaults to ED25519-V3 + (v3) onion services. Previously it defaulted to RSA1024 (v2). + Closes ticket 29669. + + o Minor features (testing): + - When running tests that attempt to look up hostnames, replace the + libc name lookup functions with ones that do not actually touch + the network. This way, the tests complete more quickly in the + presence of a slow or missing DNS resolver. Closes ticket 31841. + + o Minor features (testing, continuous integration): + - Disable all but one Travis CI macOS build, to mitigate slow + scheduling of Travis macOS jobs. Closes ticket 32177. + - Run the chutney IPv6 networks as part of Travis CI. Closes + ticket 30860. + - Simplify the Travis CI build matrix, and optimise for build time. + Closes ticket 31859. + - Use Windows Server 2019 instead of Windows Server 2016 in our + Appveyor builds. Closes ticket 32086. + + o Minor bugfixes (build system): + - Interpret "--disable-module-dirauth=no" correctly. Fixes bug + 32124; bugfix on 0.3.4.1-alpha. + - Interpret "--with-tcmalloc=no" correctly. Fixes bug 32124; bugfix + on 0.2.0.20-rc. + - Stop failing when jemalloc is requested, but tcmalloc is not + found. Fixes bug 32124; bugfix on 0.3.5.1-alpha. + - When pkg-config is not installed, or a library that depends on + pkg-config is not found, tell the user what to do to fix the + problem. Fixes bug 31922; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (connections): + - Avoid trying to read data from closed connections, which can cause + needless loops in Libevent and infinite loops in Shadow. Fixes bug + 30344; bugfix on 0.1.1.1-alpha. + + o Minor bugfixes (error handling): + - Always lock the backtrace buffer before it is used. Fixes bug + 31734; bugfix on 0.2.5.3-alpha. + + o Minor bugfixes (mainloop, periodic events, in-process API): + - Reset the periodic events' "enabled" flag when Tor is shut down + cleanly. Previously, this flag was left on, which caused periodic + events not to be re-enabled when Tor was relaunched in-process + with tor_api.h after a shutdown. Fixes bug 32058; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (process management): + - Remove overly strict assertions that triggered when a pluggable + transport failed to launch. Fixes bug 31091; bugfix + on 0.4.0.1-alpha. + - Remove an assertion in the Unix process backend. This assertion + would trigger when we failed to find the executable for a child + process. Fixes bug 31810; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Avoid intermittent test failures due to a test that had relied on + inconsistent timing sources. Fixes bug 31995; bugfix + on 0.3.1.3-alpha. + - When testing port rebinding, don't busy-wait for tor to log. + Instead, actually sleep for a short time before polling again. + Also improve the formatting of control commands and log messages. + Fixes bug 31837; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (tls, logging): + - Log bugs about the TLS read buffer's length only once, rather than + filling the logs with similar warnings. Fixes bug 31939; bugfix + on 0.3.0.4-rc. + + o Minor bugfixes (v3 onion services): + - Fix an implicit conversion from ssize_t to size_t discovered by + Coverity. Fixes bug 31682; bugfix on 0.4.2.1-alpha. + - Fix a memory leak in an unlikely error code path when encoding HS + DoS establish intro extension cell. Fixes bug 32063; bugfix + on 0.4.2.1-alpha. + - When cleaning up intro circuits for a v3 onion service, don't + remove circuits that have an established or pending circuit, even + if they ran out of retries. This way, we don't remove a circuit on + its last retry. Fixes bug 31652; bugfix on 0.3.2.1-alpha. + + o Documentation: + - Correct the description of "GuardLifetime". Fixes bug 31189; + bugfix on 0.3.0.1-alpha. + - Make clear in the man page, in both the bandwidth section and the + AccountingMax section, that Tor counts in powers of two, not + powers of ten: 1 GByte is 1024*1024*1024 bytes, not one billion + bytes. Resolves ticket 32106. + + +Changes in version 0.4.2.2-alpha - 2019-10-07 + This release fixes several bugs from the previous alpha release, and + from earlier versions. It also includes a change in authorities, so + that they begin to reject the currently unsupported release series. + + o Major features (directory authorities): + - Directory authorities now reject relays running all currently + deprecated release series. The currently supported release series + are: 0.2.9, 0.3.5, 0.4.0, 0.4.1, and 0.4.2. Closes ticket 31549. + + o Major bugfixes (embedded Tor): + - Avoid a possible crash when restarting Tor in embedded mode and + enabling a different set of publish/subscribe messages. Fixes bug + 31898; bugfix on 0.4.1.1-alpha. + + o Major bugfixes (torrc parsing): + - Stop ignoring torrc options after an %include directive, when the + included directory ends with a file that does not contain any + config options (but does contain comments or whitespace). Fixes + bug 31408; bugfix on 0.3.1.1-alpha. + + o Minor features (auto-formatting scripts): + - When annotating C macros, never generate a line that our check- + spaces script would reject. Closes ticket 31759. + - When annotating C macros, try to remove cases of double-negation. + Closes ticket 31779. + + o Minor features (continuous integration): + - When building on Appveyor and Travis, pass the "-k" flag to make, + so that we are informed of all compilation failures, not just the + first one or two. Closes ticket 31372. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 1 2019 Maxmind GeoLite2 + Country database. Closes ticket 31931. + + o Minor features (maintenance scripts): + - Add a Coccinelle script to detect bugs caused by incrementing or + decrementing a variable inside a call to log_debug(). Since + log_debug() is a macro whose arguments are conditionally + evaluated, it is usually an error to do this. One such bug was + 30628, in which SENDME cells were miscounted by a decrement + operator inside a log_debug() call. Closes ticket 30743. + + o Minor features (onion services v3): + - Assist users who try to setup v2 client authorization in v3 onion + services by pointing them to the right documentation. Closes + ticket 28966. + + o Minor bugfixes (Appveyor continuous integration): + - Avoid spurious errors when Appveyor CI fails before the install + step. Fixes bug 31884; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (best practices tracker): + - When listing overbroad exceptions, do not also list problems, and + do not list insufficiently broad exceptions. Fixes bug 31338; + bugfix on 0.4.2.1-alpha. + + o Minor bugfixes (controller protocol): + - Fix the MAPADDRESS controller command to accept one or more + arguments. Previously, it required two or more arguments, and + ignored the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (logging): + - Add a missing check for HAVE_PTHREAD_H, because the backtrace code + uses mutexes. Fixes bug 31614; bugfix on 0.2.5.2-alpha. + - Disable backtrace signal handlers when shutting down tor. Fixes + bug 31614; bugfix on 0.2.5.2-alpha. + - Rate-limit our the logging message about the obsolete .exit + notation. Previously, there was no limit on this warning, which + could potentially be triggered many times by a hostile website. + Fixes bug 31466; bugfix on 0.2.2.1-alpha. + - When initialising log domain masks, only set known log domains. + Fixes bug 31854; bugfix on 0.2.1.1-alpha. + + o Minor bugfixes (logging, protocol violations): + - Do not log a nonfatal assertion failure when receiving a VERSIONS + cell on a connection using the obsolete v1 link protocol. Log a + protocol_warn instead. Fixes bug 31107; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (modules): + - Explain what the optional Directory Authority module is, and what + happens when it is disabled. Fixes bug 31825; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (multithreading): + - Avoid some undefined behaviour when freeing mutexes. Fixes bug + 31736; bugfix on 0.0.7. + + o Minor bugfixes (relay): + - Avoid crashing when starting with a corrupt keys directory where + the old ntor key and the new ntor key are identical. Fixes bug + 30916; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (tests, SunOS): + - Avoid a map_anon_nofork test failure due to a signed/unsigned + integer comparison. Fixes bug 31897; bugfix on 0.4.1.1-alpha. + + o Code simplification and refactoring: + - Refactor connection_control_process_inbuf() to reduce the size of + a practracker exception. Closes ticket 31840. + - Refactor the microdescs_parse_from_string() function into smaller + pieces, for better comprehensibility. Closes ticket 31675. + - Use SEVERITY_MASK_IDX() to find the LOG_* mask indexes in the unit + tests and fuzzers, rather than using hard-coded values. Closes + ticket 31334. + - Interface for function `decrypt_desc_layer` cleaned up. Closes + ticket 31589. + + o Documentation: + - Document the signal-safe logging behaviour in the tor man page. + Also add some comments to the relevant functions. Closes + ticket 31839. + - Explain why we can't destroy the backtrace buffer mutex. Explain + why we don't need to destroy the log mutex. Closes ticket 31736. + - The Tor source code repository now includes a (somewhat dated) + description of Tor's modular architecture, in doc/HACKING/design. + This is based on the old "tor-guts.git" repository, which we are + adopting and superseding. Closes ticket 31849. + + +Changes in version 0.4.1.6 - 2019-09-19 + This release backports several bugfixes to improve stability and + correctness. Anyone experiencing build problems or crashes with 0.4.1.5, + or experiencing reliability issues with single onion services, should + upgrade. + + o Major bugfixes (crash, Linux, Android, backport from 0.4.2.1-alpha): + - Tolerate systems (including some Android installations) where + madvise and MADV_DONTDUMP are available at build-time, but not at + run time. Previously, these systems would notice a failed syscall + and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha. + - Tolerate systems (including some Linux installations) where + madvise and/or MADV_DONTFORK are available at build-time, but not + at run time. Previously, these systems would notice a failed + syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha. + + o Minor features (stem tests, backport from 0.4.2.1-alpha): + - Change "make test-stem" so it only runs the stem tests that use + tor. This change makes test-stem faster and more reliable. Closes + ticket 31554. + + o Minor bugfixes (build system, backport form 0.4.2.1-alpha): + - Do not include the deprecated on Linux or Windows + systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (compilation, backport from 0.4.2.1-alpha): + - Add more stub functions to fix compilation on Android with link- + time optimization when --disable-module-dirauth is used. + Previously, these compilation settings would make the compiler + look for functions that didn't exist. Fixes bug 31552; bugfix + on 0.4.1.1-alpha. + - Suppress spurious float-conversion warnings from GCC when calling + floating-point classifier functions on FreeBSD. Fixes part of bug + 31687; bugfix on 0.3.1.5-alpha. + + o Minor bugfixes (controller protocol): + - Fix the MAPADDRESS controller command to accept one or more + arguments. Previously, it required two or more arguments, and ignored + the first. Fixes bug 31772; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (FreeBSD, PF-based proxy, IPv6, backport from 0.4.2.1-alpha): + - When extracting an IPv6 address from a PF-based proxy, verify that + we are actually configured to receive an IPv6 address, and log an + internal error if not. Fixes part of bug 31687; bugfix + on 0.2.3.4-alpha. + + o Minor bugfixes (guards, backport from 0.4.2.1-alpha): + - When tor is missing descriptors for some primary entry guards, + make the log message less alarming. It's normal for descriptors to + expire, as long as tor fetches new ones soon after. Fixes bug + 31657; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (logging, backport from 0.4.2.1-alpha): + - Change log level of message "Hash of session info was not as + expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix + on 0.1.1.10-alpha. + + o Minor bugfixes (rust, backport from 0.4.2.1-alpha): + - Correctly exclude a redundant rust build job in Travis. Fixes bug + 31463; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (v2 single onion services, backport from 0.4.2.1-alpha): + - Always retry v2 single onion service intro and rend circuits with + a 3-hop path. Previously, v2 single onion services used a 3-hop + path when rendezvous circuits were retried after a remote or + delayed failure, but a 1-hop path for immediate retries. Fixes bug + 23818; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (v3 single onion services, backport from 0.4.2.1-alpha): + - Always retry v3 single onion service intro and rend circuits with + a 3-hop path. Previously, v3 single onion services used a 3-hop + path when rend circuits were retried after a remote or delayed + failure, but a 1-hop path for immediate retries. Fixes bug 23818; + bugfix on 0.3.2.1-alpha. + - Make v3 single onion services fall back to a 3-hop intro, when all + intro points are unreachable via a 1-hop path. Previously, v3 + single onion services failed when all intro nodes were unreachable + via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha. + + o Documentation (backport from 0.4.2.1-alpha): + - Use RFC 2397 data URL scheme to embed an image into tor-exit- + notice.html so that operators no longer have to host it + themselves. Closes ticket 31089. + + +Changes in version 0.4.2.1-alpha - 2019-09-17 + This is the first alpha release in the 0.4.2.x series. It adds new + defenses for denial-of-service attacks against onion services. It also + includes numerous kinds of bugfixes and refactoring to help improve + Tor's stability and ease of development. + + o Major features (onion service v3, denial of service): + - Add onion service introduction denial of service defenses. Intro + points can now rate-limit client introduction requests, using + parameters that can be sent by the service within the + ESTABLISH_INTRO cell. If the cell extension for this is not used, + the intro point will honor the consensus parameters. Closes + ticket 30924. + + o Major bugfixes (circuit build, guard): + - When considering upgrading circuits from "waiting for guard" to + "open", always ignore circuits that are marked for close. + Previously we could end up in the situation where a subsystem is + notified of a circuit opening, but the circuit is still marked for + close, leading to undesirable behavior. Fixes bug 30871; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (crash, Linux, Android): + - Tolerate systems (including some Android installations) where + madvise and MADV_DONTDUMP are available at build-time, but not at + run time. Previously, these systems would notice a failed syscall + and abort. Fixes bug 31570; bugfix on 0.4.1.1-alpha. + - Tolerate systems (including some Linux installations) where + madvise and/or MADV_DONTFORK are available at build-time, but not + at run time. Previously, these systems would notice a failed + syscall and abort. Fixes bug 31696; bugfix on 0.4.1.1-alpha. + + o Minor features (best practices tracker): + - Our best-practices tracker now integrates with our include-checker + tool to keep track of how many layering violations we have not yet + fixed. We hope to reduce this number over time to improve Tor's + modularity. Closes ticket 31176. + - Add a TOR_PRACTRACKER_OPTIONS variable for passing arguments to + practracker from the environment. We may want this for continuous + integration. Closes ticket 31309. + - Give a warning rather than an error when a practracker exception + is violated by a small amount, add a --list-overbroad option to + practracker that lists exceptions that are stricter than they need + to be, and provide an environment variable for disabling + practracker. Closes ticket 30752. + - Our best-practices tracker now looks at headers as well as C + files. Closes ticket 31175. + + o Minor features (build system): + - Add --disable-manpage and --disable-html-manual options to + configure script. This will enable shortening build times by not + building documentation. Resolves issue 19381. + + o Minor features (compilation): + - Log a more useful error message when we are compiling and one of + the compile-time hardening options we have selected can be linked + but not executed. Closes ticket 27530. + + o Minor features (configuration): + - The configuration code has been extended to allow splitting + configuration data across multiple objects. Previously, all + configuration data needed to be kept in a single object, which + tended to become bloated. Closes ticket 31240. + + o Minor features (continuous integration): + - When running CI builds on Travis, put some random data in + ~/.torrc, to make sure no tests are reading the Tor configuration + file from its default location. Resolves issue 30102. + + o Minor features (debugging): + - Log a nonfatal assertion failure if we encounter a configuration + line whose command is "CLEAR" but which has a nonempty value. This + should be impossible, according to the rules of our configuration + line parsing. Closes ticket 31529. + + o Minor features (git hooks): + - Our pre-commit git hook now checks for a special file before + running practracker, so that practracker only runs on branches + that are based on master. Since the pre-push hook calls the pre- + commit hook, practracker will also only run before pushes of + branches based on master. Closes ticket 30979. + + o Minor features (git scripts): + - Add a "--" command-line argument, to separate git-push-all.sh + script arguments from arguments that are passed through to git + push. Closes ticket 31314. + - Add a -r argument to git-push-all.sh, so the script + can push test branches to a personal remote. Closes ticket 31314. + - Add a -t argument to git-merge-forward.sh and + git-push-all.sh, which makes these scripts create, merge forward, + and push test branches. Closes ticket 31314. + - Add a -u argument to git-merge-forward.sh, so that the script can + re-use existing test branches after a merge failure and fix. + Closes ticket 31314. + - Add a TOR_GIT_PUSH env var, which sets the default git push + command and arguments for git-push-all.sh. Closes ticket 31314. + - Add a TOR_PUSH_DELAY variable to git-push-all.sh, which makes the + script push master and maint branches with a delay between each + branch. These delays trigger the CI jobs in a set order, which + should show the most likely failures first. Also make pushes + atomic by default, and make the script pass any command-line + arguments to git push. Closes ticket 29879. + - Call the shellcheck script from the pre-commit hook. Closes + ticket 30967. + - Skip pushing test branches that are the same as a remote + maint/release/master branch in git-push-all.sh by default. Add a + -s argument, so git-push-all.sh can push all test branches. Closes + ticket 31314. + + o Minor features (IPv6, logging): + - Log IPv6 addresses as well as IPv4 addresses when describing + routerinfos, routerstatuses, and nodes. Closes ticket 21003. + + o Minor features (onion service v3): + - Do not allow single hop clients to fetch or post an HS descriptor + from an HSDir. Closes ticket 24964. + + o Minor features (onion service): + - Disallow single-hop clients at the introduction point. We've + removed Tor2web support a while back and single-hop rendezvous + attempts are blocked at the relays. This change should remove load + off the network from spammy clients. Close ticket 24963. + + o Minor features (stem tests): + - Change "make test-stem" so it only runs the stem tests that use + tor. This change makes test-stem faster and more reliable. Closes + ticket 31554. + + o Minor features (testing): + - Add a script to invoke "tor --dump-config" and "tor + --verify-config" with various configuration options, and see + whether tor's resulting configuration or error messages are what + we expect. Use it for integration testing of our +Option and + /Option flags. Closes ticket 31637. + - Improve test coverage for our existing configuration parsing and + management API. Closes ticket 30893. + - Add integration tests to make sure that practracker gives the + outputs we expect. Closes ticket 31477. + - The practracker self-tests are now run as part of the Tor test + suite. Closes ticket 31304. + + o Minor features (token bucket): + - Implement a generic token bucket that uses a single counter, for + use in anti-DoS onion service work. Closes ticket 30687. + + o Minor bugfixes (best practices tracker): + - Fix a few issues in the best-practices script, including tests, + tab tolerance, error reporting, and directory-exclusion logic. + Fixes bug 29746; bugfix on 0.4.1.1-alpha. + - When running check-best-practices, only consider files in the src + subdirectory. Previously we had recursively considered all + subdirectories, which made us get confused by the temporary + directories made by "make distcheck". Fixes bug 31578; bugfix + on 0.4.1.1-alpha. + + o Minor bugfixes (build system): + - Do not include the deprecated on Linux or Windows + systems. Fixes bug 31673; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (chutney, makefiles, documentation): + - "make test-network-all" now shows the warnings from each test- + network.sh run on the console, so developers see new warnings + early. We've also improved the documentation for this feature, and + renamed a Makefile variable so the code is self-documenting. Fixes + bug 30455; bugfix on 0.3.0.4-rc. + + o Minor bugfixes (compilation): + - Add more stub functions to fix compilation on Android with link- + time optimization when --disable-module-dirauth is used. + Previously, these compilation settings would make the compiler + look for functions that didn't exist. Fixes bug 31552; bugfix + on 0.4.1.1-alpha. + - Suppress spurious float-conversion warnings from GCC when calling + floating-point classifier functions on FreeBSD. Fixes part of bug + 31687; bugfix on 0.3.1.5-alpha. + + o Minor bugfixes (configuration): + - Invalid floating-point values in the configuration file are now + treated as errors in the configuration. Previously, they were + ignored and treated as zero. Fixes bug 31475; bugfix on 0.0.1. + + o Minor bugfixes (coverity): + - Add an assertion when parsing a BEGIN cell so that coverity can be + sure that we are not about to dereference a NULL address. Fixes + bug 31026; bugfix on 0.2.4.7-alpha. This is CID 1447296. + - In our siphash implementation, when building for coverity, use + memcpy in place of a switch statement, so that coverity can tell + we are not accessing out-of-bounds memory. Fixes bug 31025; bugfix + on 0.2.8.1-alpha. This is tracked as CID 1447293 and 1447295. + - Fix several coverity warnings from our unit tests. Fixes bug + 31030; bugfix on 0.2.4.1-alpha, 0.3.2.1-alpha, and 0.4.0.1-alpha. + + o Minor bugfixes (developer tooling): + - Only log git script changes in the post-merge script when the + merge was to the master branch. Fixes bug 31040; bugfix + on 0.4.1.1-alpha. + + o Minor bugfixes (directory authorities): + - Return a distinct status when formatting annotations fails. Fixes + bug 30780; bugfix on 0.2.0.8-alpha. + + o Minor bugfixes (error handling): + - On abort, try harder to flush the output buffers of log messages. + On some platforms (macOS), log messages could be discarded when + the process terminates. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - Report the tor version whenever an assertion fails. Previously, we + only reported the Tor version on some crashes, and some non-fatal + assertions. Fixes bug 31571; bugfix on 0.3.5.1-alpha. + - When tor aborts due to an error, close log file descriptors before + aborting. Closing the logs makes some OSes flush log file buffers, + rather than deleting buffered log lines. Fixes bug 31594; bugfix + on 0.2.5.2-alpha. + + o Minor bugfixes (FreeBSD, PF-based proxy, IPv6): + - When extracting an IPv6 address from a PF-based proxy, verify that + we are actually configured to receive an IPv6 address, and log an + internal error if not. Fixes part of bug 31687; bugfix + on 0.2.3.4-alpha. + + o Minor bugfixes (git hooks): + - Remove a duplicate call to practracker from the pre-push hook. The + pre-push hook already calls the pre-commit hook, which calls + practracker. Fixes bug 31462; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (git scripts): + - Stop hard-coding the bash path in the git scripts. Some OSes don't + have bash in /usr/bin, others have an ancient bash at this path. + Fixes bug 30840; bugfix on 0.4.0.1-alpha. + - Stop hard-coding the tor master branch name and worktree path in + the git scripts. Fixes bug 30841; bugfix on 0.4.0.1-alpha. + - Allow git-push-all.sh to be run from any directory. Previously, + the script only worked if run from an upstream worktree directory. + Closes ticket 31678. + + o Minor bugfixes (guards): + - When tor is missing descriptors for some primary entry guards, + make the log message less alarming. It's normal for descriptors to + expire, as long as tor fetches new ones soon after. Fixes bug + 31657; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (ipv6): + - Check for private IPv6 addresses alongside their IPv4 equivalents + when authorities check descriptors. Previously, we only checked + for private IPv4 addresses. Fixes bug 31088; bugfix on + 0.2.3.21-rc. Patch by Neel Chauhan. + - When parsing microdescriptors, we should check the IPv6 exit + policy alongside IPv4. Previously, we checked both exit policies + for only router info structures, while microdescriptors were + IPv4-only. Fixes bug 27284; bugfix on 0.2.3.1-alpha. Patch by + Neel Chauhan. + + o Minor bugfixes (logging): + - Change log level of message "Hash of session info was not as + expected" to LOG_PROTOCOL_WARN. Fixes bug 12399; bugfix + on 0.1.1.10-alpha. + - Fix a code issue that would have broken our parsing of log domains + as soon as we had 33 of them. Fortunately, we still only have 29. + Fixes bug 31451; bugfix on 0.4.1.4-rc. + + o Minor bugfixes (memory management): + - Stop leaking a small amount of memory in nt_service_install(), in + unreachable code. Fixes bug 30799; bugfix on 0.2.0.7-alpha. Patch + by Xiaoyin Liu. + + o Minor bugfixes (networking, IP addresses): + - When parsing addresses via Tor's internal DNS lookup API, reject + IPv4 addresses in square brackets, and accept IPv6 addresses in + square brackets. This change completes the work started in 23082, + making address parsing consistent between tor's internal DNS + lookup and address parsing APIs. Fixes bug 30721; bugfix + on 0.2.1.5-alpha. + - When parsing addresses via Tor's internal address:port parsing and + DNS lookup APIs, require IPv6 addresses with ports to have square + brackets. But allow IPv6 addresses without ports, whether or not + they have square brackets. Fixes bug 30721; bugfix + on 0.2.1.5-alpha. + + o Minor bugfixes (onion service v3): + - When purging the client descriptor cache, close any introduction + point circuits associated with purged cache entries. This avoids + picking those circuits later when connecting to the same + introduction points. Fixes bug 30921; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion services): + - In the hs_ident_circuit_t data structure, remove the unused field + circuit_type and the respective argument in hs_ident_circuit_new(). + This field was set by clients (for introduction) and services (for + introduction and rendezvous) but was never used afterwards. Fixes + bug 31490; bugfix on 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (operator tools): + - Make tor-print-ed-signing-cert(1) print certificate expiration + date in RFC 1123 and UNIX timestamp formats, to make output + machine readable. Fixes bug 31012; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (rust): + - Correctly exclude a redundant rust build job in Travis. Fixes bug + 31463; bugfix on 0.3.5.4-alpha. + - Raise the minimum rustc version to 1.31.0, as checked by configure + and CI. Fixes bug 31442; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (sendme, code structure): + - Rename the trunnel SENDME file definition from sendme.trunnel to + sendme_cell.trunnel to avoid having twice sendme.{c|h} in the + repository. Fixes bug 30769; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (statistics): + - Stop removing the ed25519 signature if the extra info file is too + big. If the signature data was removed, but the keyword was kept, + this could result in an unparseable extra info file. Fixes bug + 30958; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (subsystems): + - Make the subsystem init order match the subsystem module + dependencies. Call windows process security APIs as early as + possible. Initialize logging before network and time, so that + network and time can use logging. Fixes bug 31615; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Teach the util/socketpair_ersatz test to work correctly when we + have no network stack configured. Fixes bug 30804; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (v2 single onion services): + - Always retry v2 single onion service intro and rend circuits with + a 3-hop path. Previously, v2 single onion services used a 3-hop + path when rendezvous circuits were retried after a remote or + delayed failure, but a 1-hop path for immediate retries. Fixes bug + 23818; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (v3 single onion services): + - Always retry v3 single onion service intro and rend circuits with + a 3-hop path. Previously, v3 single onion services used a 3-hop + path when rend circuits were retried after a remote or delayed + failure, but a 1-hop path for immediate retries. Fixes bug 23818; + bugfix on 0.3.2.1-alpha. + - Make v3 single onion services fall back to a 3-hop intro, when all + intro points are unreachable via a 1-hop path. Previously, v3 + single onion services failed when all intro nodes were unreachable + via a 1-hop path. Fixes bug 23507; bugfix on 0.3.2.1-alpha. + + o Documentation: + - Improve documentation in circuit padding subsystem. Patch by + Tobias Pulls. Closes ticket 31113. + - Include an example usage for IPv6 ORPort in our sample torrc. + Closes ticket 31320; patch from Ali Raheem. + - Use RFC 2397 data URL scheme to embed an image into tor-exit- + notice.html so that operators no longer have to host it + themselves. Closes ticket 31089. + + o Removed features: + - No longer include recommended package digests in votes as detailed + in proposal 301. The RecommendedPackages torrc option is + deprecated and will no longer have any effect. "package" lines + will still be considered when computing consensuses for consensus + methods that include them. (This change has no effect on the list + of recommended Tor versions, which is still in use.) Closes + ticket 29738. + - Remove torctl.in from contrib/dist directory. Resolves + ticket 30550. + + o Testing: + - Run shellcheck for all non-third-party shell scripts that are + shipped with Tor. Closes ticket 29533. + - When checking shell scripts, ignore any user-created directories. + Closes ticket 30967. + + o Code simplification and refactoring (config handling): + - Extract our variable manipulation code from confparse.c to a new + lower-level typedvar.h module. Closes ticket 30864. + - Lower another layer of object management from confparse.c to a + more general tool. Now typed structure members are accessible via + an abstract type. Implements ticket 30914. + - Move our backend logic for working with configuration and state + files into a lower-level library, since it no longer depends on + any tor-specific functionality. Closes ticket 31626. + - Numerous simplifications in configuration-handling logic: remove + duplicated macro definitions, replace magical names with flags, + and refactor "TestingTorNetwork" to use the same default-option + logic as the rest of Tor. Closes ticket 30935. + - Replace our ad-hoc set of flags for configuration variables and + configuration variable types with fine-grained orthogonal flags + corresponding to the actual behavior we want. Closes ticket 31625. + + o Code simplification and refactoring (misc): + - Eliminate some uses of lower-level control reply abstractions, + primarily in the onion_helper functions. Closes ticket 30889. + - Rework bootstrap tracking to use the new publish-subscribe + subsystem. Closes ticket 29976. + - Rewrite format_node_description() and router_get_verbose_nickname() + to use strlcpy() and strlcat(). The previous implementation used + memcpy() and pointer arithmetic, which was error-prone. Closes + ticket 31545. This is CID 1452819. + - Split extrainfo_dump_to_string() into smaller functions. Closes + ticket 30956. + - Use the ptrdiff_t type consistently for expressing variable + offsets and pointer differences. Previously we incorrectly (but + harmlessly) used int and sometimes off_t for these cases. Closes + ticket 31532. + - Use the subsystems mechanism to manage the main event loop code. + Closes ticket 30806. + - Various simplifications and minor improvements to the circuit + padding machines. Patch by Tobias Pulls. Closes tickets 31112 + and 31098. + + o Documentation (hard-coded directories): + - Improve the documentation for the DirAuthority and FallbackDir + torrc options. Closes ticket 30955. + + o Documentation (tor.1 man page): + - Fix typo in tor.1 man page: the option is "--help", not "-help". + Fixes bug 31008; bugfix on 0.2.2.9-alpha. + + +Changes in version 0.4.1.5 - 2019-08-20 + This is the first stable release in the 0.4.1.x series. This series + adds experimental circuit-level padding, authenticated SENDME cells to + defend against certain attacks, and several performance improvements + to save on CPU consumption. It fixes bugs in bootstrapping and v3 + onion services. It also includes numerous smaller features and + bugfixes on earlier versions. + + Per our support policy, we will support the 0.4.1.x series for nine + months, or until three months after the release of a stable 0.4.2.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Below are the changes since 0.4.1.4-rc. For a complete list of changes + since 0.4.0.5, see the ReleaseNotes file. + + o Directory authority changes: + - The directory authority "dizum" has a new IP address. Closes + ticket 31406. + + o Minor features (circuit padding logging): + - Demote noisy client-side warn logs about circuit padding to + protocol warnings. Add additional log messages and circuit ID + fields to help with bug 30992 and any other future issues. + + o Minor bugfixes (circuit padding negotiation): + - Bump the circuit padding protocol version to explicitly signify + that the HS setup machine support is finalized in 0.4.1.x-stable. + This also means that 0.4.1.x-alpha clients will not negotiate + padding with 0.4.1.x-stable relays, and 0.4.1.x-stable clients + will not negotiate padding with 0.4.1.x-alpha relays (or 0.4.0.x + relays). Fixes bug 31356; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (circuit padding): + - Ignore non-padding cells on padding circuits. This addresses + various warning messages from subsystems that were not expecting + padding circuits. Fixes bug 30942; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (clock skew detection): + - Don't believe clock skew results from NETINFO cells that appear to + arrive before we sent the VERSIONS cells they are responding to. + Previously, we would accept them up to 3 minutes "in the past". + Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (compatibility, standards compliance): + - Fix a bug that would invoke undefined behavior on certain + operating systems when trying to asprintf() a string exactly + INT_MAX bytes long. We don't believe this is exploitable, but it's + better to fix it anyway. Fixes bug 31001; bugfix on 0.2.2.11-alpha. + Found and fixed by Tobias Stoeckmann. + + o Minor bugfixes (compilation warning): + - Fix a compilation warning on Windows about casting a function + pointer for GetTickCount64(). Fixes bug 31374; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (compilation): + - Avoid using labs() on time_t, which can cause compilation warnings + on 64-bit Windows builds. Fixes bug 31343; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (distribution): + - Do not ship any temporary files found in the + scripts/maint/practracker directory. Fixes bug 31311; bugfix + on 0.4.1.1-alpha. + + o Testing (continuous integration): + - In Travis, make stem log a controller trace to the console, and + tail stem's tor log after failure. Closes ticket 30591. + - In Travis, only run the stem tests that use a tor binary. Closes + ticket 30694. + + +Changes in version 0.4.1.4-rc - 2019-07-25 + Tor 0.4.1.4-rc fixes a few bugs from previous versions of Tor, and + updates to a new list of fallback directories. If no new bugs are + found, the next release in the 0.4.1.x serious should be stable. + + o Major bugfixes (circuit build, guard): + - When considering upgrading circuits from "waiting for guard" to + "open", always ignore circuits that are marked for close. Otherwise, + we can end up in the situation where a subsystem is notified that + a closing circuit has just opened, leading to undesirable + behavior. Fixes bug 30871; bugfix on 0.3.0.1-alpha. + + o Minor features (continuous integration): + - Our Travis configuration now uses Chutney to run some network + integration tests automatically. Closes ticket 29280. + + o Minor features (fallback directory list): + - Replace the 157 fallbacks originally introduced in Tor 0.3.5.6-rc + in December 2018 (of which ~122 were still functional), with a + list of 148 fallbacks (70 new, 78 existing, 79 removed) generated + in June 2019. Closes ticket 28795. + + o Minor bugfixes (circuit padding): + - On relays, properly check that a padding machine is absent before + logging a warning about it being absent. Fixes bug 30649; bugfix + on 0.4.0.1-alpha. + - Add two NULL checks in unreachable places to silence Coverity (CID + 144729 and 1447291) and better future-proof ourselves. Fixes bug + 31024; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (crash on exit): + - Avoid a set of possible code paths that could try to use freed + memory in routerlist_free() while Tor was exiting. Fixes bug + 31003; bugfix on 0.1.2.2-alpha. + + o Minor bugfixes (logging): + - Fix a conflict between the flag used for messaging-domain log + messages, and the LD_NO_MOCK testing flag. Fixes bug 31080; bugfix + on 0.4.1.1-alpha. + + o Minor bugfixes (memory leaks): + - Fix a trivial memory leak when parsing an invalid value from a + download schedule in the configuration. Fixes bug 30894; bugfix + on 0.3.4.1-alpha. + + o Code simplification and refactoring: + - Remove some dead code from circpad_machine_remove_token() to fix + some Coverity warnings (CID 1447298). Fixes bug 31027; bugfix + on 0.4.1.1-alpha. + + +Changes in version 0.4.1.3-alpha - 2019-06-25 + Tor 0.4.1.3-alpha resolves numerous bugs left over from the previous + alpha, most of them from earlier release series. + + o Major bugfixes (Onion service reachability): + - Properly clean up the introduction point map when circuits change + purpose from onion service circuits to pathbias, measurement, or + other circuit types. This should fix some service-side instances + of introduction point failure. Fixes bug 29034; bugfix + on 0.3.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the June 10 2019 Maxmind GeoLite2 + Country database. Closes ticket 30852. + + o Minor features (logging): + - Give a more useful assertion failure message if we think we have + minherit() but we fail to make a region non-inheritable. Give a + compile-time warning if our support for minherit() is incomplete. + Closes ticket 30686. + + o Minor bugfixes (circuit isolation): + - Fix a logic error that prevented the SessionGroup sub-option from + being accepted. Fixes bug 22619; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (continuous integration): + - Allow the test-stem job to fail in Travis, because it sometimes + hangs. Fixes bug 30744; bugfix on 0.3.5.4-alpha. + - Skip test_rebind on macOS in Travis, because it is unreliable on + macOS on Travis. Fixes bug 30713; bugfix on 0.3.5.1-alpha. + - Skip test_rebind when the TOR_SKIP_TEST_REBIND environment + variable is set. Fixes bug 30713; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (directory authorities): + - Stop crashing after parsing an unknown descriptor purpose + annotation. We think this bug can only be triggered by modifying a + local file. Fixes bug 30781; bugfix on 0.2.0.8-alpha. + + o Minor bugfixes (pluggable transports): + - When running as a bridge with pluggable transports, always publish + pluggable transport information in our extrainfo descriptor, even + if ExtraInfoStatistics is 0. This information is needed by + BridgeDB. Fixes bug 30956; bugfix on 0.4.1.1-alpha. + + o Documentation: + - Mention URLs for Travis/Appveyor/Jenkins in ReleasingTor.md. + Closes ticket 30630. + + +Changes in version 0.4.1.2-alpha - 2019-06-06 + Tor 0.4.1.2-alpha resolves numerous bugs--some of them from the + previous alpha, and some much older. It also contains minor testing + improvements, and an improvement to the security of our authenticated + SENDME implementation. + + o Major bugfixes (bridges): + - Consider our directory information to have changed when our list + of bridges changes. Previously, Tor would not re-compute the + status of its directory information when bridges changed, and + therefore would not realize that it was no longer able to build + circuits. Fixes part of bug 29875. + - Do not count previously configured working bridges towards our + total of working bridges. Previously, when Tor's list of bridges + changed, it would think that the old bridges were still usable, + and delay fetching router descriptors for the new ones. Fixes part + of bug 29875; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (flow control, SENDME): + - Decrement the stream-level package window after packaging a cell. + Previously, it was done inside a log_debug() call, meaning that if + debug logs were not enabled, the decrement would never happen, and + thus the window would be out of sync with the other end point. + Fixes bug 30628; bugfix on 0.4.1.1-alpha. + + o Major bugfixes (onion service reachability): + - Properly clean up the introduction point map and associated state + when circuits change purpose from onion service circuits to + pathbias, measurement, or other circuit types. This may fix some + instances of introduction point failure. Fixes bug 29034; bugfix + on 0.3.2.1-alpha. + + o Minor features (authenticated SENDME): + - Ensure that there is enough randomness on every circuit to prevent + an attacker from successfully predicting the hashes they will need + to include in authenticated SENDME cells. At a random interval, if + we have not sent randomness already, we now leave some extra space + at the end of a cell that we can fill with random bytes. Closes + ticket 26846. + + o Minor features (continuous integration): + - When running coverage builds on Travis, we now set + TOR_TEST_RNG_SEED, to avoid RNG-based coverage differences. Part + of ticket 28878. + + o Minor features (maintenance): + - Add a new "make autostyle" target that developers can use to apply + all automatic Tor style and consistency conversions to the + codebase. Closes ticket 30539. + + o Minor features (testing): + - The circuitpadding tests now use a reproducible RNG implementation, + so that if a test fails, we can learn why. Part of ticket 28878. + - Tor's tests now support an environment variable, TOR_TEST_RNG_SEED, + to set the RNG seed for tests that use a reproducible RNG. Part of + ticket 28878. + - When running tests in coverage mode, take additional care to make + our coverage deterministic, so that we can accurately track + changes in code coverage. Closes ticket 30519. + + o Minor bugfixes (configuration, proxies): + - Fix a bug that prevented us from supporting SOCKS5 proxies that + want authentication along with configured (but unused!) + ClientTransportPlugins. Fixes bug 29670; bugfix on 0.2.6.1-alpha. + + o Minor bugfixes (controller): + - POSTDESCRIPTOR requests should work again. Previously, they were + broken if a "purpose=" flag was specified. Fixes bug 30580; bugfix + on 0.4.1.1-alpha. + - Repair the HSFETCH command so that it works again. Previously, it + expected a body when it shouldn't have. Fixes bug 30646; bugfix + on 0.4.1.1-alpha. + + o Minor bugfixes (developer tooling): + - Fix pre-push hook to allow fixup and squash commits when pushing + to non-upstream git remote. Fixes bug 30286; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (directory authority): + - Move the "bandwidth-file-headers" line in directory authority + votes so that it conforms to dir-spec.txt. Fixes bug 30316; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (NetBSD): + - Fix usage of minherit() on NetBSD and other platforms that define + MAP_INHERIT_{ZERO,NONE} instead of INHERIT_{ZERO,NONE}. Fixes bug + 30614; bugfix on 0.4.0.2-alpha. Patch from Taylor Campbell. + + o Minor bugfixes (out-of-memory handler): + - When purging the DNS cache because of an out-of-memory condition, + try purging just the older entries at first. Previously, we would + always purge the whole thing. Fixes bug 29617; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (portability): + - Avoid crashing in our tor_vasprintf() implementation on systems + that define neither vasprintf() nor _vscprintf(). (This bug has + been here long enough that we question whether people are running + Tor on such systems, but we're applying the fix out of caution.) + Fixes bug 30561; bugfix on 0.2.8.2-alpha. Found and fixed by + Tobias Stoeckmann. + + o Minor bugfixes (shutdown, libevent, memory safety): + - Avoid use-after-free bugs when shutting down, by making sure that + we shut down libevent only after shutting down all of its users. + We believe these are harmless in practice, since they only occur + on the shutdown path, and do not involve any attacker-controlled + data. Fixes bug 30629; bugfix on 0.4.1.1-alpha. + + o Minor bugfixes (static analysis): + - Fix several spurious Coverity warnings about the unit tests, to + lower our chances of missing real warnings in the future. Fixes + bug 30150; bugfix on 0.3.5.1-alpha and various other Tor versions. + + o Testing: + - Specify torrc paths (with empty files) when launching tor in + integration tests; refrain from reading user and system torrcs. + Resolves issue 29702. + + +Changes in version 0.4.1.1-alpha - 2019-05-22 + This is the first alpha in the 0.4.1.x series. It introduces + lightweight circuit padding to make some onion-service circuits harder + to distinguish, includes a new "authenticated SENDME" feature to make + certain denial-of-service attacks more difficult, and improves + performance in several areas. + + o Major features (circuit padding): + - Onion service clients now add padding cells at the start of their + INTRODUCE and RENDEZVOUS circuits, to make those circuits' traffic + look more like general purpose Exit traffic. The overhead for this + is 2 extra cells in each direction for RENDEZVOUS circuits, and 1 + extra upstream cell and 10 downstream cells for INTRODUCE + circuits. This feature is only enabled when also supported by the + circuit's middle node. (Clients may specify fixed middle nodes + with the MiddleNodes option, and may force-disable this feature + with the CircuitPadding option.) Closes ticket 28634. + + o Major features (code organization): + - Tor now includes a generic publish-subscribe message-passing + subsystem that we can use to organize intermodule dependencies. We + hope to use this to reduce dependencies between modules that don't + need to be related, and to generally simplify our codebase. Closes + ticket 28226. + + o Major features (controller protocol): + - Controller commands are now parsed using a generalized parsing + subsystem. Previously, each controller command was responsible for + parsing its own input, which led to strange inconsistencies. + Closes ticket 30091. + + o Major features (flow control): + - Implement authenticated SENDMEs as detailed in proposal 289. A + SENDME cell now includes the digest of the traffic that it + acknowledges, so that once an end point receives the SENDME, it + can confirm the other side's knowledge of the previous cells that + were sent, and prevent certain types of denial-of-service attacks. + This behavior is controlled by two new consensus parameters: see + the proposal for more details. Fixes ticket 26288. + + o Major features (performance): + - Our node selection algorithm now excludes nodes in linear time. + Previously, the algorithm was quadratic, which could slow down + heavily used onion services. Closes ticket 30307. + + o Major features (performance, RNG): + - Tor now constructs a fast secure pseudorandom number generator for + each thread, to use when performance is critical. This PRNG is + based on AES-CTR, using a buffering construction similar to + libottery and the (newer) OpenBSD arc4random() code. It + outperforms OpenSSL 1.1.1a's CSPRNG by roughly a factor of 100 for + small outputs. Although we believe it to be cryptographically + strong, we are only using it when necessary for performance. + Implements tickets 29023 and 29536. + + o Major bugfixes (onion service v3): + - Fix an unreachable bug in which an introduction point could try to + send an INTRODUCE_ACK with a status code that Trunnel would refuse + to encode, leading the relay to assert(). We've consolidated the + ABI values into Trunnel now. Fixes bug 30454; bugfix + on 0.3.0.1-alpha. + - Clients can now handle unknown status codes from INTRODUCE_ACK + cells. (The NACK behavior will stay the same.) This will allow us + to extend status codes in the future without breaking the normal + client behavior. Fixes another part of bug 30454; bugfix + on 0.3.0.1-alpha. + + o Minor features (circuit padding): + - We now use a fast PRNG when scheduling circuit padding. Part of + ticket 28636. + - Allow the padding machine designer to pick the edges of their + histogram instead of trying to compute them automatically using an + exponential formula. Resolves some undefined behavior in the case + of small histograms and allows greater flexibility on machine + design. Closes ticket 29298; bugfix on 0.4.0.1-alpha. + - Allow circuit padding machines to hold a circuit open until they + are done padding it. Closes ticket 28780. + + o Minor features (compile-time modules): + - Add a "--list-modules" command to print a list of which compile- + time modules are enabled. Closes ticket 30452. + + o Minor features (continuous integration): + - Remove sudo configuration lines from .travis.yml as they are no + longer needed with current Travis build environment. Resolves + issue 30213. + - In Travis, show stem's tor log after failure. Closes ticket 30234. + + o Minor features (controller): + - Add onion service version 3 support to the HSFETCH command. + Previously, only version 2 onion services were supported. Closes + ticket 25417. Patch by Neel Chauhan. + + o Minor features (debugging): + - Introduce tor_assertf() and tor_assertf_nonfatal() to enable + logging of additional information during assert failure. Now we + can use format strings to include information for trouble + shooting. Resolves ticket 29662. + + o Minor features (defense in depth): + - In smartlist_remove_keeporder(), set unused pointers to NULL, in + case a bug causes them to be used later. Closes ticket 30176. + Patch from Tobias Stoeckmann. + - Tor now uses a cryptographically strong PRNG even for decisions + that we do not believe are security-sensitive. Previously, for + performance reasons, we had used a trivially predictable linear + congruential generator algorithm for certain load-balancing and + statistical sampling decisions. Now we use our fast RNG in those + cases. Closes ticket 29542. + + o Minor features (developer tools): + - Tor's "practracker" test script now checks for files and functions + that seem too long and complicated. Existing overlong functions + and files are accepted for now, but should eventually be + refactored. Closes ticket 29221. + - Add some scripts used for git maintenance to scripts/git. Closes + ticket 29391. + - Call practracker from pre-push and pre-commit git hooks to let + developers know if they made any code style violations. Closes + ticket 30051. + - Add a script to check that each header has a well-formed and + unique guard macro. Closes ticket 29756. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 13 2019 Maxmind GeoLite2 + Country database. Closes ticket 30522. + + o Minor features (HTTP tunnel): + - Return an informative web page when the HTTPTunnelPort is used as + an HTTP proxy. Closes ticket 27821, patch by "eighthave". + + o Minor features (IPv6, v3 onion services): + - Make v3 onion services put IPv6 addresses in service descriptors. + Before this change, service descriptors only contained IPv4 + addresses. Implements 26992. + + o Minor features (modularity): + - The "--disable-module-dirauth" compile-time option now disables + even more dirauth-only code. Closes ticket 30345. + + o Minor features (performance): + - Use OpenSSL's implementations of SHA3 when available (in OpenSSL + 1.1.1 and later), since they tend to be faster than tiny-keccak. + Closes ticket 28837. + + o Minor features (testing): + - Tor's unit test code now contains helper functions to replace the + PRNG with a deterministic or reproducible version for testing. + Previously, various tests implemented this in various ways. + Implements ticket 29732. + - We now have a script, cov-test-determinism.sh, to identify places + where our unit test coverage has become nondeterministic. Closes + ticket 29436. + - Check that representative subsets of values of `int` and `unsigned + int` can be represented by `void *`. Resolves issue 29537. + + o Minor bugfixes (bridge authority): + - Bridge authorities now set bridges as running or non-running when + about to dump their status to a file. Previously, they set bridges + as running in response to a GETINFO command, but those shouldn't + modify data structures. Fixes bug 24490; bugfix on 0.2.0.13-alpha. + Patch by Neel Chauhan. + + o Minor bugfixes (channel padding statistics): + - Channel padding write totals and padding-enabled totals are now + counted properly in relay extrainfo descriptors. Fixes bug 29231; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (circuit padding): + - Add a "CircuitPadding" torrc option to disable circuit padding. + Fixes bug 28693; bugfix on 0.4.0.1-alpha. + - Allow circuit padding machines to specify that they do not + contribute much overhead, and provide consensus flags and torrc + options to force clients to only use these low overhead machines. + Fixes bug 29203; bugfix on 0.4.0.1-alpha. + - Provide a consensus parameter to fully disable circuit padding, to + be used in emergency network overload situations. Fixes bug 30173; + bugfix on 0.4.0.1-alpha. + - The circuit padding subsystem will no longer schedule padding if + dormant mode is enabled. Fixes bug 28636; bugfix on 0.4.0.1-alpha. + - Inspect a circuit-level cell queue before sending padding, to + avoid sending padding while too much data is already queued. Fixes + bug 29204; bugfix on 0.4.0.1-alpha. + - Avoid calling monotime_absolute_usec() in circuit padding machines + that do not use token removal or circuit RTT estimation. Fixes bug + 29085; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (compilation, unusual configurations): + - Avoid failures when building with the ALL_BUGS_ARE_FATAL option + due to missing declarations of abort(), and prevent other such + failures in the future. Fixes bug 30189; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (controller protocol): + - Teach the controller parser to distinguish an object preceded by + an argument list from one without. Previously, it couldn't + distinguish an argument list from the first line of a multiline + object. Fixes bug 29984; bugfix on 0.2.3.8-alpha. + + o Minor bugfixes (directory authority, ipv6): + - Directory authorities with IPv6 support now always mark themselves + as reachable via IPv6. Fixes bug 24338; bugfix on 0.2.4.1-alpha. + Patch by Neel Chauhan. + + o Minor bugfixes (documentation): + - Improve the documentation for using MapAddress with ".exit". Fixes + bug 30109; bugfix on 0.1.0.1-rc. + - Improve the monotonic time module and function documentation to + explain what "monotonic" actually means, and document some results + that have surprised people. Fixes bug 29640; bugfix + on 0.2.9.1-alpha. + - Use proper formatting when providing an example on quoting options + that contain whitespace. Fixes bug 29635; bugfix on 0.2.3.18-rc. + + o Minor bugfixes (logging): + - Do not log a warning when running with an OpenSSL version other + than the one Tor was compiled with, if the two versions should be + compatible. Previously, we would warn whenever the version was + different. Fixes bug 30190; bugfix on 0.2.4.2-alpha. + - Warn operators when the MyFamily option is set but ContactInfo is + missing, as the latter should be set too. Fixes bug 25110; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leak): + - Avoid a minor memory leak that could occur on relays when failing + to create a "keys" directory. Fixes bug 30148; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (onion services): + - Avoid a GCC 9.1.1 warning (and possible crash depending on libc + implemenation) when failing to load an onion service client + authorization file. Fixes bug 30475; bugfix on 0.3.5.1-alpha. + - When refusing to launch a controller's HSFETCH request because of + rate-limiting, respond to the controller with a new response, + "QUERY_RATE_LIMITED". Previously, we would log QUERY_NO_HSDIR for + this case. Fixes bug 28269; bugfix on 0.3.1.1-alpha. Patch by + Neel Chauhan. + - When relaunching a circuit to a rendezvous service, mark the + circuit as needing high-uptime routers as appropriate. Fixes bug + 17357; bugfix on 0.1.0.1-rc. Patch by Neel Chauhan. + - Stop ignoring IPv6 link specifiers sent to v3 onion services. + (IPv6 support for v3 onion services is still incomplete: see + ticket 23493 for details.) Fixes bug 23588; bugfix on + 0.3.2.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (onion services, performance): + - When building circuits to onion services, call tor_addr_parse() + less often. Previously, we called tor_addr_parse() in + circuit_is_acceptable() even if its output wasn't used. This + change should improve performance when building circuits. Fixes + bug 22210; bugfix on 0.2.8.12. Patch by Neel Chauhan. + + o Minor bugfixes (performance): + - When checking whether a node is a bridge, use a fast check to make + sure that its identity is set. Previously, we used a constant-time + check, which is not necessary in this case. Fixes bug 30308; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (pluggable transports): + - Tor now sets TOR_PT_EXIT_ON_STDIN_CLOSE=1 for client transports as + well as servers. Fixes bug 25614; bugfix on 0.2.7.1-alpha. + + o Minor bugfixes (probability distributions): + - Refactor and improve parts of the probability distribution code + that made Coverity complain. Fixes bug 29805; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (python): + - Stop assuming that /usr/bin/python3 exists. For scripts that work + with python2, use /usr/bin/python. Otherwise, use /usr/bin/env + python3. Fixes bug 29913; bugfix on 0.2.5.3-alpha. + + o Minor bugfixes (relay): + - When running as a relay, if IPv6Exit is set to 1 while ExitRelay + is auto, act as if ExitRelay is 1. Previously, we would ignore + IPv6Exit if ExitRelay was 0 or auto. Fixes bug 29613; bugfix on + 0.3.5.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (stats): + - When ExtraInfoStatistics is 0, stop including bandwidth usage + statistics, GeoIPFile hashes, ServerTransportPlugin lines, and + bridge statistics by country in extra-info documents. Fixes bug + 29018; bugfix on 0.2.4.1-alpha. + + o Minor bugfixes (testing): + - Call setrlimit() to disable core dumps in test_bt_cl.c. Previously + we used `ulimit -c` in test_bt.sh, which violates POSIX shell + compatibility. Fixes bug 29061; bugfix on 0.3.5.1-alpha. + - Fix some incorrect code in the v3 onion service unit tests. Fixes + bug 29243; bugfix on 0.3.2.1-alpha. + - In the "routerkeys/*" tests, check the return values of mkdir() + for possible failures. Fixes bug 29939; bugfix on 0.2.7.2-alpha. + Found by Coverity as CID 1444254. + - Split test_utils_general() into several smaller test functions. + This makes it easier to perform resource deallocation on assert + failure, and fixes Coverity warnings CID 1444117 and CID 1444118. + Fixes bug 29823; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (tor-resolve): + - Fix a memory leak in tor-resolve that could happen if Tor gave it + a malformed SOCKS response. (Memory leaks in tor-resolve don't + actually matter, but it's good to fix them anyway.) Fixes bug + 30151; bugfix on 0.4.0.1-alpha. + + o Code simplification and refactoring: + - Abstract out the low-level formatting of replies on the control + port. Implements ticket 30007. + - Add several assertions in an attempt to fix some Coverity + warnings. Closes ticket 30149. + - Introduce a connection_dir_buf_add() helper function that checks + for compress_state of dir_connection_t and automatically writes a + string to directory connection with or without compression. + Resolves issue 28816. + - Make the base32_decode() API return the number of bytes written, + for consistency with base64_decode(). Closes ticket 28913. + - Move most relay-only periodic events out of mainloop.c into the + relay subsystem. Closes ticket 30414. + - Refactor and encapsulate parts of the codebase that manipulate + crypt_path_t objects. Resolves issue 30236. + - Refactor several places in our code that Coverity incorrectly + believed might have memory leaks. Closes ticket 30147. + - Remove redundant return values in crypto_format, and the + associated return value checks elsewhere in the code. Make the + implementations in crypto_format consistent, and remove redundant + code. Resolves ticket 29660. + - Rename tor_mem_is_zero() to fast_mem_is_zero(), to emphasize that + it is not a constant-time function. Closes ticket 30309. + - Replace hs_desc_link_specifier_t with link_specifier_t, and remove + all hs_desc_link_specifier_t-specific code. Fixes bug 22781; + bugfix on 0.3.2.1-alpha. + - Simplify v3 onion service link specifier handling code. Fixes bug + 23576; bugfix on 0.3.2.1-alpha. + - Split crypto_digest.c into NSS code, OpenSSL code, and shared + code. Resolves ticket 29108. + - Split control.c into several submodules, in preparation for + distributing its current responsibilities throughout the codebase. + Closes ticket 29894. + - Start to move responsibility for knowing about periodic events to + the appropriate subsystems, so that the mainloop doesn't need to + know all the periodic events in the rest of the codebase. + Implements tickets 30293 and 30294. + + o Documentation: + - Document how to find git commits and tags for bug fixes in + CodingStandards.md. Update some file documentation. Closes + ticket 30261. + + o Removed features: + - Remove the linux-tor-prio.sh script from contrib/operator-tools + directory. Resolves issue 29434. + - Remove the obsolete OpenSUSE initscript. Resolves issue 30076. + - Remove the obsolete script at contrib/dist/tor.sh.in. Resolves + issue 30075. + + o Code simplification and refactoring (shell scripts): + - Clean up many of our shell scripts to fix shellcheck warnings. + These include autogen.sh (ticket 26069), test_keygen.sh (ticket + 29062), test_switch_id.sh (ticket 29065), test_rebind.sh (ticket + 29063), src/test/fuzz/minimize.sh (ticket 30079), test_rust.sh + (ticket 29064), torify (ticket 29070), asciidoc-helper.sh (29926), + fuzz_multi.sh (30077), fuzz_static_testcases.sh (ticket 29059), + nagios-check-tor-authority-cert (ticket 29071), + src/test/fuzz/fixup_filenames.sh (ticket 30078), test-network.sh + (ticket 29060), test_key_expiration.sh (ticket 30002), + zero_length_keys.sh (ticket 29068), and test_workqueue_*.sh + (ticket 29067). + + o Testing (chutney): + - In "make test-network-all", test IPv6-only v3 single onion + services, using the chutney network single-onion-v23-ipv6-md. + Closes ticket 27251. + + +Changes in version 0.4.0.5 - 2019-05-02 + This is the first stable release in the 0.4.0.x series. It contains + improvements for power management and bootstrap reporting, as well as + preliminary backend support for circuit padding to prevent some kinds + of traffic analysis. It also continues our work in refactoring Tor for + long-term maintainability. + + Per our support policy, we will support the 0.4.0.x series for nine + months, or until three months after the release of a stable 0.4.1.x: + whichever is longer. If you need longer-term support, please stick + with 0.3.5.x, which will we plan to support until Feb 2022. + + Below are the changes since 0.4.0.4-rc. For a complete list of changes + since 0.3.5.7, see the ReleaseNotes file. + + o Minor features (continuous integration): + - In Travis, tell timelimit to use stem's backtrace signals, and + launch python directly from timelimit, so python receives the + signals from timelimit, rather than make. Closes ticket 30117. + + o Minor features (diagnostic): + - Add more diagnostic log messages in an attempt to solve the issue + of NUL bytes appearing in a microdescriptor cache. Related to + ticket 28223. + + o Minor features (testing): + - Use the approx_time() function when setting the "Expires" header + in directory replies, to make them more testable. Needed for + ticket 30001. + + o Minor bugfixes (rust): + - Abort on panic in all build profiles, instead of potentially + unwinding into C code. Fixes bug 27199; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (shellcheck): + - Look for scripts in their correct locations during "make + shellcheck". Previously we had looked in the wrong place during + out-of-tree builds. Fixes bug 30263; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Check the time in the "Expires" header using approx_time(). Fixes + bug 30001; bugfix on 0.4.0.4-rc. + + o Minor bugfixes (UI): + - Lower log level of unlink() errors during bootstrap. Fixes bug + 29930; bugfix on 0.4.0.1-alpha. + + +Changes in version 0.4.0.4-rc - 2019-04-11 + Tor 0.4.0.4-rc is the first release candidate in its series; it fixes + several bugs from earlier versions, including some that had affected + stability, and one that prevented relays from working with NSS. + + o Major bugfixes (NSS, relay): + - When running with NSS, disable TLS 1.2 ciphersuites that use + SHA384 for their PRF. Due to an NSS bug, the TLS key exporters for + these ciphersuites don't work -- which caused relays to fail to + handshake with one another when these ciphersuites were enabled. + Fixes bug 29241; bugfix on 0.3.5.1-alpha. + + o Minor features (bandwidth authority): + - Make bandwidth authorities ignore relays that are reported in the + bandwidth file with the flag "vote=0". This change allows us to + report unmeasured relays for diagnostic reasons without including + their bandwidth in the bandwidth authorities' vote. Closes + ticket 29806. + - When a directory authority is using a bandwidth file to obtain the + bandwidth values that will be included in the next vote, serve + this bandwidth file at /tor/status-vote/next/bandwidth. Closes + ticket 21377. + + o Minor features (circuit padding): + - Stop warning about undefined behavior in the probability + distribution tests. Float division by zero may technically be + undefined behavior in C, but it's well defined in IEEE 754. + Partial backport of 29298. Closes ticket 29527; bugfix + on 0.4.0.1-alpha. + + o Minor features (continuous integration): + - On Travis Rust builds, cleanup Rust registry and refrain from + caching the "target/" directory to speed up builds. Resolves + issue 29962. + + o Minor features (dormant mode): + - Add a DormantCanceledByStartup option to tell Tor that it should + treat a startup event as cancelling any previous dormant state. + Integrators should use this option with caution: it should only be + used if Tor is being started because of something that the user + did, and not if Tor is being automatically started in the + background. Closes ticket 29357. + + o Minor features (geoip): + - Update geoip and geoip6 to the April 2 2019 Maxmind GeoLite2 + Country database. Closes ticket 29992. + + o Minor features (NSS, diagnostic): + - Try to log an error from NSS (if there is any) and a more useful + description of our situation if we are using NSS and a call to + SSL_ExportKeyingMaterial() fails. Diagnostic for ticket 29241. + + o Minor bugfixes (security): + - Fix a potential double free bug when reading huge bandwidth files. + The issue is not exploitable in the current Tor network because + the vulnerable code is only reached when directory authorities + read bandwidth files, but bandwidth files come from a trusted + source (usually the authorities themselves). Furthermore, the + issue is only exploitable in rare (non-POSIX) 32-bit architectures, + which are not used by any of the current authorities. Fixes bug + 30040; bugfix on 0.3.5.1-alpha. Bug found and fixed by + Tobias Stoeckmann. + - Verify in more places that we are not about to create a buffer + with more than INT_MAX bytes, to avoid possible OOB access in the + event of bugs. Fixes bug 30041; bugfix on 0.2.0.16. Found and + fixed by Tobias Stoeckmann. + + o Minor bugfix (continuous integration): + - Reset coverage state on disk after Travis CI has finished. This + should prevent future coverage merge errors from causing the test + suite for the "process" subsystem to fail. The process subsystem + was introduced in 0.4.0.1-alpha. Fixes bug 29036; bugfix + on 0.2.9.15. + - Terminate test-stem if it takes more than 9.5 minutes to run. + (Travis terminates the job after 10 minutes of no output.) + Diagnostic for 29437. Fixes bug 30011; bugfix on 0.3.5.4-alpha. + + o Minor bugfixes (bootstrap reporting): + - During bootstrap reporting, correctly distinguish pluggable + transports from plain proxies. Fixes bug 28925; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (C correctness): + - Fix an unlikely memory leak in consensus_diff_apply(). Fixes bug + 29824; bugfix on 0.3.1.1-alpha. This is Coverity warning + CID 1444119. + + o Minor bugfixes (circuitpadding testing): + - Minor tweaks to avoid rare test failures related to timers and + monotonic time. Fixes bug 29500; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (directory authorities): + - Actually include the bandwidth-file-digest line in directory + authority votes. Fixes bug 29959; bugfix on 0.4.0.2-alpha. + + o Minor bugfixes (logging): + - On Windows, when errors cause us to reload a consensus from disk, + tell the user that we are retrying at log level "notice". + Previously we only logged this information at "info", which was + confusing because the errors themselves were logged at "warning". + Improves previous fix for 28614. Fixes bug 30004; bugfix + on 0.4.0.2-alpha. + + o Minor bugfixes (pluggable transports): + - Restore old behavior when it comes to discovering the path of a + given Pluggable Transport executable file. A change in + 0.4.0.1-alpha had broken this behavior on paths containing a + space. Fixes bug 29874; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (testing): + - Backport the 0.3.4 src/test/test-network.sh to 0.2.9. We need a + recent test-network.sh to use new chutney features in CI. Fixes + bug 29703; bugfix on 0.2.9.1-alpha. + - Fix a test failure on Windows caused by an unexpected "BUG" + warning in our tests for tor_gmtime_r(-1). Fixes bug 29922; bugfix + on 0.2.9.3-alpha. + + o Minor bugfixes (TLS protocol): + - When classifying a client's selection of TLS ciphers, if the + client ciphers are not yet available, do not cache the result. + Previously, we had cached the unavailability of the cipher list + and never looked again, which in turn led us to assume that the + client only supported the ancient V1 link protocol. This, in turn, + was causing Stem integration tests to stall in some cases. Fixes + bug 30021; bugfix on 0.2.4.8-alpha. + + o Code simplification and refactoring: + - Introduce a connection_dir_buf_add() helper function that detects + whether compression is in use, and adds a string accordingly. + Resolves issue 28816. + - Refactor handle_get_next_bandwidth() to use + connection_dir_buf_add(). Implements ticket 29897. + + o Documentation: + - Clarify that Tor performs stream isolation among *Port listeners + by default. Resolves issue 29121. + + +Changes in version 0.4.0.3-alpha - 2019-03-22 + Tor 0.4.0.3-alpha is the third in its series; it fixes several small + bugs from earlier versions. + + o Minor features (address selection): + - Treat the subnet 100.64.0.0/10 as public for some purposes; + private for others. This subnet is the RFC 6598 (Carrier Grade + NAT) IP range, and is deployed by many ISPs as an alternative to + RFC 1918 that does not break existing internal networks. Tor now + blocks SOCKS and control ports on these addresses and warns users + if client ports or ExtORPorts are listening on a RFC 6598 address. + Closes ticket 28525. Patch by Neel Chauhan. + + o Minor features (geoip): + - Update geoip and geoip6 to the March 4 2019 Maxmind GeoLite2 + Country database. Closes ticket 29666. + + o Minor bugfixes (circuitpadding): + - Inspect the circuit-level cell queue before sending padding, to + avoid sending padding when too much data is queued. Fixes bug + 29204; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (logging): + - Correct a misleading error message when IPv4Only or IPv6Only is + used but the resolved address can not be interpreted as an address + of the specified IP version. Fixes bug 13221; bugfix on + 0.2.3.9-alpha. Patch from Kris Katterjohn. + - Log the correct port number for listening sockets when "auto" is + used to let Tor pick the port number. Previously, port 0 was + logged instead of the actual port number. Fixes bug 29144; bugfix + on 0.3.5.1-alpha. Patch from Kris Katterjohn. + - Stop logging a BUG() warning when Tor is waiting for exit + descriptors. Fixes bug 28656; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (memory management): + - Refactor the shared random state's memory management so that it + actually takes ownership of the shared random value pointers. + Fixes bug 29706; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (memory management, testing): + - Stop leaking parts of the shared random state in the shared-random + unit tests. Fixes bug 29599; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (pluggable transports): + - Fix an assertion failure crash bug when a pluggable transport is + terminated during the bootstrap phase. Fixes bug 29562; bugfix + on 0.4.0.1-alpha. + + o Minor bugfixes (Rust, protover): + - Add a missing "Padding" value to the Rust implementation of + protover. Fixes bug 29631; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (single onion services): + - Allow connections to single onion services to remain idle without + being disconnected. Previously, relays acting as rendezvous points + for single onion services were mistakenly closing idle rendezvous + circuits after 60 seconds, thinking that they were unused + directory-fetching circuits that had served their purpose. Fixes + bug 29665; bugfix on 0.2.1.26. + + o Minor bugfixes (stats): + - When ExtraInfoStatistics is 0, stop including PaddingStatistics in + relay and bridge extra-info documents. Fixes bug 29017; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (testing): + - Downgrade some LOG_ERR messages in the address/* tests to + warnings. The LOG_ERR messages were occurring when we had no + configured network. We were failing the unit tests, because we + backported 28668 to 0.3.5.8, but did not backport 29530. Fixes bug + 29530; bugfix on 0.3.5.8. + - Fix our gcov wrapper script to look for object files at the + correct locations. Fixes bug 29435; bugfix on 0.3.5.1-alpha. + - Decrease the false positive rate of stochastic probability + distribution tests. Fixes bug 29693; bugfix on 0.4.0.1-alpha. + + o Minor bugfixes (Windows, CI): + - Skip the Appveyor 32-bit Windows Server 2016 job, and 64-bit + Windows Server 2012 R2 job. The remaining 2 jobs still provide + coverage of 64/32-bit, and Windows Server 2016/2012 R2. Also set + fast_finish, so failed jobs terminate the build immediately. Fixes + bug 29601; bugfix on 0.3.5.4-alpha. + + +Changes in version 0.3.5.8 - 2019-02-21 + Tor 0.3.5.8 backports several fixes from later releases, including fixes + for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x + releases. + + It also includes a fix for a medium-severity security bug affecting Tor + 0.3.2.1-alpha and later. All Tor instances running an affected release + should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + + o Major bugfixes (networking, backport from 0.4.0.2-alpha): + - Gracefully handle empty username/password fields in SOCKS5 + username/password auth message and allow SOCKS5 handshake to + continue. Previously, we had rejected these handshakes, breaking + certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha. + + o Minor features (compilation, backport from 0.4.0.2-alpha): + - Compile correctly when OpenSSL is built with engine support + disabled, or with deprecated APIs disabled. Closes ticket 29026. + Patches from "Mangix". + + o Minor features (geoip): + - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 + Country database. Closes ticket 29478. + + o Minor features (testing, backport from 0.4.0.2-alpha): + - Treat all unexpected ERR and BUG messages as test failures. Closes + ticket 28668. + + o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha): + - Stop logging a "BUG()" warning and stacktrace when we find a SOCKS + connection waiting for a descriptor that we actually have in the + cache. It turns out that this can actually happen, though it is + rare. Now, tor will recover and retry the descriptor. Fixes bug + 28669; bugfix on 0.3.2.4-alpha. + + o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha): + - Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the + IPv6 socket was bound using an address family of AF_INET instead + of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from + Kris Katterjohn. + + o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha): + - Update Cargo.lock file to match the version made by the latest + version of Rust, so that "make distcheck" will pass again. Fixes + bug 29244; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha): + - Select guards even if the consensus has expired, as long as the + consensus is still reasonably live. Fixes bug 24661; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (compilation, backport from 0.4.0.1-alpha): + - Compile correctly on OpenBSD; previously, we were missing some + headers required in order to detect it properly. Fixes bug 28938; + bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (documentation, backport from 0.4.0.2-alpha): + - Describe the contents of the v3 onion service client authorization + files correctly: They hold public keys, not private keys. Fixes + bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix". + + o Minor bugfixes (logging, backport from 0.4.0.1-alpha): + - Rework rep_hist_log_link_protocol_counts() to iterate through all + link protocol versions when logging incoming/outgoing connection + counts. Tor no longer skips version 5, and we won't have to + remember to update this function when new link protocol version is + developed. Fixes bug 28920; bugfix on 0.2.6.10. + + o Minor bugfixes (logging, backport from 0.4.0.2-alpha): + - Log more information at "warning" level when unable to read a + private key; log more information at "info" level when unable to + read a public key. We had warnings here before, but they were lost + during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (misc, backport from 0.4.0.2-alpha): + - The amount of total available physical memory is now determined + using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM) + when it is defined and a 64-bit variant is not available. Fixes + bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (onion services, backport from 0.4.0.2-alpha): + - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more + than one private key for a hidden service. Fixes bug 29040; bugfix + on 0.3.5.1-alpha. + - In hs_cache_store_as_client() log an HSDesc we failed to parse at + "debug" level. Tor used to log it as a warning, which caused very + long log lines to appear for some users. Fixes bug 29135; bugfix + on 0.3.2.1-alpha. + - Stop logging "Tried to establish rendezvous on non-OR circuit..." + as a warning. Instead, log it as a protocol warning, because there + is nothing that relay operators can do to fix it. Fixes bug 29029; + bugfix on 0.2.5.7-rc. + + o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha): + - Mark outdated dirservers when Tor only has a reasonably live + consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (tests, backport from 0.4.0.2-alpha): + - Detect and suppress "bug" warnings from the util/time test on + Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha. + - Do not log an error-level message if we fail to find an IPv6 + network interface from the unit tests. Fixes bug 29160; bugfix + on 0.2.7.3-rc. + + o Minor bugfixes (usability, backport from 0.4.0.1-alpha): + - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate(). + Some users took this phrasing to mean that the mentioned guard was + under their control or responsibility, which it is not. Fixes bug + 28895; bugfix on Tor 0.3.0.1-alpha. + + +Changes in version 0.3.4.11 - 2019-02-21 + Tor 0.3.4.11 is the third stable release in its series. It includes + a fix for a medium-severity security bug affecting Tor 0.3.2.1-alpha and + later. All Tor instances running an affected release should upgrade to + 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 + Country database. Closes ticket 29478. + + o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha): + - Update Cargo.lock file to match the version made by the latest + version of Rust, so that "make distcheck" will pass again. Fixes + bug 29244; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (onion services, backport from 0.4.0.2-alpha): + - Stop logging "Tried to establish rendezvous on non-OR circuit..." + as a warning. Instead, log it as a protocol warning, because there + is nothing that relay operators can do to fix it. Fixes bug 29029; + bugfix on 0.2.5.7-rc. + + +Changes in version 0.3.3.12 - 2019-02-21 + Tor 0.3.3.12 fixes a medium-severity security bug affecting Tor + 0.3.2.1-alpha and later. All Tor instances running an affected release + should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha. + + This release marks the end of support for the Tor 0.3.3.x series. We + recommend that users switch to either the Tor 0.3.4 series (supported + until at least 10 June 2019), or the Tor 0.3.5 series, which will + receive long-term support until at least 1 Feb 2022. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 + Country database. Closes ticket 29478. + + o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha): + - Update Cargo.lock file to match the version made by the latest + version of Rust, so that "make distcheck" will pass again. Fixes + bug 29244; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (onion services, backport from 0.4.0.2-alpha): + - Stop logging "Tried to establish rendezvous on non-OR circuit..." + as a warning. Instead, log it as a protocol warning, because there + is nothing that relay operators can do to fix it. Fixes bug 29029; + bugfix on 0.2.5.7-rc. + + +Changes in version 0.4.0.2-alpha - 2019-02-21 + Tor 0.4.0.2-alpha is the second alpha in its series; it fixes several + bugs from earlier versions, including several that had broken + backward compatibility. + + It also includes a fix for a medium-severity security bug affecting Tor + 0.3.2.1-alpha and later. All Tor instances running an affected release + should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha. + + o Major bugfixes (cell scheduler, KIST, security): + - Make KIST consider the outbuf length when computing what it can + put in the outbuf. Previously, KIST acted as though the outbuf + were empty, which could lead to the outbuf becoming too full. It + is possible that an attacker could exploit this bug to cause a Tor + client or relay to run out of memory and crash. Fixes bug 29168; + bugfix on 0.3.2.1-alpha. This issue is also being tracked as + TROVE-2019-001 and CVE-2019-8955. + + o Major bugfixes (networking): + - Gracefully handle empty username/password fields in SOCKS5 + username/password auth messsage and allow SOCKS5 handshake to + continue. Previously, we had rejected these handshakes, breaking + certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha. + + o Major bugfixes (windows, startup): + - When reading a consensus file from disk, detect whether it was + written in text mode, and re-read it in text mode if so. Always + write consensus files in binary mode so that we can map them into + memory later. Previously, we had written in text mode, which + confused us when we tried to map the file on windows. Fixes bug + 28614; bugfix on 0.4.0.1-alpha. + + o Minor features (compilation): + - Compile correctly when OpenSSL is built with engine support + disabled, or with deprecated APIs disabled. Closes ticket 29026. + Patches from "Mangix". + + o Minor features (developer tooling): + - Check that bugfix versions in changes files look like Tor versions + from the versions spec. Warn when bugfixes claim to be on a future + release. Closes ticket 27761. + - Provide a git pre-commit hook that disallows committing if we have + any failures in our code and changelog formatting checks. It is + now available in scripts/maint/pre-commit.git-hook. Implements + feature 28976. + + o Minor features (directory authority): + - When a directory authority is using a bandwidth file to obtain + bandwidth values, include the digest of that file in the vote. + Closes ticket 26698. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2 + Country database. Closes ticket 29478. + + o Minor features (testing): + - Treat all unexpected ERR and BUG messages as test failures. Closes + ticket 28668. + + o Minor bugfixes (build, compatibility, rust): + - Update Cargo.lock file to match the version made by the latest + version of Rust, so that "make distcheck" will pass again. Fixes + bug 29244; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (compilation): + - Fix compilation warnings in test_circuitpadding.c. Fixes bug + 29169; bugfix on 0.4.0.1-alpha. + - Silence a compiler warning in test-memwipe.c on OpenBSD. Fixes bug + 29145; bugfix on 0.2.9.3-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (documentation): + - Describe the contents of the v3 onion service client authorization + files correctly: They hold public keys, not private keys. Fixes + bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix". + + o Minor bugfixes (linux seccomp sandbox): + - Fix startup crash when experimental sandbox support is enabled. + Fixes bug 29150; bugfix on 0.4.0.1-alpha. Patch by Peter Gerber. + + o Minor bugfixes (logging): + - Avoid logging that we are relaxing a circuit timeout when that + timeout is fixed. Fixes bug 28698; bugfix on 0.2.4.7-alpha. + - Log more information at "warning" level when unable to read a + private key; log more information at "info" level when unable to + read a public key. We had warnings here before, but they were lost + during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (misc): + - The amount of total available physical memory is now determined + using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM) + when it is defined and a 64-bit variant is not available. Fixes + bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (onion services): + - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more + than one private key for a hidden service. Fixes bug 29040; bugfix + on 0.3.5.1-alpha. + - In hs_cache_store_as_client() log an HSDesc we failed to parse at + "debug" level. Tor used to log it as a warning, which caused very + long log lines to appear for some users. Fixes bug 29135; bugfix + on 0.3.2.1-alpha. + - Stop logging "Tried to establish rendezvous on non-OR circuit..." + as a warning. Instead, log it as a protocol warning, because there + is nothing that relay operators can do to fix it. Fixes bug 29029; + bugfix on 0.2.5.7-rc. + + o Minor bugfixes (scheduler): + - When re-adding channels to the pending list, check the correct + channel's sched_heap_idx. This issue has had no effect in mainline + Tor, but could have led to bugs down the road in improved versions + of our circuit scheduling code. Fixes bug 29508; bugfix + on 0.3.2.10. + + o Minor bugfixes (tests): + - Fix intermittent failures on an adaptive padding test. Fixes one + case of bug 29122; bugfix on 0.4.0.1-alpha. + - Disable an unstable circuit-padding test that was failing + intermittently because of an ill-defined small histogram. Such + histograms will be allowed again after 29298 is implemented. Fixes + a second case of bug 29122; bugfix on 0.4.0.1-alpha. + - Detect and suppress "bug" warnings from the util/time test on + Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha. + - Do not log an error-level message if we fail to find an IPv6 + network interface from the unit tests. Fixes bug 29160; bugfix + on 0.2.7.3-rc. + + o Documentation: + - In the manpage entry describing MapAddress torrc setting, use + example IP addresses from ranges specified for use in documentation + by RFC 5737. Resolves issue 28623. + + o Removed features: + - Remove the old check-tor script. Resolves issue 29072. + + +Changes in version 0.4.0.1-alpha - 2019-01-18 + Tor 0.4.0.1-alpha is the first release in the new 0.4.0.x series. It + introduces improved features for power and bandwidth conservation, + more accurate reporting of bootstrap progress for user interfaces, and + an experimental backend for an exciting new adaptive padding feature. + There is also the usual assortment of bugfixes and minor features, all + described below. + + o Major features (battery management, client, dormant mode): + - When Tor is running as a client, and it is unused for a long time, + it can now enter a "dormant" state. When Tor is dormant, it avoids + network and CPU activity until it is reawoken either by a user + request or by a controller command. For more information, see the + configuration options starting with "Dormant". Implements tickets + 2149 and 28335. + - The client's memory of whether it is "dormant", and how long it + has spent idle, persists across invocations. Implements + ticket 28624. + - There is a DormantOnFirstStartup option that integrators can use + if they expect that in many cases, Tor will be installed but + not used. + + o Major features (bootstrap reporting): + - When reporting bootstrap progress, report the first connection + uniformly, regardless of whether it's a connection for building + application circuits. This allows finer-grained reporting of early + progress than previously possible, with the improvements of ticket + 27169. Closes tickets 27167 and 27103. Addresses ticket 27308. + - When reporting bootstrap progress, treat connecting to a proxy or + pluggable transport as separate from having successfully used that + proxy or pluggable transport to connect to a relay. Closes tickets + 27100 and 28884. + + o Major features (circuit padding): + - Implement preliminary support for the circuit padding portion of + Proposal 254. The implementation supports Adaptive Padding (aka + WTF-PAD) state machines for use between experimental clients and + relays. Support is also provided for APE-style state machines that + use probability distributions instead of histograms to specify + inter-packet delay. At the moment, Tor does not provide any + padding state machines that are used in normal operation: for now, + this feature exists solely for experimentation. Closes + ticket 28142. + + o Major features (refactoring): + - Tor now uses an explicit list of its own subsystems when + initializing and shutting down. Previously, these systems were + managed implicitly in various places throughout the codebase. + (There may still be some subsystems using the old system.) Closes + ticket 28330. + + o Minor features (bootstrap reporting): + - When reporting bootstrap progress, stop distinguishing between + situations where only internal paths are available and situations + where external paths are available. Previously, Tor would often + erroneously report that it had only internal paths. Closes + ticket 27402. + + o Minor features (continuous integration): + - Log Python version during each Travis CI job. Resolves + issue 28551. + + o Minor features (controller): + - Add a DROPOWNERSHIP command to undo the effects of TAKEOWNERSHIP. + Implements ticket 28843. + + o Minor features (developer tooling): + - Provide a git hook script to prevent "fixup!" and "squash!" + commits from ending up in the master branch, as scripts/main/pre- + push.git-hook. Closes ticket 27993. + + o Minor features (directory authority): + - Directory authorities support a new consensus algorithm, under + which the family lines in microdescriptors are encoded in a + canonical form. This change makes family lines more compressible + in transit, and on the client. Closes ticket 28266; implements + proposal 298. + + o Minor features (directory authority, relay): + - Authorities now vote on a "StaleDesc" flag to indicate that a + relay's descriptor is so old that the relay should upload again + soon. Relays treat this flag as a signal to upload a new + descriptor. This flag will eventually let us remove the + 'published' date from routerstatus entries, and make our consensus + diffs much smaller. Closes ticket 26770; implements proposal 293. + + o Minor features (fallback directory mirrors): + - Update the fallback whitelist based on operator opt-ins and opt- + outs. Closes ticket 24805, patch by Phoul. + + o Minor features (FreeBSD): + - On FreeBSD-based systems, warn relay operators if the + "net.inet.ip.random_id" sysctl (IP ID randomization) is disabled. + Closes ticket 28518. + + o Minor features (HTTP standards compliance): + - Stop sending the header "Content-type: application/octet-stream" + along with transparently compressed documents: this confused + browsers. Closes ticket 28100. + + o Minor features (IPv6): + - We add an option ClientAutoIPv6ORPort, to make clients randomly + prefer a node's IPv4 or IPv6 ORPort. The random preference is set + every time a node is loaded from a new consensus or bridge config. + We expect that this option will enable clients to bootstrap more + quickly without having to determine whether they support IPv4, + IPv6, or both. Closes ticket 27490. Patch by Neel Chauhan. + - When using addrs_in_same_network_family(), avoid choosing circuit + paths that pass through the same IPv6 subnet more than once. + Previously, we only checked IPv4 subnets. Closes ticket 24393. + Patch by Neel Chauhan. + + o Minor features (log messages): + - Improve log message in v3 onion services that could print out + negative revision counters. Closes ticket 27707. Patch + by "ffmancera". + + o Minor features (memory usage): + - Save memory by storing microdescriptor family lists with a more + compact representation. Closes ticket 27359. + - Tor clients now use mmap() to read consensus files from disk, so + that they no longer need keep the full text of a consensus in + memory when parsing it or applying a diff. Closes ticket 27244. + + o Minor features (parsing): + - Directory authorities now validate that router descriptors and + ExtraInfo documents are in a valid subset of UTF-8, and reject + them if they are not. Closes ticket 27367. + + o Minor features (performance): + - Cache the results of summarize_protocol_flags(), so that we don't + have to parse the same protocol-versions string over and over. + This should save us a huge number of malloc calls on startup, and + may reduce memory fragmentation with some allocators. Closes + ticket 27225. + - Remove a needless memset() call from get_token_arguments, thereby + speeding up the tokenization of directory objects by about 20%. + Closes ticket 28852. + - Replace parse_short_policy() with a faster implementation, to + improve microdescriptor parsing time. Closes ticket 28853. + - Speed up directory parsing a little by avoiding use of the non- + inlined strcmp_len() function. Closes ticket 28856. + - Speed up microdescriptor parsing by about 30%, to help improve + startup time. Closes ticket 28839. + + o Minor features (pluggable transports): + - Add support for emitting STATUS updates to Tor's control port from + a pluggable transport process. Closes ticket 28846. + - Add support for logging to Tor's logging subsystem from a + pluggable transport process. Closes ticket 28180. + + o Minor features (process management): + - Add a new process API for handling child processes. This new API + allows Tor to have bi-directional communication with child + processes on both Unix and Windows. Closes ticket 28179. + - Use the subsystem manager to initialize and shut down the process + module. Closes ticket 28847. + + o Minor features (relay): + - When listing relay families, list them in canonical form including + the relay's own identity, and try to give a more useful set of + warnings. Part of ticket 28266 and proposal 298. + + o Minor features (required protocols): + - Before exiting because of a missing required protocol, Tor will + now check the publication time of the consensus, and not exit + unless the consensus is newer than the Tor program's own release + date. Previously, Tor would not check the consensus publication + time, and so might exit because of a missing protocol that might + no longer be required in a current consensus. Implements proposal + 297; closes ticket 27735. + + o Minor features (testing): + - Allow a HeartbeatPeriod of less than 30 minutes in testing Tor + networks. Closes ticket 28840. Patch by Rob Jansen. + + o Minor bugfixes (client, clock skew): + - Bootstrap successfully even when Tor's clock is behind the clocks + on the authorities. Fixes bug 28591; bugfix on 0.2.0.9-alpha. + - Select guards even if the consensus has expired, as long as the + consensus is still reasonably live. Fixes bug 24661; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (compilation): + - Compile correctly on OpenBSD; previously, we were missing some + headers required in order to detect it properly. Fixes bug 28938; + bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (directory clients): + - Mark outdated dirservers when Tor only has a reasonably live + consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (directory mirrors): + - Even when a directory mirror's clock is behind the clocks on the + authorities, we now allow the mirror to serve "future" + consensuses. Fixes bug 28654; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (DNS): + - Gracefully handle an empty or absent resolve.conf file by falling + back to using "localhost" as a DNS server (and hoping it works). + Previously, we would just stop running as an exit. Fixes bug + 21900; bugfix on 0.2.1.10-alpha. + + o Minor bugfixes (guards): + - In count_acceptable_nodes(), the minimum number is now one bridge + or guard node, and two non-guard nodes for a circuit. Previously, + we had added up the sum of all nodes with a descriptor, but that + could cause us to build failing circuits when we had either too + many bridges or not enough guard nodes. Fixes bug 25885; bugfix on + 0.2.3.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (IPv6): + - Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the + IPv6 socket was bound using an address family of AF_INET instead + of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from + Kris Katterjohn. + + o Minor bugfixes (logging): + - Rework rep_hist_log_link_protocol_counts() to iterate through all + link protocol versions when logging incoming/outgoing connection + counts. Tor no longer skips version 5, and we won't have to + remember to update this function when new link protocol version is + developed. Fixes bug 28920; bugfix on 0.2.6.10. + + o Minor bugfixes (networking): + - Introduce additional checks into tor_addr_parse() to reject + certain incorrect inputs that previously were not detected. Fixes + bug 23082; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (onion service v3, client): + - Stop logging a "BUG()" warning and stacktrace when we find a SOCKS + connection waiting for a descriptor that we actually have in the + cache. It turns out that this can actually happen, though it is + rare. Now, tor will recover and retry the descriptor. Fixes bug + 28669; bugfix on 0.3.2.4-alpha. + + o Minor bugfixes (periodic events): + - Refrain from calling routerlist_remove_old_routers() from + check_descriptor_callback(). Instead, create a new hourly periodic + event. Fixes bug 27929; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (pluggable transports): + - Make sure that data is continously read from standard output and + standard error pipes of a pluggable transport child-process, to + avoid deadlocking when a pipe's buffer is full. Fixes bug 26360; + bugfix on 0.2.3.6-alpha. + + o Minor bugfixes (unit tests): + - Instead of relying on hs_free_all() to clean up all onion service + objects in test_build_descriptors(), we now deallocate them one by + one. This lets Coverity know that we are not leaking memory there + and fixes CID 1442277. Fixes bug 28989; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (usability): + - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate(). + Some users took this phrasing to mean that the mentioned guard was + under their control or responsibility, which it is not. Fixes bug + 28895; bugfix on Tor 0.3.0.1-alpha. + + o Code simplification and refactoring: + - Reimplement NETINFO cell parsing and generation to rely on + trunnel-generated wire format handling code. Closes ticket 27325. + - Remove unnecessary unsafe code from the Rust macro "cstr!". Closes + ticket 28077. + - Rework SOCKS wire format handling to rely on trunnel-generated + parsing/generation code. Resolves ticket 27620. + - Split out bootstrap progress reporting from control.c into a + separate file. Part of ticket 27402. + - The .may_include files that we use to describe our directory-by- + directory dependency structure now describe a noncircular + dependency graph over the directories that they cover. Our + checkIncludes.py tool now enforces this noncircularity. Closes + ticket 28362. + + o Documentation: + - Mention that you cannot add a new onion service if Tor is already + running with Sandbox enabled. Closes ticket 28560. + - Improve ControlPort documentation. Mention that it accepts + address:port pairs, and can be used multiple times. Closes + ticket 28805. + - Document the exact output of "tor --version". Closes ticket 28889. + + o Removed features: + - Stop responding to the 'GETINFO status/version/num-concurring' and + 'GETINFO status/version/num-versioning' control port commands, as + those were deprecated back in 0.2.0.30. Also stop listing them in + output of 'GETINFO info/names'. Resolves ticket 28757. + - The scripts used to generate and maintain the list of fallback + directories have been extracted into a new "fallback-scripts" + repository. Closes ticket 27914. + + o Testing: + - Run shellcheck for scripts in the in scripts/ directory. Closes + ticket 28058. + - Add unit tests for tokenize_string() and get_next_token() + functions. Resolves ticket 27625. + + o Code simplification and refactoring (onion service v3): + - Consolidate the authorized client descriptor cookie computation + code from client and service into one function. Closes + ticket 27549. + + o Code simplification and refactoring (shell scripts): + - Cleanup scan-build.sh to silence shellcheck warnings. Closes + ticket 28007. + - Fix issues that shellcheck found in chutney-git-bisect.sh. + Resolves ticket 28006. + - Fix issues that shellcheck found in updateRustDependencies.sh. + Resolves ticket 28012. + - Fix shellcheck warnings in cov-diff script. Resolves issue 28009. + - Fix shellcheck warnings in run_calltool.sh. Resolves ticket 28011. + - Fix shellcheck warnings in run_trunnel.sh. Resolves issue 28010. + - Fix shellcheck warnings in scripts/test/coverage. Resolves + issue 28008. + + +Changes in version 0.3.3.11 - 2019-01-07 + Tor 0.3.3.11 backports numerous fixes from later versions of Tor. + numerous fixes, including an important fix for anyone using OpenSSL + 1.1.1. Anyone running an earlier version of Tor 0.3.3 should upgrade + to this version, or to a later series. + + As a reminder, support the Tor 0.3.3 series will end on 22 Feb 2019. + We anticipate that this will be the last release of Tor 0.3.3, unless + some major bug is before then. Some time between now and then, users + should switch to either the Tor 0.3.4 series (supported until at least + 10 June 2019), or the Tor 0.3.5 series, which will receive long-term + support until at least 1 Feb 2022. + + o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha): + - Fix our usage of named groups when running as a TLS 1.3 client in + OpenSSL 1.1.1. Previously, we only initialized EC groups when + running as a relay, which caused clients to fail to negotiate TLS + 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3 + support was added). + + o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha): + - Fix a use-after-free error that could be caused by passing Tor an + impossible set of options that would fail during options_act(). + Fixes bug 27708; bugfix on 0.3.3.1-alpha. + + o Minor features (continuous integration, backport from 0.3.5.1-alpha): + - Only run one online rust build in Travis, to reduce network + errors. Skip offline rust builds on Travis for Linux gcc, because + they're redundant. Implements ticket 27252. + - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a + duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on + Linux with default settings, because all the non-default builds + use gcc on Linux. Implements ticket 27252. + + o Minor features (continuous integration, backport from 0.3.5.3-alpha): + - Use the Travis Homebrew addon to install packages on macOS during + Travis CI. The package list is the same, but the Homebrew addon + does not do a `brew update` by default. Implements ticket 27738. + + o Minor features (fallback directory list, backport from 0.3.5.6-rc): + - Replace the 150 fallbacks originally introduced in Tor + 0.3.3.1-alpha in January 2018 (of which ~115 were still + functional), with a list of 157 fallbacks (92 new, 65 existing, 85 + removed) generated in December 2018. Closes ticket 24803. + + o Minor features (geoip): + - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 29012. + + o Minor features (OpenSSL bug workaround, backport from 0.3.5.7): + - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3 + key export function from handling long labels. When this bug is + detected, Tor will disable TLS 1.3. We recommend upgrading to a + version of OpenSSL without this bug when it becomes available. + Closes ticket 28973. + + o Minor bugfixes (relay statistics, backport from 0.3.5.7): + - Update relay descriptor on bandwidth changes only when the uptime + is smaller than 24h, in order to reduce the efficiency of guard + discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.5.4-alpha): + - Avoid undefined behavior in an end-of-string check when parsing + the BEGIN line in a directory object. Fixes bug 28202; bugfix + on 0.2.0.3-alpha. + + o Minor bugfixes (code safety, backport from 0.3.5.3-alpha): + - Rewrite our assertion macros so that they no longer suppress the + compiler's -Wparentheses warnings. Fixes bug 27709; bugfix + + o Minor bugfixes (compilation, backport from 0.3.5.5-alpha): + - Initialize a variable unconditionally in aes_new_cipher(), since + some compilers cannot tell that we always initialize it before + use. Fixes bug 28413; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (directory authority, backport from 0.3.5.4-alpha): + - Log additional info when we get a relay that shares an ed25519 ID + with a different relay, instead making a BUG() warning. Fixes bug + 27800; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha): + - When a user requests a group-readable DataDirectory, give it to + them. Previously, when the DataDirectory and the CacheDirectory + were the same, the default setting (0) for + CacheDirectoryGroupReadable would override the setting for + DataDirectoryGroupReadable. Fixes bug 26913; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha): + - When the onion service directory can't be created or has the wrong + permissions, do not log a stack trace. Fixes bug 27335; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha): + - Close all SOCKS request (for the same .onion) if the newly fetched + descriptor is unusable. Before that, we would close only the first + one leaving the other hanging and let to time out by themselves. + Fixes bug 27410; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha): + - Don't warn so loudly when Tor is unable to decode an onion + descriptor. This can now happen as a normal use case if a client + gets a descriptor with client authorization but the client is not + authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc): + - When deleting an ephemeral onion service (DEL_ONION), do not close + any rendezvous circuits in order to let the existing client + connections finish by themselves or closed by the application. The + HS v2 is doing that already so now we have the same behavior for + all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (HTTP tunnel): + - Fix a bug warning when closing an HTTP tunnel connection due to + an HTTP request we couldn't handle. Fixes bug 26470; bugfix on + 0.3.2.1-alpha. + + o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha): + - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419; + bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger. + + o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha): + - Ensure circuitmux queues are empty before scheduling or sending + padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (protover, backport from 0.3.5.3-alpha): + - Reject protocol names containing bytes other than alphanumeric + characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.1-alpha): + - Compute protover votes correctly in the rust version of the + protover code. Previously, the protover rewrite in 24031 allowed + repeated votes from the same voter for the same protocol version + to be counted multiple times in protover_compute_vote(). Fixes bug + 27649; bugfix on 0.3.3.5-rc. + - Reject protover names that contain invalid characters. Fixes bug + 27687; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.2-alpha): + - protover_all_supported() would attempt to allocate up to 16GB on + some inputs, leading to a potential memory DoS. Fixes bug 27206; + bugfix on 0.3.3.5-rc. + + o Minor bugfixes (rust, backport from 0.3.5.4-alpha): + - Fix a potential null dereference in protover_all_supported(). Add + a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha. + - Return a string that can be safely freed by C code, not one + created by the rust allocator, in protover_all_supported(). Fixes + bug 27740; bugfix on 0.3.3.1-alpha. + - Fix an API mismatch in the rust implementation of + protover_compute_vote(). This bug could have caused crashes on any + directory authorities running Tor with Rust (which we do not yet + recommend). Fixes bug 27741; bugfix on 0.3.3.6. + + o Minor bugfixes (testing, backport from 0.3.5.1-alpha): + - If a unit test running in a subprocess exits abnormally or with a + nonzero status code, treat the test as having failed, even if the + test reported success. Without this fix, memory leaks don't cause + the tests to fail, even with LeakSanitizer. Fixes bug 27658; + bugfix on 0.2.2.4-alpha. + + o Minor bugfixes (testing, backport from 0.3.5.4-alpha): + - Treat backtrace test failures as expected on BSD-derived systems + (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. + (FreeBSD failures have been treated as expected since 18204 in + 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc): + - Stop leaking memory in an entry guard unit test. Fixes bug 28554; + bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.4.10 - 2019-01-07 + Tor 0.3.4.9 is the second stable release in its series; it backports + numerous fixes, including an important fix for relays, and for anyone + using OpenSSL 1.1.1. Anyone running an earlier version of Tor 0.3.4 + should upgrade. + + As a reminder, the Tor 0.3.4 series will be supported until 10 June + 2019. Some time between now and then, users should switch to the Tor + 0.3.5 series, which will receive long-term support until at least 1 + Feb 2022. + + o Major bugfixes (OpenSSL, portability, backport from 0.3.5.5-alpha): + - Fix our usage of named groups when running as a TLS 1.3 client in + OpenSSL 1.1.1. Previously, we only initialized EC groups when + running as a relay, which caused clients to fail to negotiate TLS + 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3 + support was added). + + o Major bugfixes (relay, directory, backport from 0.3.5.7): + - Always reactivate linked connections in the main loop so long as + any linked connection has been active. Previously, connections + serving directory information wouldn't get reactivated after the + first chunk of data was sent (usually 32KB), which would prevent + clients from bootstrapping. Fixes bug 28912; bugfix on + 0.3.4.1-alpha. Patch by "cypherpunks3". + + o Minor features (continuous integration, Windows, backport from 0.3.5.6-rc): + - Always show the configure and test logs, and upload them as build + artifacts, when building for Windows using Appveyor CI. + Implements 28459. + + o Minor features (controller, backport from 0.3.5.1-alpha): + - For purposes of CIRC_BW-based dropped cell detection, track half- + closed stream ids, and allow their ENDs, SENDMEs, DATA and path + bias check cells to arrive without counting it as dropped until + either the END arrives, or the windows are empty. Closes + ticket 25573. + + o Minor features (fallback directory list, backport from 0.3.5.6-rc): + - Replace the 150 fallbacks originally introduced in Tor + 0.3.3.1-alpha in January 2018 (of which ~115 were still + functional), with a list of 157 fallbacks (92 new, 65 existing, 85 + removed) generated in December 2018. Closes ticket 24803. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2 + Country database. Closes ticket 28395. + + o Minor features (OpenSSL bug workaround, backport from 0.3.5.7): + - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3 + key export function from handling long labels. When this bug is + detected, Tor will disable TLS 1.3. We recommend upgrading to a + version of OpenSSL without this bug when it becomes available. + Closes ticket 28973. + + o Minor bugfixes (compilation, backport from 0.3.5.5-alpha): + - Initialize a variable unconditionally in aes_new_cipher(), since + some compilers cannot tell that we always initialize it before + use. Fixes bug 28413; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (connection, relay, backport from 0.3.5.5-alpha): + - Avoid a logging a BUG() stacktrace when closing connection held + open because the write side is rate limited but not the read side. + Now, the connection read side is simply shut down until Tor is + able to flush the connection and close it. Fixes bug 27750; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.5-alpha): + - Manually configure the zstd compiler options, when building using + mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does + not come with a pkg-config file. Fixes bug 28454; bugfix + on 0.3.4.1-alpha. + - Stop using an external OpenSSL install, and stop installing MSYS2 + packages, when building using mingw on Appveyor Windows CI. Fixes + bug 28399; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, Windows, backport from 0.3.5.6-rc): + - Explicitly specify the path to the OpenSSL library and do not + download OpenSSL from Pacman, but instead use the library that is + already provided by AppVeyor. Fixes bug 28574; bugfix on master. + + o Minor bugfixes (directory permissions, backport form 0.3.5.3-alpha): + - When a user requests a group-readable DataDirectory, give it to + them. Previously, when the DataDirectory and the CacheDirectory + were the same, the default setting (0) for + CacheDirectoryGroupReadable would override the setting for + DataDirectoryGroupReadable. Fixes bug 26913; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leaks, backport from 0.3.5.5-alpha): + - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419; + bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger. + + o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha): + - Don't warn so loudly when Tor is unable to decode an onion + descriptor. This can now happen as a normal use case if a client + gets a descriptor with client authorization but the client is not + authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.6-rc): + - When deleting an ephemeral onion service (DEL_ONION), do not close + any rendezvous circuits in order to let the existing client + connections finish by themselves or closed by the application. The + HS v2 is doing that already so now we have the same behavior for + all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (relay statistics, backport from 0.3.5.7): + - Update relay descriptor on bandwidth changes only when the uptime + is smaller than 24h, in order to reduce the efficiency of guard + discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha. + + o Minor bugfixes (unit tests, guard selection, backport from 0.3.5.6-rc): + - Stop leaking memory in an entry guard unit test. Fixes bug 28554; + bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.5.7 - 2019-01-07 + Tor 0.3.5.7 is the first stable release in its series; it includes + compilation and portability fixes, and a fix for a severe problem + affecting directory caches. + + The Tor 0.3.5 series includes several new features and performance + improvements, including client authorization for v3 onion services, + cleanups to bootstrap reporting, support for improved bandwidth- + measurement tools, experimental support for NSS in place of OpenSSL, + and much more. It also begins a full reorganization of Tor's code + layout, for improved modularity and maintainability in the future. + Finally, there is the usual set of performance improvements and + bugfixes that we try to do in every release series. + + There are a couple of changes in the 0.3.5 that may affect + compatibility. First, the default version for newly created onion + services is now v3. Use the HiddenServiceVersion option if you want to + override this. Second, some log messages related to bootstrapping have + changed; if you use stem, you may need to update to the latest version + so it will recognize them. + + We have designated 0.3.5 as a "long-term support" (LTS) series: we + will continue to patch major bugs in typical configurations of 0.3.5 + until at least 1 Feb 2022. (We do not plan to provide long-term + support for embedding, Rust support, NSS support, running a directory + authority, or unsupported platforms. For these, you will need to stick + with the latest stable release.) + + Below are the changes since 0.3.5.6-rc. For a complete list of changes + since 0.3.4.9, see the ReleaseNotes file. + + o Major bugfixes (relay, directory): + - Always reactivate linked connections in the main loop so long as + any linked connection has been active. Previously, connections + serving directory information wouldn't get reactivated after the + first chunk of data was sent (usually 32KB), which would prevent + clients from bootstrapping. Fixes bug 28912; bugfix on + 0.3.4.1-alpha. Patch by "cypherpunks3". + + o Minor features (compilation): + - When possible, place our warning flags in a separate file, to + avoid flooding verbose build logs. Closes ticket 28924. + + o Minor features (geoip): + - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2 + Country database. Closes ticket 29012. + + o Minor features (OpenSSL bug workaround): + - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3 + key export function from handling long labels. When this bug is + detected, Tor will disable TLS 1.3. We recommend upgrading to a + version of OpenSSL without this bug when it becomes available. + Closes ticket 28973. + + o Minor features (performance): + - Remove about 96% of the work from the function that we run at + startup to test our curve25519_basepoint implementation. Since + this function has yet to find an actual failure, we now only run + it for 8 iterations instead of 200. Based on our profile + information, this change should save around 8% of our startup time + on typical desktops, and may have a similar effect on other + platforms. Closes ticket 28838. + - Stop re-validating our hardcoded Diffie-Hellman parameters on + every startup. Doing this wasted time and cycles, especially on + low-powered devices. Closes ticket 28851. + + o Minor bugfixes (compilation): + - Fix compilation for Android by adding a missing header to + freespace.c. Fixes bug 28974; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (correctness): + - Fix an unreached code path where we checked the value of + "hostname" inside send_resolved_hostname_cell(). Previously, we + used it before checking it; now we check it first. Fixes bug + 28879; bugfix on 0.1.2.7-alpha. + + o Minor bugfixes (testing): + - Make sure that test_rebind.py actually obeys its timeout, even + when it receives a large number of log messages. Fixes bug 28883; + bugfix on 0.3.5.4-alpha. + - Stop running stem's unit tests as part of "make test-stem", but + continue to run stem's unit and online tests during "make test- + stem-full". Fixes bug 28568; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (windows services): + - Make Tor start correctly as an NT service again: previously it was + broken by refactoring. Fixes bug 28612; bugfix on 0.3.5.3-alpha. + + o Code simplification and refactoring: + - When parsing a port configuration, make it more obvious to static + analyzer tools that we always initialize the address. Closes + ticket 28881. + + +Changes in version 0.3.5.6-rc - 2018-12-18 + Tor 0.3.5.6-rc fixes numerous small bugs in earlier versions of Tor. + It is the first release candidate in the 0.3.5.x series; if no further + huge bugs are found, our next release may be the stable 0.3.5.x. + + o Minor features (continuous integration, Windows): + - Always show the configure and test logs, and upload them as build + artifacts, when building for Windows using Appveyor CI. + Implements 28459. + + o Minor features (fallback directory list): + - Replace the 150 fallbacks originally introduced in Tor + 0.3.3.1-alpha in January 2018 (of which ~115 were still + functional), with a list of 157 fallbacks (92 new, 65 existing, 85 + removed) generated in December 2018. Closes ticket 24803. + + o Minor features (geoip): + - Update geoip and geoip6 to the December 5 2018 Maxmind GeoLite2 + Country database. Closes ticket 28744. + + o Minor bugfixes (compilation): + - Add missing dependency on libgdi32.dll for tor-print-ed-signing- + cert.exe on Windows. Fixes bug 28485; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (continuous integration, Windows): + - Explicitly specify the path to the OpenSSL library and do not + download OpenSSL from Pacman, but instead use the library that is + already provided by AppVeyor. Fixes bug 28574; bugfix on master. + + o Minor bugfixes (onion service v3): + - When deleting an ephemeral onion service (DEL_ONION), do not close + any rendezvous circuits in order to let the existing client + connections finish by themselves or closed by the application. The + HS v2 is doing that already so now we have the same behavior for + all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (restart-in-process, boostrap): + - Add missing resets of bootstrap tracking state when shutting down + (regression caused by ticket 27169). Fixes bug 28524; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (testing): + - Use a separate DataDirectory for the test_rebind script. + Previously, this script would run using the default DataDirectory, + and sometimes fail. Fixes bug 28562; bugfix on 0.3.5.1-alpha. + Patch from Taylor R Campbell. + - Stop leaking memory in an entry guard unit test. Fixes bug 28554; + bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (Windows): + - Correctly identify Windows 8.1, Windows 10, and Windows Server + 2008 and later from their NT versions. Fixes bug 28096; bugfix on + 0.2.2.34; reported by Keifer Bly. + - On recent Windows versions, the GetVersionEx() function may report + an earlier Windows version than the running OS. To avoid user + confusion, add "[or later]" to Tor's version string on affected + versions of Windows. Fixes bug 28096; bugfix on 0.2.2.34; reported + by Keifer Bly. + - Remove Windows versions that were never supported by the + GetVersionEx() function. Stop duplicating the latest Windows + version in get_uname(). Fixes bug 28096; bugfix on 0.2.2.34; + reported by Keifer Bly. + + o Testing: + - Increase logging and tag all log entries with timestamps in + test_rebind.py. Provides diagnostics for issue 28229. + + o Code simplification and refactoring (shared random, dirauth): + - Change many tor_assert() to use BUG() instead. The idea is to not + crash a dirauth but rather scream loudly with a stacktrace and let + it continue run. The shared random subsystem is very resilient and + if anything wrong happens with it, at worst a non coherent value + will be put in the vote and discarded by the other authorities. + Closes ticket 19566. + + o Documentation (onion services): + - Document in the man page that changing ClientOnionAuthDir value or + adding a new file in the directory will not work at runtime upon + sending a HUP if Sandbox 1. Closes ticket 28128. + - Note in the man page that the only real way to fully revoke an + onion service v3 client authorization is by restarting the tor + process. Closes ticket 28275. + + +Changes in version 0.3.5.5-alpha - 2018-11-16 + Tor 0.3.5.5-alpha includes numerous bugfixes on earlier releases, + including several that we hope to backport to older release series in + the future. + + o Major bugfixes (OpenSSL, portability): + - Fix our usage of named groups when running as a TLS 1.3 client in + OpenSSL 1.1.1. Previously, we only initialized EC groups when + running as a relay, which caused clients to fail to negotiate TLS + 1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3 + support was added). + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2018 Maxmind GeoLite2 + Country database. Closes ticket 28395. + + o Minor bugfixes (compilation): + - Initialize a variable unconditionally in aes_new_cipher(), since + some compilers cannot tell that we always initialize it before + use. Fixes bug 28413; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (connection, relay): + - Avoid a logging a BUG() stacktrace when closing connection held + open because the write side is rate limited but not the read side. + Now, the connection read side is simply shut down until Tor is + able to flush the connection and close it. Fixes bug 27750; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, Windows): + - Manually configure the zstd compiler options, when building using + mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does + not come with a pkg-config file. Fixes bug 28454; bugfix + on 0.3.4.1-alpha. + - Stop using an external OpenSSL install, and stop installing MSYS2 + packages, when building using mingw on Appveyor Windows CI. Fixes + bug 28399; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (documentation): + - Make Doxygen work again after the code movement in the 0.3.5 + source tree. Fixes bug 28435; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Permit the "shutdown()" system call, which is apparently used by + OpenSSL under some circumstances. Fixes bug 28183; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (logging): + - Stop talking about the Named flag in log messages. Clients have + ignored the Named flag since 0.3.2. Fixes bug 28441; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (memory leaks): + - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419; + bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger. + + o Minor bugfixes (onion services): + - On an intro point for a version 3 onion service, stop closing + introduction circuits on an NACK. This lets the client decide + whether to reuse the circuit or discard it. Previously, we closed + intro circuits when sending NACKs. Fixes bug 27841; bugfix on + 0.3.2.1-alpha. Patch by Neel Chaunan. + - When replacing a descriptor in the client cache, make sure to + close all client introduction circuits for the old descriptor, so + we don't end up with unusable leftover circuits. Fixes bug 27471; + bugfix on 0.3.2.1-alpha. + + +Changes in version 0.3.5.4-alpha - 2018-11-08 + Tor 0.3.5.4-alpha includes numerous bugfixes on earlier versions and + improves our continuous integration support. It continues our attempts + to stabilize this alpha branch and build it into a foundation for an + acceptable long-term-support release. + + o Major bugfixes (compilation, rust): + - Rust tests can now build and run successfully with the + --enable-fragile-hardening option enabled. Doing this currently + requires the rust beta channel; it will be possible with stable + rust once Rust version 1.31 is released. Patch from Alex Crichton. + Fixes bugs 27272, 27273, and 27274. Bugfix on 0.3.1.1-alpha. + + o Major bugfixes (embedding, main loop): + - When DisableNetwork becomes set, actually disable periodic events + that are already enabled. (Previously, we would refrain from + enabling new ones, but we would leave the old ones turned on.) + Fixes bug 28348; bugfix on 0.3.4.1-alpha. + + o Minor features (continuous integration): + - Add a Travis CI build for --enable-nss on Linux gcc. Closes + ticket 27751. + - Add new CI job to Travis configuration to run stem-based + integration tests. Closes ticket 27913. + + o Minor features (Windows, continuous integration): + - Build tor on Windows Server 2012 R2 and Windows Server 2016 using + Appveyor's CI. Closes ticket 28318. + + o Minor bugfixes (C correctness, also in 0.3.4.9): + - Avoid undefined behavior in an end-of-string check when parsing + the BEGIN line in a directory object. Fixes bug 28202; bugfix + on 0.2.0.3-alpha. + + o Minor bugfixes (compilation): + - Fix a pair of missing headers on OpenBSD. Fixes bug 28303; bugfix + on 0.3.5.1-alpha. Patch from Kris Katterjohn. + + o Minor bugfixes (compilation, OpenSolaris): + - Fix compilation on OpenSolaris and its descendants by adding a + missing include to compat_pthreads.c. Fixes bug 27963; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (configuration): + - Refuse to start with relative file paths and RunAsDaemon set + (regression from the fix for bug 22731). Fixes bug 28298; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (directory authority, also in 0.3.4.9): + - Log additional info when we get a relay that shares an ed25519 ID + with a different relay, instead of a BUG() warning with a + backtrace. Fixes bug 27800; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3): + - Build the service descriptor's signing key certificate before + uploading, so we always have a fresh one: leaving no chances for + it to expire service side. Fixes bug 27838; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, client authorization): + - Fix an assert() when adding a client authorization for the first + time and then sending a HUP signal to the service. Before that, + Tor would stop abruptly. Fixes bug 27995; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (onion services): + - Unless we have explicitly set HiddenServiceVersion, detect the + onion service version and then look for invalid options. + Previously, we did the reverse, but that broke existing configs + which were pointed to a v2 service and had options like + HiddenServiceAuthorizeClient set. Fixes bug 28127; bugfix on + 0.3.5.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (portability): + - Make the OPE code (which is used for v3 onion services) run + correctly on big-endian platforms. Fixes bug 28115; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (protover, rust): + - Reject extra commas in version strings. Fixes bug 27197; bugfix + on 0.3.3.3-alpha. + + o Minor bugfixes (relay shutdown, systemd): + - Notify systemd of ShutdownWaitLength so it can be set to longer + than systemd's TimeoutStopSec. In Tor's systemd service file, set + TimeoutSec to 60 seconds to allow Tor some time to shut down. + Fixes bug 28113; bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (rust, also in 0.3.4.9): + - Fix a potential null dereference in protover_all_supported(). Add + a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha. + - Return a string that can be safely freed by C code, not one + created by the rust allocator, in protover_all_supported(). Fixes + bug 27740; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (rust, directory authority, also in 0.3.4.9): + - Fix an API mismatch in the rust implementation of + protover_compute_vote(). This bug could have caused crashes on any + directory authorities running Tor with Rust (which we do not yet + recommend). Fixes bug 27741; bugfix on 0.3.3.6. + + o Minor bugfixes (testing): + - Avoid hangs and race conditions in test_rebind.py. Fixes bug + 27968; bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (testing, also in 0.3.4.9): + - Treat backtrace test failures as expected on BSD-derived systems + (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. + (FreeBSD failures have been treated as expected since 18204 in + 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha. + + o Documentation (onion service manpage): + - Improve HSv3 client authorization by making some options more + explicit and detailed. Closes ticket 28026. Patch by Mike Tigas. + + +Changes in version 0.3.4.9 - 2018-11-02 + Tor 0.3.4.9 is the second stable release in its series; it backports + numerous fixes, including a fix for a bandwidth management bug that + was causing memory exhaustion on relays. Anyone running an earlier + version of Tor 0.3.4.9 should upgrade. + + o Major bugfixes (compilation, backport from 0.3.5.3-alpha): + - Fix compilation on ARM (and other less-used CPUs) when compiling + with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha): + - Make sure Tor bootstraps and works properly if only the + ControlPort is set. Prior to this fix, Tor would only bootstrap + when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel + port). Fixes bug 27849; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (relay, backport from 0.3.5.3-alpha): + - When our write bandwidth limit is exhausted, stop writing on the + connection. Previously, we had a typo in the code that would make + us stop reading instead, leading to relay connections being stuck + indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix + on 0.3.4.1-alpha. + + o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha): + - Fix a use-after-free error that could be caused by passing Tor an + impossible set of options that would fail during options_act(). + Fixes bug 27708; bugfix on 0.3.3.1-alpha. + + o Minor features (continuous integration, backport from 0.3.5.1-alpha): + - Don't do a distcheck with --disable-module-dirauth in Travis. + Implements ticket 27252. + - Only run one online rust build in Travis, to reduce network + errors. Skip offline rust builds on Travis for Linux gcc, because + they're redundant. Implements ticket 27252. + - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a + duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on + Linux with default settings, because all the non-default builds + use gcc on Linux. Implements ticket 27252. + + o Minor features (continuous integration, backport from 0.3.5.3-alpha): + - Use the Travis Homebrew addon to install packages on macOS during + Travis CI. The package list is the same, but the Homebrew addon + does not do a `brew update` by default. Implements ticket 27738. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2 + Country database. Closes ticket 27991. + + o Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha): + - Fix an integer overflow bug in our optimized 32-bit millisecond- + difference algorithm for 32-bit Apple platforms. Previously, it + would overflow when calculating the difference between two times + more than 47 days apart. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + - Improve the precision of our 32-bit millisecond difference + algorithm for 32-bit Apple platforms. Fixes part of bug 27139; + bugfix on 0.3.4.1-alpha. + - Relax the tolerance on the mainloop/update_time_jumps test when + running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha): + - Avoid undefined behavior in an end-of-string check when parsing + the BEGIN line in a directory object. Fixes bug 28202; bugfix + on 0.2.0.3-alpha. + + o Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha): + - Only install the necessary mingw packages during our appveyor + builds. This change makes the build a little faster, and prevents + a conflict with a preinstalled mingw openssl that appveyor now + ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (code safety, backport from 0.3.5.3-alpha): + - Rewrite our assertion macros so that they no longer suppress the + compiler's -Wparentheses warnings. Fixes bug 27709; bugfix + + o Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha): + - Stop reinstalling identical packages in our Windows CI. Fixes bug + 27464; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha): + - Log additional info when we get a relay that shares an ed25519 ID + with a different relay, instead making a BUG() warning. Fixes bug + 27800; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha): + - Avoid a double-close when shutting down a stalled directory + connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha): + - Fix a bug warning when closing an HTTP tunnel connection due to an + HTTP request we couldn't handle. Fixes bug 26470; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha): + - Ensure circuitmux queues are empty before scheduling or sending + padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha): + - When the onion service directory can't be created or has the wrong + permissions, do not log a stack trace. Fixes bug 27335; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha): + - Close all SOCKS request (for the same .onion) if the newly fetched + descriptor is unusable. Before that, we would close only the first + one leaving the other hanging and let to time out by themselves. + Fixes bug 27410; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha): + - When selecting a v3 rendezvous point, don't only look at the + protover, but also check whether the curve25519 onion key is + present. This way we avoid picking a relay that supports the v3 + rendezvous but for which we don't have the microdescriptor. Fixes + bug 27797; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (protover, backport from 0.3.5.3-alpha): + - Reject protocol names containing bytes other than alphanumeric + characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.1-alpha): + - Compute protover votes correctly in the rust version of the + protover code. Previously, the protover rewrite in 24031 allowed + repeated votes from the same voter for the same protocol version + to be counted multiple times in protover_compute_vote(). Fixes bug + 27649; bugfix on 0.3.3.5-rc. + - Reject protover names that contain invalid characters. Fixes bug + 27687; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (rust, backport from 0.3.5.2-alpha): + - protover_all_supported() would attempt to allocate up to 16GB on + some inputs, leading to a potential memory DoS. Fixes bug 27206; + bugfix on 0.3.3.5-rc. + + o Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha): + - Fix an API mismatch in the rust implementation of + protover_compute_vote(). This bug could have caused crashes on any + directory authorities running Tor with Rust (which we do not yet + recommend). Fixes bug 27741; bugfix on 0.3.3.6. + + o Minor bugfixes (rust, to appear in 0.3.5.4-alpha): + - Fix a potential null dereference in protover_all_supported(). Add + a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha. + - Return a string that can be safely freed by C code, not one + created by the rust allocator, in protover_all_supported(). Fixes + bug 27740; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.5.1-alpha): + - If a unit test running in a subprocess exits abnormally or with a + nonzero status code, treat the test as having failed, even if the + test reported success. Without this fix, memory leaks don't cause + the tests to fail, even with LeakSanitizer. Fixes bug 27658; + bugfix on 0.2.2.4-alpha. + + o Minor bugfixes (testing, backport from 0.3.5.3-alpha): + - Make the hs_service tests use the same time source when creating + the introduction point and when testing it. Now tests work better + on very slow systems like ARM or Travis. Fixes bug 27810; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (testing, to appear in 0.3.5.4-alpha): + - Treat backtrace test failures as expected on BSD-derived systems + (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808. + (FreeBSD failures have been treated as expected since 18204 in + 0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha. + + +Changes in version 0.3.5.3-alpha - 2018-10-17 + Tor 0.3.5.3-alpha fixes several bugs, mostly from previous 0.3.5.x + versions. One important fix for relays addresses a problem with rate- + limiting code from back in 0.3.4.x: If the fix works out, we'll be + backporting it soon. This release is still an alpha, but we hope it's + getting closer and closer to stability. + + o Major features (onion services): + - Version 3 onion services can now use the per-service + HiddenServiceExportCircuitID option to differentiate client + circuits. It communicates with the service by using the HAProxy + protocol to assign virtual IP addresses to inbound client + circuits. Closes ticket 4700. Patch by Mahrud Sayrafi. + + o Major bugfixes (compilation): + - Fix compilation on ARM (and other less-used CPUs) when compiling + with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (initialization, crash): + - Fix an assertion crash that would stop Tor from starting up if it + tried to activate a periodic event too early. Fixes bug 27861; + bugfix on 0.3.5.1-alpha. + + o Major bugfixes (mainloop, bootstrap): + - Make sure Tor bootstraps and works properly if only the + ControlPort is set. Prior to this fix, Tor would only bootstrap + when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel + port). Fixes bug 27849; bugfix on 0.3.4.1-alpha. + + o Major bugfixes (relay): + - When our write bandwidth limit is exhausted, stop writing on the + connection. Previously, we had a typo in the code that would make + us stop reading instead, leading to relay connections being stuck + indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix + on 0.3.4.1-alpha. + + o Minor features (continuous integration): + - Use the Travis Homebrew addon to install packages on macOS during + Travis CI. The package list is the same, but the Homebrew addon + does not do a `brew update` by default. Implements ticket 27738. + - Report what program produced the mysterious core file that we + occasionally see on Travis CI during make distcheck. Closes + ticket 28024. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2 + Country database. Closes ticket 27991. + + o Minor bugfixes (code safety): + - Rewrite our assertion macros so that they no longer suppress the + compiler's -Wparentheses warnings. Fixes bug 27709; bugfix + on 0.0.6. + + o Minor bugfixes (compilation): + - Compile the ed25519-donna code with a correct declaration of + crypto_strongest_rand(). Previously, we built it with one type, + but linked it against another in the unit tests, which caused + compilation failures with LTO enabled. This could have caused + other undefined behavior in the tests. Fixes bug 27728; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (compilation, netbsd): + - Add a missing include back into procmon.c. Fixes bug 27990; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (continuous integration, appveyor): + - Install only the necessary mingw packages during our appveyor + builds. This change makes the build a little faster, and prevents + a conflict with a preinstalled mingw openssl that appveyor now + ships. Fixes bugs 27765 and 27943; bugfix on 0.3.4.2-alpha. + + o Minor bugfixes (directory permissions): + - When a user requests a group-readable DataDirectory, give it to + them. Previously, when the DataDirectory and the CacheDirectory + were the same, the default setting (0) for + CacheDirectoryGroupReadable would override the setting for + DataDirectoryGroupReadable. Fixes bug 26913; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (memory leaks): + - Fix a small memory leak when calling Tor with --dump-config. Fixes + bug 27893; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (networking): + - In retry_listeners_ports(), make sure that we're removing a member + of old_conns smartlist at most once. Fixes bug 27808; bugfix + on 0.3.5.1-alpha. + - Refrain from attempting socket rebinding when old and new + listeners are in different address families. Fixes bug 27928; + bugfix on 0.3.5.1-alpha. + + o Minor bugfixes (onion service v3): + - Stop dumping a stack trace when trying to connect to an intro + point without having a descriptor for it. Fixes bug 27774; bugfix + on 0.3.2.1-alpha. + - Don't warn so loudly when Tor is unable to decode an onion + descriptor. This can now happen as a normal use case if a client + gets a descriptor with client authorization but the client is not + authorized. Fixes bug 27550; bugfix on 0.3.5.1-alpha. + - When selecting a v3 rendezvous point, don't only look at the + protover, but also check whether the curve25519 onion key is + present. This way we avoid picking a relay that supports the v3 + rendezvous but for which we don't have the microdescriptor. Fixes + bug 27797; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (protover): + - Reject protocol names containing bytes other than alphanumeric + characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (testing): + - Make the hs_service tests use the same time source when creating + the introduction point and when testing it. Now tests work better + on very slow systems like ARM or Travis. Fixes bug 27810; bugfix + on 0.3.2.1-alpha. + - In test_rebind.py, check if the Python version is in the supported + range. Fixes bug 27675; bugfix on 0.3.5.1-alpha. + + o Code simplification and refactoring: + - Divide more large Tor source files -- especially ones that span + multiple areas of functionality -- into smaller parts, including + onion.c and main.c. Closes ticket 26747. + - Divide the "routerparse.c" module into separate modules for each + group of parsed objects. Closes ticket 27924. + - Move protover_rust.c to the same place protover.c was moved to. + Closes ticket 27814. + - Split directory.c into separate pieces for client, server, and + common functionality. Closes ticket 26744. + - Split the non-statistics-related parts from the rephist.c and + geoip.c modules. Closes ticket 27892. + - Split the router.c file into relay-only and shared components, to + help with future modularization. Closes ticket 27864. + + o Documentation: + - In the tor-resolve(1) manpage, fix the reference to socks- + extensions.txt by adding a web URL. Resolves ticket 27853. + - Mention that we require Python to be 2.7 or newer for some + integration tests that we ship with Tor. Resolves ticket 27677. + + +Changes in version 0.3.5.2-alpha - 2018-09-21 + Tor 0.3.5.2-alpha fixes several bugs in 0.3.5.1-alpha, including one + that made Tor think it had run out of sockets. Anybody running a relay + or an onion service on 0.3.5.1-alpha should upgrade. + + o Major bugfixes (relay bandwidth statistics): + - When we close relayed circuits, report the data in the circuit + queues as being written in our relay bandwidth stats. This + mitigates guard discovery and other attacks that close circuits + for the explicit purpose of noticing this discrepancy in + statistics. Fixes bug 23512; bugfix on 0.0.8pre3. + + o Major bugfixes (socket accounting): + - In our socket accounting code, count a socket as closed even when + it is closed indirectly by the TLS layer. Previously, we would + count these sockets as still in use, and incorrectly believe that + we had run out of sockets. Fixes bug 27795; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (32-bit OSX and iOS, timing): + - Fix an integer overflow bug in our optimized 32-bit millisecond- + difference algorithm for 32-bit Apple platforms. Previously, it + would overflow when calculating the difference between two times + more than 47 days apart. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + - Improve the precision of our 32-bit millisecond difference + algorithm for 32-bit Apple platforms. Fixes part of bug 27139; + bugfix on 0.3.4.1-alpha. + - Relax the tolerance on the mainloop/update_time_jumps test when + running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (onion service v3): + - Close all SOCKS request (for the same .onion) if the newly fetched + descriptor is unusable. Before that, we would close only the first + one leaving the other hanging and let to time out by themselves. + Fixes bug 27410; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (memory leak): + - Fix an unlikely memory leak when trying to read a private key from + a ridiculously large file. Fixes bug 27764; bugfix on + 0.3.5.1-alpha. This is CID 1439488. + + o Minor bugfixes (NSS): + - Correctly detect failure to open a dummy TCP socket when stealing + ownership of an fd from the NSS layer. Fixes bug 27782; bugfix + on 0.3.5.1-alpha. + + o Minor bugfixes (rust): + - protover_all_supported() would attempt to allocate up to 16GB on + some inputs, leading to a potential memory DoS. Fixes bug 27206; + bugfix on 0.3.3.5-rc. + + o Minor bugfixes (testing): + - Revise the "conditionvar_timeout" test so that it succeeds even on + heavily loaded systems where the test threads are not scheduled + within 200 msec. Fixes bug 27073; bugfix on 0.2.6.3-alpha. + + o Code simplification and refactoring: + - Divide the routerlist.c and dirserv.c modules into smaller parts. + Closes ticket 27799. + + +Changes in version 0.3.5.1-alpha - 2018-09-18 + Tor 0.3.5.1-alpha is the first release of the 0.3.5.x series. It adds + client authorization for modern (v3) onion services, improves + bootstrap reporting, begins reorganizing Tor's codebase, adds optional + support for NSS in place of OpenSSL, and much more. + + o Major features (onion services, UI change): + - For a newly created onion service, the default version is now 3. + Tor still supports existing version 2 services, but the operator + now needs to set "HiddenServiceVersion 2" in order to create a new + version 2 service. For existing services, Tor now learns the + version by reading the key file. Closes ticket 27215. + + o Major features (relay, UI change): + - Relays no longer run as exits by default. If the "ExitRelay" + option is auto (or unset), and no exit policy is specified with + ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0. + Previously in this case, we allowed exit traffic and logged a + warning message. Closes ticket 21530. Patch by Neel Chauhan. + - Tor now validates that the ContactInfo config option is valid UTF- + 8 when parsing torrc. Closes ticket 27428. + + o Major features (bootstrap): + - Don't report directory progress until after a connection to a + relay or bridge has succeeded. Previously, we'd report 80% + progress based on cached directory information when we couldn't + even connect to the network. Closes ticket 27169. + + o Major features (new code layout): + - Nearly all of Tor's source code has been moved around into more + logical places. The "common" directory is now divided into a set + of libraries in "lib", and files in the "or" directory have been + split into "core" (logic absolutely needed for onion routing), + "feature" (independent modules in Tor), and "app" (to configure + and invoke the rest of Tor). See doc/HACKING/CodeStructure.md for + more information. Closes ticket 26481. + + This refactoring is not complete: although the libraries have been + refactored to be acyclic, the main body of Tor is still too + interconnected. We will attempt to improve this in the future. + + o Major features (onion services v3): + - Implement onion service client authorization at the descriptor + level: only authorized clients can decrypt a service's descriptor + to find out how to contact it. A new torrc option was added to + control this client side: ClientOnionAuthDir . On the + service side, if the "authorized_clients/" directory exists in the + onion service directory path, client configurations are read from + the files within. See the manpage for more details. Closes ticket + 27547. Patch done by Suphanat Chunhapanya (haxxpop). + - Improve revision counter generation in next-gen onion services. + Onion services can now scale by hosting multiple instances on + different hosts without synchronization between them, which was + previously impossible because descriptors would get rejected by + HSDirs. Addresses ticket 25552. + + o Major features (portability, cryptography, experimental, TLS): + - Tor now has the option to compile with the NSS library instead of + OpenSSL. This feature is experimental, and we expect that bugs may + remain. It is mainly intended for environments where Tor's + performance is not CPU-bound, and where NSS is already known to be + installed. To try it out, configure Tor with the --enable-nss + flag. Closes tickets 26631, 26815, and 26816. + + If you are experimenting with this option and using an old cached + consensus, Tor may fail to start. To solve this, delete your + "cached-consensus" and "cached-microdesc-consensus" files, + (if present), and restart Tor. + + o Major bugfixes (directory authority): + - Actually check that the address we get from DirAuthority + configuration line is valid IPv4. Explicitly disallow DirAuthority + address to be a DNS hostname. Fixes bug 26488; bugfix + on 0.1.2.10-rc. + + o Major bugfixes (restart-in-process): + - Fix a use-after-free error that could be caused by passing Tor an + impossible set of options that would fail during options_act(). + Fixes bug 27708; bugfix on 0.3.3.1-alpha. + + o Minor features (admin tools): + - Add a new --key-expiration option to print the expiration date of + the signing cert in an ed25519_signing_cert file. Resolves + issue 19506. + + o Minor features (build): + - If you pass the "--enable-pic" option to configure, Tor will try + to tell the compiler to build position-independent code suitable + to link into a dynamic library. (The default remains -fPIE, for + code suitable for a relocatable executable.) Closes ticket 23846. + + o Minor features (code correctness, testing): + - Tor's build process now includes a "check-includes" make target to + verify that no module of Tor relies on any headers from a higher- + level module. We hope to use this feature over time to help + refactor our codebase. Closes ticket 26447. + + o Minor features (code layout): + - We have a new "lowest-level" error-handling API for use by code + invoked from within the logging module. With this interface, the + logging code is no longer at risk of calling into itself if a + failure occurs while it is trying to log something. Closes + ticket 26427. + + o Minor features (compilation): + - Tor's configure script now supports a --with-malloc= option to + select your malloc implementation. Supported options are + "tcmalloc", "jemalloc", "openbsd" (deprecated), and "system" (the + default). Addresses part of ticket 20424. Based on a patch from + Alex Xu. + + o Minor features (config): + - The "auto" keyword in torrc is now case-insensitive. Closes + ticket 26663. + + o Minor features (continuous integration): + - Don't do a distcheck with --disable-module-dirauth in Travis. + Implements ticket 27252. + - Install libcap-dev and libseccomp2-dev so these optional + dependencies get tested on Travis CI. Closes ticket 26560. + - Only run one online rust build in Travis, to reduce network + errors. Skip offline rust builds on Travis for Linux gcc, because + they're redundant. Implements ticket 27252. + - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a + duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on + Linux with default settings, because all the non-default builds + use gcc on Linux. Implements ticket 27252. + + o Minor features (controller): + - Emit CIRC_BW events as soon as we detect that we processed an + invalid or otherwise dropped cell on a circuit. This allows + vanguards and other controllers to react more quickly to dropped + cells. Closes ticket 27678. + - For purposes of CIRC_BW-based dropped cell detection, track half- + closed stream ids, and allow their ENDs, SENDMEs, DATA and path + bias check cells to arrive without counting it as dropped until + either the END arrives, or the windows are empty. Closes + ticket 25573. + - Implement a 'GETINFO md/all' controller command to enable getting + all known microdescriptors. Closes ticket 8323. + - The GETINFO command now support an "uptime" argument, to return + Tor's uptime in seconds. Closes ticket 25132. + + o Minor features (denial-of-service avoidance): + - Make our OOM handler aware of the DNS cache so that it doesn't + fill up the memory. This check is important for our DoS mitigation + subsystem. Closes ticket 18642. Patch by Neel Chauhan. + + o Minor features (development): + - Tor's makefile now supports running the "clippy" Rust style tool + on our Rust code. Closes ticket 22156. + + o Minor features (directory authority): + - There is no longer an artificial upper limit on the length of + bandwidth lines. Closes ticket 26223. + - When a bandwidth file is used to obtain the bandwidth measurements, + include this bandwidth file headers in the votes. Closes + ticket 3723. + - Improved support for networks with only a single authority or a + single fallback directory. Patch from Gabriel Somlo. Closes + ticket 25928. + + o Minor features (embedding API): + - The Tor controller API now supports a function to launch Tor with + a preconstructed owning controller FD, so that embedding + applications don't need to manage controller ports and + authentication. Closes ticket 24204. + - The Tor controller API now has a function that returns the name + and version of the backend implementing the API. Closes + ticket 26947. + + o Minor features (geoip): + - Update geoip and geoip6 to the September 6 2018 Maxmind GeoLite2 + Country database. Closes ticket 27631. + + o Minor features (memory management): + - Get Libevent to use the same memory allocator as Tor, by calling + event_set_mem_functions() during initialization. Resolves + ticket 8415. + + o Minor features (memory usage): + - When not using them, store legacy TAP public onion keys in DER- + encoded format, rather than as expanded public keys. This should + save several megabytes on typical clients. Closes ticket 27246. + + o Minor features (OpenSSL): + - When possible, use RFC5869 HKDF implementation from OpenSSL rather + than our own. Resolves ticket 19979. + + o Minor features (Rust, code quality): + - Improve rust code quality in the rust protover implementation by + making it more idiomatic. Includes changing an internal API to + take &str instead of &String. Closes ticket 26492. + + o Minor features (testing): + - Add scripts/test/chutney-git-bisect.sh, for bisecting using + chutney. Implements ticket 27211. + + o Minor features (tor-resolve): + - The tor-resolve utility can now be used with IPv6 SOCKS proxies. + Side-effect of the refactoring for ticket 26526. + + o Minor features (UI): + - Log each included configuration file or directory as we read it, + to provide more visibility about where Tor is reading from. Patch + from Unto Sten; closes ticket 27186. + - Lower log level of "Scheduler type KIST has been enabled" to INFO. + Closes ticket 26703. + + o Minor bugfixes (bootstrap): + - Try harder to get descriptors in non-exit test networks, by using + the mid weight for the third hop when there are no exits. Fixes + bug 27237; bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (C correctness): + - Avoid casting smartlist index to int implicitly, as it may trigger + a warning (-Wshorten-64-to-32). Fixes bug 26282; bugfix on + 0.2.3.13-alpha, 0.2.7.1-alpha and 0.2.1.1-alpha. + - Use time_t for all values in + predicted_ports_prediction_time_remaining(). Rework the code that + computes difference between durations/timestamps. Fixes bug 27165; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (client, memory usage): + - When not running as a directory cache, there is no need to store + the text of the current consensus networkstatus in RAM. + Previously, however, clients would store it anyway, at a cost of + over 5 MB. Now, they do not. Fixes bug 27247; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (client, reachableaddresses): + - Instead of adding a "reject *:*" line to ReachableAddresses when + loading the configuration, add one to the policy after parsing it + in parse_reachable_addresses(). This prevents extra "reject *.*" + lines from accumulating on reloads. Fixes bug 20874; bugfix on + 0.1.1.5-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (code quality): + - Rename sandbox_getaddrinfo() and other functions to no longer + misleadingly suggest that they are sandbox-only. Fixes bug 26525; + bugfix on 0.2.7.1-alpha. + + o Minor bugfixes (configuration, Onion Services): + - In rend_service_parse_port_config(), disallow any input to remain + after address-port pair was parsed. This will catch address and + port being whitespace-separated by mistake of the user. Fixes bug + 27044; bugfix on 0.2.9.10. + + o Minor bugfixes (continuous integration): + - Stop reinstalling identical packages in our Windows CI. Fixes bug + 27464; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (controller): + - Consider all routerinfo errors other than "not a server" to be + transient for the purpose of "GETINFO exit-policy/*" controller + request. Print stacktrace in the unlikely case of failing to + recompute routerinfo digest. Fixes bug 27034; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (directory connection shutdown): + - Avoid a double-close when shutting down a stalled directory + connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (HTTP tunnel): + - Fix a bug warning when closing an HTTP tunnel connection due to an + HTTP request we couldn't handle. Fixes bug 26470; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (ipv6): + - In addrs_in_same_network_family(), we choose the subnet size based + on the IP version (IPv4 or IPv6). Previously, we chose a fixed + subnet size of /16 for both IPv4 and IPv6 addresses. Fixes bug + 15518; bugfix on 0.2.3.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (logging): + - As a precaution, do an early return from log_addr_has_changed() if + Tor is running as client. Also, log a stack trace for debugging as + this function should only be called when Tor runs as server. Fixes + bug 26892; bugfix on 0.1.1.9-alpha. + - Refrain from mentioning bug 21018 in the logs, as it is already + fixed. Fixes bug 25477; bugfix on 0.2.9.8. + + o Minor bugfixes (logging, documentation): + - When SafeLogging is enabled, scrub IP address in + channel_tls_process_netinfo_cell(). Also, add a note to manpage + that scrubbing is not guaranteed on loglevels below Notice. Fixes + bug 26882; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (netflow padding): + - Ensure circuitmux queues are empty before scheduling or sending + padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion service v2): + - Log at level "info", not "warning", in the case that we do not + have a consensus when a .onion request comes in. This can happen + normally while bootstrapping. Fixes bug 27040; bugfix + on 0.2.8.2-alpha. + + o Minor bugfixes (onion service v3): + - When the onion service directory can't be created or has the wrong + permissions, do not log a stack trace. Fixes bug 27335; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (OS compatibility): + - Properly handle configuration changes that move a listener to/from + wildcard IP address. If the first attempt to bind a socket fails, + close the old listener and try binding the socket again. Fixes bug + 17873; bugfix on 0.0.8pre-1. + + o Minor bugfixes (performance):: + - Rework node_is_a_configured_bridge() to no longer call + node_get_all_orports(), which was performing too many memory + allocations. Fixes bug 27224; bugfix on 0.2.3.9. + + o Minor bugfixes (relay statistics): + - Update relay descriptor on bandwidth changes only when the uptime + is smaller than 24h, in order to reduce the efficiency of guard + discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha. + + o Minor bugfixes (relays): + - Consider the fact that we'll be making direct connections to our + entry and guard nodes when computing the fraction of nodes that + have their descriptors. Also, if we are using bridges and there is + at least one bridge with a full descriptor, treat the fraction of + guards available as 100%. Fixes bug 25886; bugfix on 0.2.4.10-alpha. + Patch by Neel Chauhan. + - Update the message logged on relays when DirCache is disabled. + Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the + Guard flag. Fixes bug 24312; bugfix on 0.3.3.5-rc. + + o Minor bugfixes (rust, protover): + - Compute protover votes correctly in the rust version of the + protover code. Previously, the protover rewrite in 24031 allowed + repeated votes from the same voter for the same protocol version + to be counted multiple times in protover_compute_vote(). Fixes bug + 27649; bugfix on 0.3.3.5-rc. + - Reject protover names that contain invalid characters. Fixes bug + 27687; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing): + - Fix two unit tests to work when HOME environment variable is not + set. Fixes bug 27096; bugfix on 0.2.8.1-alpha. + - If a unit test running in a subprocess exits abnormally or with a + nonzero status code, treat the test as having failed, even if the + test reported success. Without this fix, memory leaks don't cause + the tests to fail, even with LeakSanitizer. Fixes bug 27658; + bugfix on 0.2.2.4-alpha. + - When logging a version mismatch in our openssl_version tests, + report the actual offending version strings. Fixes bug 26152; + bugfix on 0.2.9.1-alpha. + - Fix forking tests on Windows when there is a space somewhere in + the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha. + + o Code simplification and refactoring: + - 'updateFallbackDirs.py' now ignores the blacklist file, as it's not + longer needed. Closes ticket 26502. + - Include paths to header files within Tor are now qualified by + directory within the top-level src directory. + - Many structures have been removed from the centralized "or.h" + header, and moved into their own headers. This will allow us to + reduce the number of places in the code that rely on each + structure's contents and layout. Closes ticket 26383. + - Remove ATTR_NONNULL macro from codebase. Resolves ticket 26527. + - Remove GetAdaptersAddresses_fn_t. The code that used it was + removed as part of the 26481 refactor. Closes ticket 27467. + - Rework Tor SOCKS server code to use Trunnel and benefit from + autogenerated functions for parsing and generating SOCKS wire + format. New implementation is cleaner, more maintainable and + should be less prone to heartbleed-style vulnerabilities. + Implements a significant fraction of ticket 3569. + - Split sampled_guards_update_from_consensus() and + select_entry_guard_for_circuit() into subfunctions. In + entry_guards_update_primary() unite three smartlist enumerations + into one and move smartlist comparison code out of the function. + Closes ticket 21349. + - Tor now assumes that you have standards-conformant stdint.h and + inttypes.h headers when compiling. Closes ticket 26626. + - Unify our bloom filter logic. Previously we had two copies of this + code: one for routerlist filtering, and one for address set + calculations. Closes ticket 26510. + - Use the simpler strcmpstart() helper in + rend_parse_v2_service_descriptor instead of strncmp(). Closes + ticket 27630. + - Utility functions that can perform a DNS lookup are now wholly + separated from those that can't, in separate headers and C + modules. Closes ticket 26526. + + o Documentation: + - Copy paragraph and URL to Tor's code of conduct document from + CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638. + - Remove old instructions from INSTALL document. Closes ticket 26588. + - Warn users that they should not include MyFamily line(s) in their + torrc when running Tor bridge. Closes ticket 26908. + + o Removed features: + - Tor no longer supports building with the dmalloc library. For + debugging memory issues, we suggest using gperftools or msan + instead. Closes ticket 26426. + - Tor no longer attempts to run on Windows environments without the + GetAdaptersAddresses() function. This function has existed since + Windows XP, which is itself already older than we support. + - Remove Tor2web functionality for version 2 onion services. The + Tor2webMode and Tor2webRendezvousPoints options are now obsolete. + (This feature was never shipped in vanilla Tor and it was only + possible to use this feature by building the support at compile + time. Tor2webMode is not implemented for version 3 onion services.) + Closes ticket 26367. + + +Changes in version 0.2.9.17 - 2018-09-10 + Tor 0.2.9.17 backports numerous bugfixes from later versions of Tor. + + o Minor features (compatibility, backport from 0.3.4.8): + - Tell OpenSSL to maintain backward compatibility with previous + RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these + ciphers are disabled by default. Closes ticket 27344. + + o Minor features (continuous integration, backport from 0.3.4.7-rc): + - Enable macOS builds in our Travis CI configuration. Closes + ticket 24629. + - Install libcap-dev and libseccomp2-dev so these optional + dependencies get tested on Travis CI. Closes ticket 26560. + - Run asciidoc during Travis CI. Implements ticket 27087. + - Use ccache in our Travis CI configuration. Closes ticket 26952. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 27089. + + o Minor bugfixes (compilation, backport from 0.3.4.6-rc): + - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, + tell the compiler not to include the system malloc implementation. + Fixes bug 20424; bugfix on 0.2.0.20-rc. + + o Minor bugfixes (compilation, backport from 0.3.4.7-rc): + - Silence a spurious compiler warning on the GetAdaptersAddresses + function pointer cast. This issue is already fixed by 26481 in + 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465; + bugfix on 0.2.3.11-alpha. + - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not + supported, and always fails. Some compilers warn about the + function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix + on 0.2.2.23-alpha. + + o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc): + - Don't link or search for pthreads when building for Windows, even + if we are using build environment (like mingw) that provides a + pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc): + - Skip a pair of unreliable key generation tests on Windows, until + the underlying issue in bug 26076 is resolved. Fixes bug 26830 and + bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively. + + o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc): + - Pass the module flags to distcheck configure, and log the flags + before running configure. (Backported to 0.2.9 and later as a + precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, backport from 0.3.4.8): + - When a Travis build fails, and showing a log fails, keep trying to + show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc. + - When we use echo in Travis, don't pass a --flag as the first + argument. Fixes bug 27418; bugfix on 0.3.4.7-rc. + + o Minor bugfixes (directory authority, backport from 0.3.4.6-rc): + - When voting for recommended versions, make sure that all of the + versions are well-formed and parsable. Fixes bug 26485; bugfix + on 0.1.1.6-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc): + - Fix a bug in out sandboxing rules for the openat() syscall. + Previously, no openat() call would be permitted, which would break + filesystem operations on recent glibc versions. Fixes bug 25440; + bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto. + + o Minor bugfixes (onion services, backport from 0.3.4.8): + - Silence a spurious compiler warning in + rend_client_send_introduction(). Fixes bug 27463; bugfix + on 0.1.1.2-alpha. + + o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc): + - Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.4.6-rc): + - Disable core dumps in test_bt.sh, to avoid failures in "make + distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (testing, chutney, backport from 0.3.4.8): + - Before running make test-network-all, delete old logs and test + result files, to avoid spurious failures. Fixes bug 27295; bugfix + on 0.2.7.3-rc. + + o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc): + - Our "tortls/cert_matches_key" unit test no longer relies on + OpenSSL internals. Previously, it relied on unsupported OpenSSL + behavior in a way that caused it to crash with OpenSSL 1.0.2p. + Fixes bug 27226; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc): + - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug + 27185; bugfix on 0.2.2.2-alpha. + + +Changes in version 0.3.2.12 - 2018-09-10 + Tor 0.3.2.12 backport numerous fixes from later versions of Tor. + + o Minor features (compatibility, backport from 0.3.4.8): + - Tell OpenSSL to maintain backward compatibility with previous + RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these + ciphers are disabled by default. Closes ticket 27344. + + o Minor features (continuous integration, backport from 0.3.4.7-rc): + - Enable macOS builds in our Travis CI configuration. Closes + ticket 24629. + - Install libcap-dev and libseccomp2-dev so these optional + dependencies get tested on Travis CI. Closes ticket 26560. + - Run asciidoc during Travis CI. Implements ticket 27087. + - Use ccache in our Travis CI configuration. Closes ticket 26952. + + o Minor features (continuous integration, rust, backport from 0.3.4.7-rc): + - Use cargo cache in our Travis CI configuration. Closes + ticket 26952. + + o Minor features (controller, backport from 0.3.4.6-rc): + - The control port now exposes the list of HTTPTunnelPorts and + ExtOrPorts via GETINFO net/listeners/httptunnel and + net/listeners/extor respectively. Closes ticket 26647. + + o Minor features (directory authorities, backport from 0.3.4.7-rc): + - Authorities no longer vote to make the subprotocol version + "LinkAuth=1" a requirement: it is unsupportable with NSS, and + hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 27089. + + o Minor bugfixes (compilation, backport from 0.3.4.6-rc): + - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, + tell the compiler not to include the system malloc implementation. + Fixes bug 20424; bugfix on 0.2.0.20-rc. + - Don't try to use a pragma to temporarily disable the + -Wunused-const-variable warning if the compiler doesn't support + it. Fixes bug 26785; bugfix on 0.3.2.11. + + o Minor bugfixes (compilation, backport from 0.3.4.7-rc): + - Silence a spurious compiler warning on the GetAdaptersAddresses + function pointer cast. This issue is already fixed by 26481 in + 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465; + bugfix on 0.2.3.11-alpha. + - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not + supported, and always fails. Some compilers warn about the + function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix + on 0.2.2.23-alpha. + + o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc): + - Don't link or search for pthreads when building for Windows, even + if we are using build environment (like mingw) that provides a + pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc): + - Skip a pair of unreliable key generation tests on Windows, until + the underlying issue in bug 26076 is resolved. Fixes bug 26830 and + bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively. + + o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc): + - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha. + - Pass the module flags to distcheck configure, and log the flags + before running configure. (Backported to 0.2.9 and later as a + precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, backport from 0.3.4.8): + - When a Travis build fails, and showing a log fails, keep trying to + show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc. + - When we use echo in Travis, don't pass a --flag as the first + argument. Fixes bug 27418; bugfix on 0.3.4.7-rc. + + o Minor bugfixes (directory authority, backport from 0.3.4.6-rc): + - When voting for recommended versions, make sure that all of the + versions are well-formed and parsable. Fixes bug 26485; bugfix + on 0.1.1.6-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc): + - Fix a bug in out sandboxing rules for the openat() syscall. + Previously, no openat() call would be permitted, which would break + filesystem operations on recent glibc versions. Fixes bug 25440; + bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto. + + o Minor bugfixes (logging, backport from 0.3.4.6-rc): + - Improve the log message when connection initiators fail to + authenticate direct connections to relays. Fixes bug 26927; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (onion services, backport from 0.3.4.7-rc): + - Fix bug that causes services to not ever rotate their descriptors + if they were getting SIGHUPed often. Fixes bug 26932; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion services, backport from 0.3.4.8): + - Silence a spurious compiler warning in + rend_client_send_introduction(). Fixes bug 27463; bugfix + on 0.1.1.2-alpha. + + o Minor bugfixes (rust, backport from 0.3.4.7-rc): + - Backport test_rust.sh from master. Fixes bug 26497; bugfix + on 0.3.1.5-alpha. + - Consistently use ../../.. as a fallback for $abs_top_srcdir in + test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha. + - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or + $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha. + + o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc): + - Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.4.6-rc): + - Disable core dumps in test_bt.sh, to avoid failures in "make + distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (testing, chutney, backport from 0.3.4.8): + - When running make test-network-all, use the mixed+hs-v2 network. + (A previous fix to chutney removed v3 onion services from the + mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is + confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha. + - Before running make test-network-all, delete old logs and test + result files, to avoid spurious failures. Fixes bug 27295; bugfix + on 0.2.7.3-rc. + + o Minor bugfixes (testing, openssl compatibility): + - Our "tortls/cert_matches_key" unit test no longer relies on OpenSSL + internals. Previously, it relied on unsupported OpenSSL behavior in + a way that caused it to crash with OpenSSL 1.0.2p. Fixes bug 27226; + bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc): + - Our "tortls/cert_matches_key" unit test no longer relies on + OpenSSL internals. Previously, it relied on unsupported OpenSSL + behavior in a way that caused it to crash with OpenSSL 1.0.2p. + Fixes bug 27226; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc): + - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug + 27185; bugfix on 0.2.2.2-alpha. + + +Changes in version 0.3.3.10 - 2018-09-10 + Tor 0.3.3.10 backports numerous fixes from later versions of Tor. + + o Minor features (bug workaround, backport from 0.3.4.7-rc): + - Compile correctly on systems that provide the C11 stdatomic.h + header, but where C11 atomic functions don't actually compile. + Closes ticket 26779; workaround for Debian issue 903709. + + o Minor features (compatibility, backport from 0.3.4.8): + - Tell OpenSSL to maintain backward compatibility with previous + RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these + ciphers are disabled by default. Closes ticket 27344. + + o Minor features (continuous integration, backport from 0.3.4.7-rc): + - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629. + - Enable macOS builds in our Travis CI configuration. Closes + ticket 24629. + - Install libcap-dev and libseccomp2-dev so these optional + dependencies get tested on Travis CI. Closes ticket 26560. + - Run asciidoc during Travis CI. Implements ticket 27087. + - Use ccache in our Travis CI configuration. Closes ticket 26952. + + o Minor features (continuous integration, rust, backport from 0.3.4.7-rc): + - Use cargo cache in our Travis CI configuration. Closes + ticket 26952. + + o Minor features (controller, backport from 0.3.4.6-rc): + - The control port now exposes the list of HTTPTunnelPorts and + ExtOrPorts via GETINFO net/listeners/httptunnel and + net/listeners/extor respectively. Closes ticket 26647. + + o Minor features (directory authorities, backport from 0.3.4.7-rc): + - Authorities no longer vote to make the subprotocol version + "LinkAuth=1" a requirement: it is unsupportable with NSS, and + hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 27089. + + o Minor bugfixes (compilation, backport from 0.3.4.6-rc): + - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, + tell the compiler not to include the system malloc implementation. + Fixes bug 20424; bugfix on 0.2.0.20-rc. + - Don't try to use a pragma to temporarily disable the + -Wunused-const-variable warning if the compiler doesn't support + it. Fixes bug 26785; bugfix on 0.3.2.11. + + o Minor bugfixes (compilation, backport from 0.3.4.7-rc): + - Silence a spurious compiler warning on the GetAdaptersAddresses + function pointer cast. This issue is already fixed by 26481 in + 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465; + bugfix on 0.2.3.11-alpha. + - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not + supported, and always fails. Some compilers warn about the + function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix + on 0.2.2.23-alpha. + + o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc): + - Don't link or search for pthreads when building for Windows, even + if we are using build environment (like mingw) that provides a + pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc): + - Skip a pair of unreliable key generation tests on Windows, until + the underlying issue in bug 26076 is resolved. Fixes bug 26830 and + bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively. + + o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc): + - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha. + - Pass the module flags to distcheck configure, and log the flags + before running configure. (Backported to 0.2.9 and later as a + precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (continuous integration, backport from 0.3.4.8): + - When a Travis build fails, and showing a log fails, keep trying to + show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc. + - When we use echo in Travis, don't pass a --flag as the first + argument. Fixes bug 27418; bugfix on 0.3.4.7-rc. + + o Minor bugfixes (directory authority, backport from 0.3.4.6-rc): + - When voting for recommended versions, make sure that all of the + versions are well-formed and parsable. Fixes bug 26485; bugfix + on 0.1.1.6-alpha. + + o Minor bugfixes (in-process restart, backport from 0.3.4.7-rc): + - Always call tor_free_all() when leaving tor_run_main(). When we + did not, restarting tor in-process would cause an assertion + failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc): + - Fix a bug in our sandboxing rules for the openat() syscall. + Previously, no openat() call would be permitted, which would break + filesystem operations on recent glibc versions. Fixes bug 25440; + bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto. + + o Minor bugfixes (logging, backport from 0.3.4.6-rc): + - Improve the log message when connection initiators fail to + authenticate direct connections to relays. Fixes bug 26927; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (onion services, backport from 0.3.4.7-rc): + - Fix bug that causes services to not ever rotate their descriptors + if they were getting SIGHUPed often. Fixes bug 26932; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (onion services, backport from 0.3.4.8): + - Silence a spurious compiler warning in + rend_client_send_introduction(). Fixes bug 27463; bugfix + on 0.1.1.2-alpha. + + o Minor bugfixes (portability, backport from 0.3.4.6-rc): + - Work around two different bugs in the OS X 10.10 and later SDKs + that would prevent us from successfully targeting earlier versions + of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (portability, backport from 0.3.4.7-rc): + - Fix compilation of the unit tests on GNU/Hurd, which does not + define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch + from "paulusASol". + + o Minor bugfixes (rust, backport from 0.3.4.7-rc): + - Backport test_rust.sh from master. Fixes bug 26497; bugfix + on 0.3.1.5-alpha. + - Consistently use ../../.. as a fallback for $abs_top_srcdir in + test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha. + - Protover parsing was accepting the presence of whitespace in + version strings, which the C implementation would choke on, e.g. + "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc. + - Protover parsing was ignoring a 2nd hyphen and everything after + it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix + on 0.3.3.1-alpha. + - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or + $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha. + - cd to ${abs_top_builddir}/src/rust before running cargo in + src/test/test_rust.sh. This makes the working directory consistent + between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha. + + o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc): + - Log a protocol warning when single onion services or Tor2web clients + fail to authenticate direct connections to relays. + Fixes bug 26924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.4.6-rc): + - Disable core dumps in test_bt.sh, to avoid failures in "make + distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (testing, chutney, backport from 0.3.4.8): + - When running make test-network-all, use the mixed+hs-v2 network. + (A previous fix to chutney removed v3 onion services from the + mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is + confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha. + - Before running make test-network-all, delete old logs and test + result files, to avoid spurious failures. Fixes bug 27295; bugfix + on 0.2.7.3-rc. + + o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc): + - Our "tortls/cert_matches_key" unit test no longer relies on + OpenSSL internals. Previously, it relied on unsupported OpenSSL + behavior in a way that caused it to crash with OpenSSL 1.0.2p. + Fixes bug 27226; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (v3 onion services, backport from 0.3.4.6-rc): + - Stop sending ed25519 link specifiers in v3 onion service introduce + cells and descriptors, when the rendezvous or introduction point + doesn't support ed25519 link authentication. Fixes bug 26627; + bugfix on 0.3.2.4-alpha. + + o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc): + - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug + 27185; bugfix on 0.2.2.2-alpha. + + +Changes in version 0.3.4.8 - 2018-09-10 + Tor 0.3.4.8 is the first stable release in its series; it includes + compilation and portability fixes. + + The Tor 0.3.4 series includes improvements for running Tor in + low-power and embedded environments, which should help performance in + general. We've begun work on better modularity, and included preliminary + changes on the directory authority side to accommodate a new bandwidth + measurement system. We've also integrated more continuous-integration + systems into our development process, and made corresponding changes to + Tor's testing infrastructure. Finally, we've continued to refine + our anti-denial-of-service code. + + Below are the changes since 0.3.4.7-rc. For a complete list of changes + since 0.3.3.9, see the ReleaseNotes file. + + o Minor features (compatibility): + - Tell OpenSSL to maintain backward compatibility with previous + RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these + ciphers are disabled by default. Closes ticket 27344. + + o Minor features (continuous integration): + - Log the compiler path and version during Appveyor builds. + Implements ticket 27449. + - Show config.log and test-suite.log after failed Appveyor builds. + Also upload the zipped full logs as a build artifact. Implements + ticket 27430. + + o Minor bugfixes (compilation): + - Silence a spurious compiler warning on the GetAdaptersAddresses + function pointer cast. This issue is already fixed by 26481 in + 0.3.5 and later, by removing the lookup and cast. Fixes bug 27465; + bugfix on 0.2.3.11-alpha. + - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not + supported, and always fails. Some compilers warn about the + function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix + on 0.2.2.23-alpha. + + o Minor bugfixes (continuous integration): + - Disable gcc hardening in Appveyor Windows 64-bit builds. As of + August 29 2018, Appveyor images come with gcc 8.2.0 by default. + Executables compiled for 64-bit Windows with this version of gcc + crash when Tor's --enable-gcc-hardening flag is set. Fixes bug + 27460; bugfix on 0.3.4.1-alpha. + - When a Travis build fails, and showing a log fails, keep trying to + show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc. + - When we use echo in Travis, don't pass a --flag as the first + argument. Fixes bug 27418; bugfix on 0.3.4.7-rc. + + o Minor bugfixes (onion services): + - Silence a spurious compiler warning in + rend_client_send_introduction(). Fixes bug 27463; bugfix + on 0.1.1.2-alpha. + + o Minor bugfixes (testing, chutney): + - When running make test-network-all, use the mixed+hs-v2 network. + (A previous fix to chutney removed v3 onion services from the + mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is + confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha. + - Before running make test-network-all, delete old logs and test + result files, to avoid spurious failures. Fixes bug 27295; bugfix + on 0.2.7.3-rc. + +Changes in version 0.3.4.7-rc - 2018-08-24 + Tor 0.3.4.7-rc fixes several small compilation, portability, and + correctness issues in previous versions of Tor. This version is a + release candidate: if no serious bugs are found, we expect that the + stable 0.3.4 release will be (almost) the same as this release. + + o Minor features (bug workaround): + - Compile correctly on systems that provide the C11 stdatomic.h + header, but where C11 atomic functions don't actually compile. + Closes ticket 26779; workaround for Debian issue 903709. + + o Minor features (continuous integration): + - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629. + - Enable macOS builds in our Travis CI configuration. Closes + ticket 24629. + - Install libcap-dev and libseccomp2-dev so these optional + dependencies get tested on Travis CI. Closes ticket 26560. + - Only post Appveyor IRC notifications when the build fails. + Implements ticket 27275. + - Run asciidoc during Travis CI. Implements ticket 27087. + - Use ccache in our Travis CI configuration. Closes ticket 26952. + + o Minor features (continuous integration, rust): + - Use cargo cache in our Travis CI configuration. Closes + ticket 26952. + + o Minor features (directory authorities): + - Authorities no longer vote to make the subprotocol version + "LinkAuth=1" a requirement: it is unsupportable with NSS, and + hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 27089. + + o Minor bugfixes (compilation, windows): + - Don't link or search for pthreads when building for Windows, even + if we are using build environment (like mingw) that provides a + pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (continuous integration): + - Improve Appveyor CI IRC logging. Generate correct branches and + URLs for pull requests and tags. Use unambiguous short commits. + Fixes bug 26979; bugfix on master. + - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha. + - Pass the module flags to distcheck configure, and log the flags + before running configure. (Backported to 0.2.9 and later as a + precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (in-process restart): + - Always call tor_free_all() when leaving tor_run_main(). When we + did not, restarting tor in-process would cause an assertion + failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Fix a bug in out sandboxing rules for the openat() syscall. + Previously, no openat() call would be permitted, which would break + filesystem operations on recent glibc versions. Fixes bug 25440; + bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto. + + o Minor bugfixes (onion services): + - Fix bug that causes services to not ever rotate their descriptors + if they were getting SIGHUPed often. Fixes bug 26932; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (portability): + - Fix compilation of the unit tests on GNU/Hurd, which does not + define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch + from "paulusASol". + + o Minor bugfixes (rust): + - Backport test_rust.sh from master. Fixes bug 26497; bugfix + on 0.3.1.5-alpha. + - Consistently use ../../.. as a fallback for $abs_top_srcdir in + test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha. + - Protover parsing was accepting the presence of whitespace in + version strings, which the C implementation would choke on, e.g. + "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc. + - Protover parsing was ignoring a 2nd hyphen and everything after + it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix + on 0.3.3.1-alpha. + - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or + $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha. + - cd to ${abs_top_builddir}/src/rust before running cargo in + src/test/test_rust.sh. This makes the working directory consistent + between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha. + + o Minor bugfixes (testing, bootstrap): + - When calculating bootstrap progress, check exit policies and the + exit flag. Previously, Tor would only check the exit flag, which + caused race conditions in small and fast networks like chutney. + Fixes bug 27236; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (testing, openssl compatibility): + - Our "tortls/cert_matches_key" unit test no longer relies on + OpenSSL internals. Previously, it relied on unsupported OpenSSL + behavior in a way that caused it to crash with OpenSSL 1.0.2p. + Fixes bug 27226; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (Windows, compilation): + - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug + 27185; bugfix on 0.2.2.2-alpha. + + +Changes in version 0.3.4.6-rc - 2018-08-06 + Tor 0.3.4.6-rc fixes several small compilation, portability, and + correctness issues in previous versions of Tor. This version is a + release candidate: if no serious bugs are found, we expect that the + stable 0.3.4 release will be (almost) the same as this release. + + o Major bugfixes (event scheduler): + - When we enable a periodic event, schedule it in the event loop + rather than running it immediately. Previously, we would re-run + periodic events immediately in the middle of (for example) + changing our options, with unpredictable effects. Fixes bug 27003; + bugfix on 0.3.4.1-alpha. + + o Minor features (compilation): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + - When compiling with --enable-openbsd-malloc or --enable-tcmalloc, + tell the compiler not to include the system malloc implementation. + Fixes bug 20424; bugfix on 0.2.0.20-rc. + - Don't try to use a pragma to temporarily disable the + -Wunused-const-variable warning if the compiler doesn't support + it. Fixes bug 26785; bugfix on 0.3.2.11. + + o Minor bugfixes (continuous integration): + - Skip a pair of unreliable key generation tests on Windows, until + the underlying issue in bug 26076 is resolved. Fixes bug 26830 and + bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively. + + o Minor features (controller): + - The control port now exposes the list of HTTPTunnelPorts and + ExtOrPorts via GETINFO net/listeners/httptunnel and + net/listeners/extor respectively. Closes ticket 26647. + + o Minor bugfixes (directory authority): + - When voting for recommended versions, make sure that all of the + versions are well-formed and parsable. Fixes bug 26485; bugfix + on 0.1.1.6-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (Rust, portability): + - Rust cross-compilation is now supported. Closes ticket 25895. + + o Minor bugfixes (compilation): + - Update build system so that tor builds again with --disable-unittests + after recent refactoring. Fixes bug 26789; bugfix on 0.3.4.3-alpha. + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (controller): + - Report the port correctly when a port is configured to bind to + "auto". Fixes bug 26568; bugfix on 0.3.4.1-alpha. + - Parse the "HSADDRESS=" parameter in HSPOST commands properly. + Previously, it was misparsed and ignored. Fixes bug 26523; bugfix + on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (correctness, flow control): + - Upon receiving a stream-level SENDME cell, verify that our window + has not grown too large. Fixes bug 26214; bugfix on svn + r54 (pre-0.0.1). + + o Minor bugfixes (memory, correctness): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (logging): + - Improve the log message when connection initiators fail to + authenticate direct connections to relays. Fixes bug 26927; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (portability): + - Avoid a compilation error in test_bwmgt.c on Solaris 10. Fixes bug + 26994; bugfix on 0.3.4.1-alpha. + - Work around two different bugs in the OS X 10.10 and later SDKs + that would prevent us from successfully targeting earlier versions + of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (single onion services, Tor2web): + - Log a protocol warning when single onion services or Tor2web + clients fail to authenticate direct connections to relays. Fixes + bug 26924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (testing): + - Disable core dumps in test_bt.sh, to avoid failures in "make + distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (testing, compatibility): + - When running the ntor_ref.py and hs_ntor_ref.py tests, make sure + only to pass strings (rather than "bytes" objects) to the Python + subprocess module. Python 3 on Windows seems to require this. + Fixes bug 26535; bugfix on 0.2.5.5-alpha (for ntor_ref.py) and + 0.3.1.1-alpha (for hs_ntor_ref.py). + + o Minor bugfixes (v3 onion services): + - Stop sending ed25519 link specifiers in v3 onion service introduce + cells and descriptors, when the rendezvous or introduction point + doesn't support ed25519 link authentication. Fixes bug 26627; + bugfix on 0.3.2.4-alpha. + + +Changes in version 0.3.4.5-rc - 2018-07-13 + Tor 0.3.4.5-rc moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.3.9 - 2018-07-13 + Tor 0.3.3.9 moves to a new bridge authority, meaning people running + bridge relays should upgrade. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + +Changes in version 0.3.2.11 - 2018-07-13 + Tor 0.3.2.11 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor feature (continuous integration, backport from 0.3.3.5-rc): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (documentation, backport from 0.3.3.5-rc): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.4-alpha): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + + o Minor bugfixes (compilation, backport from 0.3.3.4-alpha): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.2.9.16 - 2018-07-13 + Tor 0.2.9.16 moves to a new bridge authority, meaning people running + bridge relays should upgrade. We also take this opportunity to backport + other minor fixes. + + o Directory authority changes: + - The "Bifroest" bridge authority has been retired; the new bridge + authority is "Serge", and it is operated by George from the + TorBSD project. Closes ticket 26771. + + o Directory authority changes (backport from 0.3.3.7): + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Minor features (sandbox, backport from 0.3.3.4-alpha): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Code simplification and refactoring (backport from 0.3.3.5-rc): + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + +Changes in version 0.3.4.4-rc - 2018-07-09 + Tor 0.3.4.4-rc fixes several small compilation, portability, and + correctness issues in previous versions of Tor. This version is a + release candidate: if no serious bugs are found, we expect that the + stable 0.3.4 release will be (almost) the same as this release. + + o Minor features (compilation): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (Rust, portability): + - Rust cross-compilation is now supported. Closes ticket 25895. + + o Minor bugfixes (compilation): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port): + - Report the port correctly when a port is configured to bind to + "auto". Fixes bug 26568; bugfix on 0.3.4.1-alpha. + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (correctness, flow control): + - Upon receiving a stream-level SENDME cell, verify that our window + has not grown too large. Fixes bug 26214; bugfix on svn + r54 (pre-0.0.1). + + o Minor bugfixes (memory, correctness): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (testing, compatibility): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + +Changes in version 0.3.3.8 - 2018-07-09 + Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including + fixes for a memory leak affecting directory authorities. + + o Major bugfixes (directory authority, backport from 0.3.4.3-alpha): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor features (compilation, backport from 0.3.4.4-rc): + - When building Tor, prefer to use Python 3 over Python 2, and more + recent (contemplated) versions over older ones. Closes + ticket 26372. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 26674. + + o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha): + - Don't count path selection failures as circuit build failures. + This change should eliminate cases where Tor blames its guard or + the network for situations like insufficient microdescriptors + and/or overly restrictive torrc settings. Fixes bug 25705; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.4.4-rc): + - Fix a compilation warning on some versions of GCC when building + code that calls routerinfo_get_my_routerinfo() twice, assuming + that the second call will succeed if the first one did. Fixes bug + 26269; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (control port, backport from 0.3.4.4-rc): + - Handle the HSADDRESS= argument to the HSPOST command properly. + (Previously, this argument was misparsed and thus ignored.) Fixes + bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran". + + o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc): + - Fix a number of small memory leaks identified by coverity. Fixes + bug 26467; bugfix on numerous Tor versions. + + o Minor bugfixes (relay, backport from 0.3.4.3-alpha): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies are + not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc): + - When running the hs_ntor_ref.py test, make sure only to pass + strings (rather than "bytes" objects) to the Python subprocess + module. Python 3 on Windows seems to require this. Fixes bug + 26535; bugfix on 0.3.1.1-alpha. + - When running the ntor_ref.py test, make sure only to pass strings + (rather than "bytes" objects) to the Python subprocess module. + Python 3 on Windows seems to require this. Fixes bug 26535; bugfix + on 0.2.5.5-alpha. + + +Changes in version 0.3.4.3-alpha - 2018-06-26 + Tor 0.3.4.3-alpha fixes several bugs in earlier versions, including + one that was causing stability issues on directory authorities. + + o Major bugfixes (directory authority): + - Stop leaking memory on directory authorities when planning to + vote. This bug was crashing authorities by exhausting their + memory. Fixes bug 26435; bugfix on 0.3.3.6. + + o Major bugfixes (rust, testing): + - Make sure that failing tests in Rust will actually cause the build + to fail: previously, they were ignored. Fixes bug 26258; bugfix + on 0.3.3.4-alpha. + + o Minor feature (directory authorities): + - Stop warning about incomplete bw lines before the first complete + bw line has been found, so that additional header lines can be + ignored. Fixes bug 25960; bugfix on 0.2.2.1-alpha + + o Minor features (relay, diagnostic): + - Add several checks to detect whether Tor relays are uploading + their descriptors without specifying why they regenerated them. + Diagnostic for ticket 25686. + + o Minor features (unit tests): + - Test complete bandwidth measurements files, and test that + incomplete bandwidth lines only give warnings when the end of the + header has not been detected. Fixes bug 25947; bugfix + on 0.2.2.1-alpha + + o Minor bugfixes (compilation): + - Refrain from compiling unit testing related object files when + --disable-unittests is set to configure script. Fixes bug 24891; + bugfix on 0.2.5.1-alpha. + - When linking the libtor_testing.a library, only include the + dirauth object files once. Previously, they were getting added + twice. Fixes bug 26402; bugfix on 0.3.4.1-alpha. + - The --enable-fatal-warnings flag now affects Rust code as well. + Closes ticket 26245. + + o Minor bugfixes (onion services): + - Recompute some consensus information after detecting a clock jump, + or after transitioning from a non-live consensus to a live + consensus. We do this to avoid having an outdated state, and + miscalculating the index for next-generation onion services. Fixes + bug 24977; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (relay): + - Relays now correctly block attempts to re-extend to the previous + relay by Ed25519 identity. Previously they would warn in this + case, but not actually reject the attempt. Fixes bug 26158; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (testing): + - Fix compilation of the doctests in the Rust crypto crate. Fixes + bug 26415; bugfix on 0.3.4.1-alpha. + - Instead of trying to read the geoip configuration files from + within the unit tests, instead create our own ersatz files with + just enough geoip data in the format we expect. Trying to read + from the source directory created problems on Windows with mingw, + where the build system's paths are not the same as the platform's + paths. Fixes bug 25787; bugfix on 0.3.4.1-alpha. + - Refrain from trying to get an item from an empty smartlist in + test_bridges_clear_bridge_list. Set DEBUG_SMARTLIST in unit tests + to catch improper smartlist usage. Furthermore, enable + DEBUG_SMARTLIST globally when build is configured with fragile + hardening. Fixes bug 26196; bugfix on 0.3.4.1-alpha. + + +Changes in version 0.3.3.7 - 2018-06-12 + Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including + fixes for bugs affecting compatibility and stability. + + o Directory authority changes: + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Minor features (geoip): + - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 26351. + + o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation, backport from 0.3.4.2-alpha): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (controller, backport from 0.3.4.2-alpha): + - Improve accuracy of the BUILDTIMEOUT_SET control port event's + TIMEOUT_RATE and CLOSE_RATE fields. (We were previously + miscounting the total number of circuits for these field values.) + Fixes bug 26121; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (hardening, backport from 0.3.4.2-alpha): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (path selection, backport from 0.3.4.1-alpha): + - Only select relays when they have the descriptors we prefer to use + for them. This change fixes a bug where we could select a relay + because it had _some_ descriptor, but reject it later with a + nonfatal assertion error because it didn't have the exact one we + wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha. + + +Changes in version 0.3.4.2-alpha - 2018-06-12 + Tor 0.3.4.2-alpha fixes several minor bugs in the previous alpha + release, and forward-ports an authority-only security fix from 0.3.3.6. + + o Directory authority changes: + - Add an IPv6 address for the "dannenberg" directory authority. + Closes ticket 26343. + + o Major bugfixes (security, directory authority, denial-of-service, also in 0.3.3.6): + - Fix a bug that could have allowed an attacker to force a directory + authority to use up all its RAM by passing it a maliciously + crafted protocol versions string. Fixes bug 25517; bugfix on + 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005. + + o Minor features (continuous integration): + - Add the necessary configuration files for continuous integration + testing on Windows, via the Appveyor platform. Closes ticket + 25549. Patches from Marcin Cieślak and Isis Lovecruft. + + o Minor features (geoip): + - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2 + Country database. Closes ticket 26351. + + o Minor bugfixes (compatibility, openssl): + - Work around a change in OpenSSL 1.1.1 where return values that + would previously indicate "no password" now indicate an empty + password. Without this workaround, Tor instances running with + OpenSSL 1.1.1 would accept descriptors that other Tor instances + would reject. Fixes bug 26116; bugfix on 0.2.5.16. + + o Minor bugfixes (compilation): + - Silence unused-const-variable warnings in zstd.h with some GCC + versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha. + - Fix compilation when using OpenSSL 1.1.0 with the "no-deprecated" + flag enabled. Fixes bug 26156; bugfix on 0.3.4.1-alpha. + - Avoid a compiler warning when casting the return value of + smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug + 26283; bugfix on 0.2.4.10-alpha. + + o Minor bugfixes (control port): + - Do not count 0-length RELAY_COMMAND_DATA cells as valid data in + CIRC_BW events. Previously, such cells were counted entirely in + the OVERHEAD field. Now they are not. Fixes bug 26259; bugfix + on 0.3.4.1-alpha. + + o Minor bugfixes (controller): + - Improve accuracy of the BUILDTIMEOUT_SET control port event's + TIMEOUT_RATE and CLOSE_RATE fields. (We were previously + miscounting the total number of circuits for these field values.) + Fixes bug 26121; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (hardening): + - Prevent a possible out-of-bounds smartlist read in + protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (onion services): + - Fix a bug that blocked the creation of ephemeral v3 onion + services. Fixes bug 25939; bugfix on 0.3.4.1-alpha. + + o Minor bugfixes (test coverage tools): + - Update our "cov-diff" script to handle output from the latest + version of gcov, and to remove extraneous timestamp information + from its output. Fixes bugs 26101 and 26102; bugfix + on 0.2.5.1-alpha. + + +Changes in version 0.3.3.6 - 2018-05-22 + Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It + backports several important fixes from the 0.3.4.1-alpha. + + The Tor 0.3.3 series includes controller support and other + improvements for v3 onion services, official support for embedding Tor + within other applications, and our first non-trivial module written in + the Rust programming language. (Rust is still not enabled by default + when building Tor.) And as usual, there are numerous other smaller + bugfixes, features, and improvements. + + Below are the changes since 0.3.3.5-rc. For a list of all changes + since 0.3.2.10, see the ReleaseNotes file. + + o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (security, directory authority, denial-of-service): + - Fix a bug that could have allowed an attacker to force a directory + authority to use up all its RAM by passing it a maliciously + crafted protocol versions string. Fixes bug 25517; bugfix on + 0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005. + + o Major bugfixes (crash, backport from 0.3.4.1-alpha): + - Avoid a rare assertion failure in the circuit build timeout code + if we fail to allow any circuits to actually complete. Fixes bug + 25733; bugfix on 0.2.2.2-alpha. + + o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha): + - Avoid a crash when testing router reachability on a router that + could have an ed25519 ID, but which does not. Fixes bug 25415; + bugfix on 0.3.3.2-alpha. + + o Major bugfixes (onion service, backport from 0.3.4.1-alpha): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha): + - Impose a limit on circuit cell queue size. The limit can be + controlled by a consensus parameter. Fixes bug 25226; bugfix + on 0.2.4.14-alpha. + + o Minor features (compatibility, backport from 0.3.4.1-alpha): + - Avoid some compilation warnings with recent versions of LibreSSL. + Closes ticket 26006. + + o Minor features (continuous integration, backport from 0.3.4.1-alpha): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2 Country + database. Closes ticket 26104. + + o Minor bugfixes (client, backport from 0.3.4.1-alpha): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha): + - Upon receiving a malformed connected cell, stop processing the + cell immediately. Previously we would mark the connection for + close, but continue processing the cell as if the connection were + open. Fixes bug 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (documentation, backport from 0.3.4.1-alpha): + - Stop saying in the manual that clients cache ipv4 dns answers from + exit relays. We haven't used them since 0.2.6.3-alpha, and in + ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but + we forgot to say so in the man page. Fixes bug 26052; bugfix + on 0.3.2.6-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (onion service, backport from 0.3.4.1-alpha): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Documentation (backport from 0.3.4.1-alpha): + - Correct an IPv6 error in the documentation for ExitPolicy. Closes + ticket 25857. Patch from "CTassisF". + + +Changes in version 0.3.4.1-alpha - 2018-05-17 + Tor 0.3.4.1-alpha is the first release in the 0.3.4.x series. It + includes refactoring to begin reducing Tor's binary size and idle CPU + usage on mobile, along with prep work for new bandwidth scanners, + improvements to the experimental "vanguards" feature, and numerous + other small features and bugfixes. + + o New system requirements: + - Tor no longer tries to support old operating systems without + mmap() or some local equivalent. Apparently, compilation on such + systems has been broken for some time, without anybody noticing or + complaining. Closes ticket 25398. + + o Major feature (directory authority, modularization): + - The directory authority subsystem has been modularized. The code + is now located in src/or/dirauth/, and is compiled in by default. + To disable the module, the configure option + --disable-module-dirauth has been added. This module may be + disabled by default in some future release. Closes ticket 25610. + + o Major features (main loop, CPU usage): + - When Tor is disabled (via DisableNetwork or via hibernation), it + no longer needs to run any per-second events. This change should + make it easier for mobile applications to disable Tor while the + device is sleeping, or Tor is not running. Closes ticket 26063. + - Tor no longer enables all of its periodic events by default. + Previously, Tor would enable all possible main loop events, + regardless of whether it needed them. Furthermore, many of these + events are now disabled with Tor is hibernating or DisableNetwork + is set. This is a big step towards reducing client CPU usage by + reducing the amount of wake-ups the daemon does. Closes ticket + 25376 and 25762. + - The bandwidth-limitation logic has been refactored so that + bandwidth calculations are performed on-demand, rather than every + TokenBucketRefillInterval milliseconds. This change should improve + the granularity of our bandwidth calculations, and limit the + number of times that the Tor process needs to wake up when it is + idle. Closes ticket 25373. + - Move responsibility for many operations from a once-per-second + callback to a callback that is only scheduled as needed. Moving + this functionality has allowed us to disable the callback when + Tor's network is disabled. Once enough items are removed from our + once-per-second callback, we can eliminate it entirely to conserve + CPU when idle. The functionality removed includes: closing + connections, circuits, and channels (ticket 25932); consensus + voting (25937); flushing log callbacks (25951); honoring delayed + SIGNEWNYM requests (25949); rescanning the consensus cache + (25931); saving the state file to disk (25948); warning relay + operators about unreachable ports (25952); and keeping track of + Tor's uptime (26009). + + o Major bugfixes (directory authorities, security): + - When directory authorities read a zero-byte bandwidth file, they + would previously log a warning with the contents of an + uninitialised buffer. They now log a warning about the empty file + instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha. + + o Major bugfixes (crash): + - Avoid a rare assertion failure in the circuit build timeout code + if we fail to allow any circuits to actually complete. Fixes bug + 25733; bugfix on 0.2.2.2-alpha. + + o Major bugfixes (directory authority): + - Avoid a crash when testing router reachability on a router that + could have an ed25519 ID, but which does not. Fixes bug 25415; + bugfix on 0.3.3.2-alpha. + + o Major bugfixes (onion service): + - Correctly detect when onion services get disabled after HUP. Fixes + bug 25761; bugfix on 0.3.2.1. + + o Major bugfixes (protover, voting): + - Revise Rust implementation of protover to use a more memory- + efficient voting algorithm and corresponding data structures, thus + avoiding a potential (but small impact) DoS attack where specially + crafted protocol strings would expand to several potential + megabytes in memory. In the process, several portions of code were + revised to be methods on new, custom types, rather than functions + taking interchangeable types, thus increasing type safety of the + module. Custom error types and handling were added as well, in + order to facilitate better error dismissal/handling in outside + crates and avoid mistakenly passing an internal error string to C + over the FFI boundary. Many tests were added, and some previous + differences between the C and Rust implementations have been + remedied. Fixes bug 24031; bugfix on 0.3.3.1-alpha. + + o Major bugfixes (relay, denial of service): + - Impose a limit on circuit cell queue size. The limit can be + controlled by a consensus parameter. Fixes bug 25226; bugfix + on 0.2.4.14-alpha. + + o Minor features (accounting): + - When Tor becomes dormant, it now uses a scheduled event to wake up + at the right time. Previously, we would use the per-second timer + to check whether to wake up, but we no longer have any per-second + timers enabled when the network is disabled. Closes ticket 26064. + + o Minor features (code quality): + - Add optional spell-checking for the Tor codebase, using the + "misspell" program. To use this feature, run "make check-typos". + Closes ticket 25024. + + o Minor features (compatibility): + - Tor now detects versions of OpenSSL 1.1.0 and later compiled with + the no-deprecated option, and builds correctly with them. Closes + tickets 19429, 19981, and 25353. + - Avoid some compilation warnings with recent versions of LibreSSL. + Closes ticket 26006. + + o Minor features (compression, zstd): + - When running with zstd, Tor now considers using advanced functions + that the zstd maintainers have labeled as potentially unstable. To + prevent breakage, Tor will only use this functionality when the + runtime version of the zstd library matches the version with which + Tor was compiled. Closes ticket 25162. + + o Minor features (configuration): + - The "DownloadSchedule" options have been renamed to end with + "DownloadInitialDelay". The old names are still allowed, but will + produce a warning. Comma-separated lists are still permitted for + these options, but all values after the first are ignored (as they + have been since 0.2.9). Closes ticket 23354. + + o Minor features (continuous integration): + - Our .travis.yml configuration now includes support for testing the + results of "make distcheck". (It's not uncommon for "make check" + to pass but "make distcheck" to fail.) Closes ticket 25814. + - Our Travis CI configuration now integrates with the Coveralls + coverage analysis tool. Closes ticket 25818. + + o Minor features (control port): + - Introduce GETINFO "current-time/{local,utc}" to return the local + and UTC times respectively in ISO format. This helps a controller + like Tor Browser detect a time-related error. Closes ticket 25511. + Patch by Neel Chauhan. + - Introduce new fields to the CIRC_BW event. There are two new + fields in each of the read and written directions. The DELIVERED + fields report the total valid data on the circuit, as measured by + the payload sizes of verified and error-checked relay command + cells. The OVERHEAD fields report the total unused bytes in each + of these cells. Closes ticket 25903. + + o Minor features (directory authority): + - Directory authorities now open their key-pinning files as O_SYNC, + to limit their chances of accidentally writing partial lines. + Closes ticket 23909. + + o Minor features (directory authority, forward compatibility): + - Make the lines of the measured bandwidth file able to contain + their entries in any order. Previously, the node_id entry needed + to come first. Closes ticket 26004. + + o Minor features (entry guards): + - Introduce a new torrc option NumPrimaryGuards for controlling the + number of primary guards. Closes ticket 25843. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2 Country + database. Closes ticket 26104. + + o Minor features (performance): + - Avoid a needless call to malloc() when processing an incoming + relay cell. Closes ticket 24914. + - Make our timing-wheel code run a tiny bit faster on 32-bit + platforms, by preferring 32-bit math to 64-bit. Closes + ticket 24688. + - Avoid a needless malloc()/free() pair every time we handle an ntor + handshake. Closes ticket 25150. + + o Minor features (testing): + - Add a unit test for voting_schedule_get_start_of_next_interval(). + Closes ticket 26014, and helps make unit test coverage + more deterministic. + - A new unittests module specifically for testing the functions in + the (new-ish) bridges.c module has been created with new + unittests, raising the code coverage percentages. Closes 25425. + - We now have improved testing for addressmap_get_virtual_address() + function. This should improve our test coverage, and make our test + coverage more deterministic. Closes ticket 25993. + + o Minor features (timekeeping, circuit scheduling): + - When keeping track of how busy each circuit have been recently on + a given connection, use coarse-grained monotonic timers rather + than gettimeofday(). This change should marginally increase + accuracy and performance. Implements part of ticket 25927. + + o Minor bugfixes (bandwidth management): + - Consider ourselves "low on write bandwidth" if we have exhausted + our write bandwidth some time in the last second. This was the + documented behavior before, but the actual behavior was to change + this value every TokenBucketRefillInterval. Fixes bug 25828; + bugfix on 0.2.3.5-alpha. + + o Minor bugfixes (C correctness): + - Add a missing lock acquisition in the shutdown code of the control + subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found by + Coverity; this is CID 1433643. + + o Minor bugfixes (circuit path selection): + - Don't count path selection failures as circuit build failures. + This change should eliminate cases where Tor blames its guard or + the network for situations like insufficient microdescriptors + and/or overly restrictive torrc settings. Fixes bug 25705; bugfix + on 0.3.3.1-alpha. + + o Minor bugfixes (client): + - Don't consider Tor running as a client if the ControlPort is open, + but no actual client ports are open. Fixes bug 26062; bugfix + on 0.2.9.4-alpha. + + o Minor bugfixes (code style): + - Fixed multiple includes of transports.h in src/or/connection.c + Fixes bug 25261; bugfix on 0.2.5.1-alpha. + - Remove the unused variable n_possible from the function + channel_get_for_extend(). Fixes bug 25645; bugfix on 0.2.4.4-alpha + + o Minor bugfixes (control interface): + - Respond with more human-readable error messages to GETINFO exit- + policy/* requests. Also, let controller know if an error is + transient (response code 551) or not (response code 552). Fixes + bug 25852; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (controller): + - Make CIRC_BW event reflect the total of all data sent on a + circuit, including padding and dropped cells. Also fix a mis- + counting bug when STREAM_BW events were enabled. Fixes bug 25400; + bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (correctness, client): + - Upon receiving a malformed connected cell, stop processing the cell + immediately. Previously we would mark the connection for close, but + continue processing the cell as if the connection were open. Fixes bug + 26072; bugfix on 0.2.4.7-alpha. + + o Minor bugfixes (directory client): + - When unverified-consensus is verified, rename it to cached- + consenus. Fixes bug 4187; bugfix on 0.2.0.3-alpha. + - Fixed launching a certificate fetch always during the scheduled + periodic consensus fetch by fetching only in those cases when + consensus are waiting for certs. Fixes bug 24740; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (documentation): + - Stop saying in the manual that clients cache ipv4 dns answers from + exit relays. We haven't used them since 0.2.6.3-alpha, and in + ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but + we forgot to say so in the man page. Fixes bug 26052; bugfix + on 0.3.2.6-alpha. + + o Minor bugfixes (error reporting): + - Improve tolerance for directory authorities with skewed clocks. + Previously, an authority with a clock more than 60 seconds ahead + could cause a client with a correct clock to warn that the + client's clock was behind. Now the clocks of a majority of + directory authorities have to be ahead of the client before this + warning will occur. Fixes bug 25756; bugfix on 0.2.2.25-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox): + - Allow the nanosleep() system call, which glibc uses to implement + sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (onion service): + - Fix a memory leak when a v3 onion service is configured and gets a + SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha. + - When parsing the descriptor signature, look for the token plus an + extra white-space at the end. This is more correct but also will + allow us to support new fields that might start with "signature". + Fixes bug 26069; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (path selection): + - Only select relays when they have the descriptors we prefer to use + for them. This change fixes a bug where we could select a relay + because it had _some_ descriptor, but reject it later with a + nonfatal assertion error because it didn't have the exact one we + wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (portability): + - Do not align mmap length, as it is not required by POSIX, and the + getpagesize function is deprecated. Fixes bug 25399; bugfix + on 0.1.1.23. + + o Minor bugfixes (portability, FreeBSD): + - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB + does not stringify on FreeBSD, so we switch to tor_asprintf(). + Fixes bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan. + + o Minor bugfixes (relay statistics): + - When a relay is collecting internal statistics about how many + create cell requests it has seen of each type, accurately count + the requests from relays that temporarily fall out of the + consensus. (To be extra conservative, we were already ignoring + requests from clients in our counts, and we continue ignoring them + here.) Fixes bug 24910; bugfix on 0.2.4.17-rc. + + o Minor bugfixes (relay, crash): + - Avoid a crash when running with DirPort set but ORPort turned off. + Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (restart-in-process): + - When shutting down, Tor now clears all the flags in the control.c + module. This should prevent a bug where authentication cookies are + not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (testing): + - When testing workqueue event-cancellation, make sure that we + actually cancel an event, and that cancel each event with equal + probability. (It was previously possible, though extremely + unlikely, for our event-canceling test not to cancel any events.) + Fixes bug 26008; bugfix on 0.2.6.3-alpha. + - Repeat part of the test in test_client_pick_intro() a number of + times, to give it consistent coverage. Fixes bug 25996; bugfix + on 0.3.2.1-alpha. + - Remove randomness from the hs_common/responsible_hsdirs test, so + that it always takes the same path through the function it tests. + Fixes bug 25997; bugfix on 0.3.2.1-alpha. + - Change the behavior of the "channel/outbound" test so that it + never causes a 10-second rollover for the EWMA circuitmux code. + Previously, this behavior would happen randomly, and result in + fluctuating test coverage. Fixes bug 25994; bugfix + on 0.3.3.1-alpha. + - Use X509_new() to allocate certificates that will be freed later + with X509_free(). Previously, some parts of the unit tests had + used tor_malloc_zero(), which is incorrect, and which caused test + failures on Windows when they were built with extra hardening. + Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha. Patch by + Marcin Cieślak. + - While running the circuit_timeout test, fix the PRNG to a + deterministic AES stream, so that the test coverage from this test + will itself be deterministic. Fixes bug 25995; bugfix + on 0.2.2.2-alpha. + + o Minor bugfixes (vanguards): + - Allow the last hop in a vanguard circuit to be the same as our + first, to prevent the adversary from influencing guard node choice + by choice of last hop. Also prevent the creation of A - B - A + paths, or A - A paths, which are forbidden by relays. Fixes bug + 25870; bugfix on 0.3.3.1-alpha. + + o Code simplification and refactoring: + - Remove duplicate code in parse_{c,s}method_line and bootstrap + their functionalities into a single function. Fixes bug 6236; + bugfix on 0.2.3.6-alpha. + - We remove the PortForwarding and PortForwardingHelper options, + related functions, and the port_forwarding tests. These options + were used by the now-deprecated Vidalia to help ordinary users + become Tor relays or bridges. Closes ticket 25409. Patch by + Neel Chauhan. + - In order to make the OR and dir checking function in router.c less + confusing we renamed some functions and + consider_testing_reachability() has been split into + router_should_check_reachability() and + router_do_reachability_checks(). Also we improved the documentation + in some functions. Closes ticket 18918. + - Initial work to isolate Libevent usage to a handful of modules in + our codebase, to simplify our call structure, and so that we can + more easily change event loops in the future if needed. Closes + ticket 23750. + - Introduce a function to call getsockname() and return tor_addr_t, + to save a little complexity throughout the codebase. Closes + ticket 18105. + - Make hsdir_index in node_t a hsdir_index_t rather than a pointer + as hsdir_index is always present. Also, we move hsdir_index_t into + or.h. Closes ticket 23094. Patch by Neel Chauhan. + - Merge functions used for describing nodes and suppress the + functions that do not allocate memory for the output buffer + string. NODE_DESC_BUF_LEN constant and format_node_description() + function cannot be used externally from router.c module anymore. + Closes ticket 25432. Patch by valentecaio. + - Our main loop has been simplified so that all important operations + happen inside events. Previously, some operations had to happen + outside the event loop, to prevent infinite sequences of event + activations. Closes ticket 25374. + - Put a SHA1 public key digest in hs_service_intro_point_t, and use + it in register_intro_circ() and service_intro_point_new(). This + prevents the digest from being re-calculated each time. Closes + ticket 23107. Patch by Neel Chauhan. + - Refactor token-bucket implementations to use a common backend. + Closes ticket 25766. + - Remove extern declaration of stats_n_seconds_working variable from + main, protecting its accesses with get_uptime() and reset_uptime() + functions. Closes ticket 25081, patch by “valentecaio”. + - Remove our previous logic for "cached gettimeofday()" -- our + coarse monotonic timers are fast enough for this purpose, and far + less error-prone. Implements part of ticket 25927. + - Remove the return value for fascist_firewall_choose_address_base(), + and sister functions such as fascist_firewall_choose_address_node() + and fascist_firewall_choose_address_rs(). Also, while we're here, + initialize the ap argument as leaving it uninitialized can pose a + security hazard. Closes ticket 24734. Patch by Neel Chauhan. + - Rename two fields of connection_t struct. timestamp_lastwritten is + renamed to timestamp_last_write_allowed and timestamp_lastread is + renamed to timestamp_last_read_allowed. Closes ticket 24714, patch + by "valentecaio". + - Since Tor requires C99, remove our old workaround code for libc + implementations where free(NULL) doesn't work. Closes ticket 24484. + - Use our standard rate-limiting code to deal with excessive + libevent failures, rather than the hand-rolled logic we had + before. Closes ticket 26016. + - We remove the return value of node_get_prim_orport() and + node_get_prim_dirport(), and introduce node_get_prim_orport() in + node_ipv6_or_preferred() and node_ipv6_dir_preferred() in order to + check for a null address. Closes ticket 23873. Patch by + Neel Chauhan. + - We switch to should_record_bridge_info() in + geoip_note_client_seen() and options_need_geoip_info() instead of + accessing the configuration values directly. Fixes bug 25290; + bugfix on 0.2.1.6-alpha. Patch by Neel Chauhan. + + o Deprecated features: + - As we are not recommending 0.2.5 anymore, we require relays that + once had an ed25519 key associated with their RSA key to always + have that key, instead of allowing them to drop back to a version + that didn't support ed25519. This means they need to use a new RSA + key if they want to downgrade to an older version of tor without + ed25519. Closes ticket 20522. + + o Documentation: + - Correct an IPv6 error in the documentation for ExitPolicy. Closes + ticket 25857. Patch from "CTassisF". + + o Removed features: + - Directory authorities will no longer support voting according to + any consensus method before consensus method 25. This keeps + authorities compatible with all authorities running 0.2.9.8 and + later, and does not break any clients or relays. Implements ticket + 24378 and proposal 290. + - The PortForwarding and PortForwardingHelper features have been + removed. The reasoning is, given that implementations of NAT + traversal protocols within common consumer grade routers are + frequently buggy, and that the target audience for a NAT punching + feature is a perhaps less-technically-inclined relay operator, + when the helper fails to setup traversal the problems are usually + deep, ugly, and very router specific, making them horrendously + impossible for technical support to reliable assist with, and thus + resulting in frustration all around. Unfortunately, relay + operators who would like to run relays behind NATs will need to + become more familiar with the port forwarding configurations on + their local router. Closes 25409. + - The TestingEnableTbEmptyEvent option has been removed. It was used + in testing simulations to measure how often connection buckets + were emptied, in order to improve our scheduling, but it has not + been actively used in years. Closes ticket 25760. + - The old "round-robin" circuit multiplexer (circuitmux) + implementation has been removed, along with a fairly large set of + code that existed to support it. It has not been the default + circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x, + but it still required an unreasonable amount of memory and CPU. + Closes ticket 25268. + + +Changes in version 0.3.3.5-rc - 2018-04-15 + Tor 0.3.3.5-rc fixes various bugs in earlier versions of Tor, + including some that could affect reliability or correctness. + + This is the first release candidate in the 0.3.3 series. If we find no + new bugs or regression here, then the first stable 0.3.3 release will + be nearly identical to this one. + + o Major bugfixes (security, protover, voting): + - Revise Rust implementation of protover to use a more memory- + efficient voting algorithm and corresponding data structures, thus + avoiding a potential memory-based DoS attack where specially + crafted protocol strings would expand to fill available memory. + Fixes bug 24031; bugfix on 0.3.3.1-alpha. + + o Major bugfixes (performance, load balancing): + - Directory authorities no longer vote in favor of the Guard flag + for relays without directory support. Starting in Tor + 0.3.0.1-alpha, clients have been avoiding using such relays in the + Guard position, leading to increasingly broken load balancing for + the 5%-or-so of Guards that don't advertise directory support. + Fixes bug 22310; bugfix on 0.3.0.6. + + o Minor feature (continuous integration): + - Update the Travis CI configuration to use the stable Rust channel, + now that we have decided to require that. Closes ticket 25714. + + o Minor features (config options): + - Change the way the default value for MaxMemInQueues is calculated. + We now use 40% of the hardware RAM if the system has 8 GB RAM or + more. Otherwise we use the former value of 75%. Closes + ticket 24782. + + o Minor features (geoip): + - Update geoip and geoip6 to the April 3 2018 Maxmind GeoLite2 + Country database. Closes ticket 25718. + + o Minor bugfixes (client): + - When using a listed relay as a bridge, and also using + microdescriptors, and considering that relay as a non-bridge in a + circuit, treat its microdescriptor as a valid source of + information about that relay. This change should prevent a non- + fatal assertion error. Fixes bug 25691; bugfix on 0.3.3.4-alpha. + + o Minor bugfixes (controller): + - Restore the correct operation of the RESOLVE command, which had + been broken since we added the ability to enable/disable DNS on + specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (distribution, compilation, rust): + - Build correctly when the rust dependencies submodule is loaded, + but the TOR_RUST_DEPENDENCIES environment variable is not set. + Fixes bug 25679; bugfix on 0.3.3.1-alpha. + - Actually include all of our Rust source in our source + distributions. (Previously, a few of the files were accidentally + omitted.) Fixes bug 25732; bugfix on 0.3.3.2-alpha. + + o Minor bugfixes (documentation): + - Document that the PerConnBW{Rate,Burst} options will fall back to + their corresponding consensus parameters only if those parameters + are set. Previously we had claimed that these values would always + be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha. + - Revert a misformatting issue in the ExitPolicy documentation. + Fixes bug 25582; bugfix on 0.3.3.1-alpha. + + o Minor bugfixes (exit relay DNS retries): + - Re-attempt timed-out DNS queries 3 times before failure, since our + timeout is 5 seconds for them, but clients wait 10-15. Also allow + slightly more timeouts per resolver when an exit has multiple + resolvers configured. Fixes bug 21394; bugfix on 0.3.1.9. + + o Minor bugfixes (onion services): + - Re-instate counting the client HSDir fetch circuits against the + MaxClientCircuitsPending rate limit. Fixes bug 24989; bugfix + on 0.3.3.1-alpha. + - Remove underscores from the _HSLayer{2,3}Nodes options. This + expert-user configuration can now be enabled as HSLayer{2,3}Nodes. + Fixes bug 25581; bugfix on 0.3.3.1-alpha + + o Code simplification and refactoring: + - Move the list of default directory authorities to its own file. + Closes ticket 24854. Patch by "beastr0". + + o Documentation (manpage, denial of service): + - Provide more detail about the denial-of-service options, by + listing each mitigation and explaining how they relate. Closes + ticket 25248. + + +Changes in version 0.3.3.4-alpha - 2018-03-29 + Tor 0.3.3.4-alpha includes various bugfixes for issues found during + the alpha testing of earlier releases in its series. We are + approaching a stable 0.3.3.4-alpha release: more testing is welcome! + + o New system requirements: + - When built with Rust, Tor now depends on version 0.2.39 of the + libc crate. Closes tickets 25310 and 25664. + + o Major bugfixes (relay, connection): + - If we have failed to connect to a relay and received a connection + refused, timeout, or similar error (at the TCP level), do not try + that same address/port again for 60 seconds after the failure has + occurred. Fixes bug 24767; bugfix on 0.0.6. + + o Minor features (geoip): + - Update geoip and geoip6 to the March 8 2018 Maxmind GeoLite2 + Country database. Closes ticket 25469. + + o Minor features (log messages): + - Improve log message in the out-of-memory handler to include + information about memory usage from the different compression + backends. Closes ticket 25372. + + o Minor features (sandbox): + - Explicitly permit the poll() system call when the Linux + seccomp2-based sandbox is enabled: apparently, some versions of + libc use poll() when calling getpwnam(). Closes ticket 25313. + + o Minor bugfixes (C correctness): + - Fix a very unlikely (impossible, we believe) null pointer + dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by + Coverity; this is CID 1430932. + + o Minor bugfixes (channel, client): + - Better identify client connection when reporting to the geoip + client cache. Fixes bug 24904; bugfix on 0.3.1.7. + + o Minor bugfixes (compilation): + - Fix a C99 compliance issue in our configuration script that caused + compilation issues when compiling Tor with certain versions of + xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha. + + o Minor bugfixes (controller, reliability): + - Avoid a (nonfatal) assertion failure when extending a one-hop + circuit from the controller to become a multihop circuit. Fixes + bug 24903; bugfix on 0.2.5.2-alpha. + + o Major bugfixes (networking): + - Tor will no longer reject IPv6 address strings from Tor Browser + when they are passed as hostnames in SOCKS5 requests. Fixes bug + 25036, bugfix on Tor 0.3.1.2. + + o Minor bugfixes (networking): + - string_is_valid_hostname() will not consider IP strings to be + valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5. + + o Minor bugfixes (onion service v3): + - Avoid an assertion failure when the next onion service + descriptor rotation type is out of sync with the consensus's + valid-after time. Instead, log a warning message with extra + information, so we can better hunt down the cause of this + assertion. Fixes bug 25306; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (testing): + - Avoid intermittent test failures due to a test that had relied on + onion service introduction point creation finishing within 5 + seconds of real clock time. Fixes bug 25450; bugfix + on 0.3.1.3-alpha. + - Rust crates are now automatically detected and tested. Previously, + some crates were not tested by `make test-rust` due to a static + string in the `src/test/test_rust.sh` script specifying which + crates to test. Fixes bug 25560; bugfix on 0.3.3.3-alpha. + + o Minor bugfixes (testing, benchmarks): + - Fix a crash when running benchmark tests on win32 systems. The + crash was due to a mutex that wasn't initialized before logging + and options were initialized. Fixes bug 25479; bugfix + on 0.3.3.3-alpha. + + o Minor bugfixes (warnings, ipv6): + - Avoid a bug warning that could occur when trying to connect to a + relay over IPv6. This warning would occur on a Tor instance that + downloads router descriptors, but prefers to use microdescriptors. + Fixes bug 25213; bugfix on 0.3.3.1-alpha. + + o Code simplification and refactoring: + - Remove the old (deterministic) directory retry logic entirely: + We've used exponential backoff exclusively for some time. Closes + ticket 23814. + + o Documentation: + - Improved the documentation of AccountingStart parameter. Closes + ticket 23635. + - Update the documentation for "Log" to include the current list of + logging domains. Closes ticket 25378. + + +Changes in version 0.3.1.10 - 2018-03-03 + Tor 0.3.1.10 backports a number of bugfixes, including important fixes for + security issues. + + It includes an important security fix for a remote crash attack + against directory authorities, tracked as TROVE-2018-001. + + This release also backports our new system for improved resistance to + denial-of-service attacks against relays. + + This release also fixes several minor bugs and annoyances from + earlier releases. + + All directory authorities should upgrade to one of the versions + released today. Relays running 0.3.1.x may wish to update to one of + the versions released today, for the DoS mitigations. + + Please note: according to our release calendar, Tor 0.3.1 will no + longer be supported after 1 July 2018. If you will be running Tor + after that date, you should make sure to plan to upgrade to the latest + stable version, or downgrade to 0.2.9 (which will receive long-term + support). + + o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha): + - Fix a protocol-list handling bug that could be used to remotely crash + directory authorities with a null-pointer exception. Fixes bug 25074; + bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and + CVE-2018-0490. + + o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha): + - Give relays some defenses against the recent network overload. We + start with three defenses (default parameters in parentheses). + First: if a single client address makes too many concurrent + connections (>100), hang up on further connections. Second: if a + single client address makes circuits too quickly (more than 3 per + second, with an allowed burst of 90) while also having too many + connections open (3), refuse new create cells for the next while + (1-2 hours). Third: if a client asks to establish a rendezvous + point to you directly, ignore the request. These defenses can be + manually controlled by new torrc options, but relays will also + take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + + o Minor features (linux seccomp2 sandbox, backport from 0.3.2.5-alpha): + - Update the sandbox rules so that they should now work correctly + with Glibc 2.26. Closes ticket 24315. + + o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha): + - Fix an "off by 2" error in counting rendezvous failures on the + onion service side. While we thought we would stop the rendezvous + attempt after one failed circuit, we were actually making three + circuit attempts before giving up. Now switch to a default of 2, + and allow the consensus parameter "hs_service_max_rdv_failures" to + override. Fixes bug 24895; bugfix on 0.0.6. + + o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha): + - Add Link protocol version 5 to the supported protocols list. Fixes + bug 25070; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (relay, backport from 0.3.3.1-alpha): + - Fix a set of false positives where relays would consider + connections to other relays as being client-only connections (and + thus e.g. deserving different link padding schemes) if those + relays fell out of the consensus briefly. Now we look only at the + initial handshake and whether the connection authenticated as a + relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha. + + o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha): + - Make our OOM handler aware of the geoip client history cache so it + doesn't fill up the memory. This check is important for IPv6 and + our DoS mitigation subsystem. Closes ticket 25122. + + o Minor feature (relay statistics, backport from 0.3.2.6-alpha): + - Change relay bandwidth reporting stats interval from 4 hours to 24 + hours in order to reduce the efficiency of guard discovery + attacks. Fixes ticket 23856. + + o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha): + - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released. + Previous versions of Tor would not have worked with OpenSSL 1.1.1, + since they neither disabled TLS 1.3 nor enabled any of the + ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites. + Closes ticket 24978. + + o Minor features (fallback directory mirrors, backport from 0.3.2.9): + - The fallback directory list has been re-generated based on the + current status of the network. Tor uses fallback directories to + bootstrap when it doesn't yet have up-to-date directory + information. Closes ticket 24801. + - Make the default DirAuthorityFallbackRate 0.1, so that clients + prefer to bootstrap from fallback directory mirrors. This is a + follow-up to 24679, which removed weights from the default + fallbacks. Implements ticket 24681. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 + Country database. + + o Minor bugfix (channel connection, backport from 0.3.3.2-alpha): + - Use the actual observed address of an incoming relay connection, + not the canonical address of the relay from its descriptor, when + making decisions about how to handle the incoming connection. + Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera". + + o Minor bugfix (directory authority, backport from 0.3.3.2-alpha): + - Directory authorities, when refusing a descriptor from a rejected + relay, now explicitly tell the relay (in its logs) to set a valid + ContactInfo address and contact the bad-relays@ mailing list. + Fixes bug 25170; bugfix on 0.2.9.1. + + o Minor bugfixes (address selection, backport from 0.3.2.9): + - When the fascist_firewall_choose_address_ functions don't find a + reachable address, set the returned address to the null address + and port. This is a precautionary measure, because some callers do + not check the return value. Fixes bug 24736; bugfix + on 0.2.8.2-alpha. + + o Major bugfixes (bootstrapping, backport from 0.3.2.5-alpha): + - Fetch descriptors aggressively whenever we lack enough to build + circuits, regardless of how many descriptors we are missing. + Previously, we would delay launching the fetch when we had fewer + than 15 missing descriptors, even if some of those descriptors + were blocking circuits from building. Fixes bug 23985; bugfix on + 0.1.1.11-alpha. The effects of this bug became worse in + 0.3.0.3-alpha, when we began treating missing descriptors from our + primary guards as a reason to delay circuits. + - Don't try fetching microdescriptors from relays that have failed + to deliver them in the past. Fixes bug 23817; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.2.7-rc): + - Fix a signed/unsigned comparison warning introduced by our fix to + TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. + + o Minor bugfixes (control port, linux seccomp2 sandbox, backport from 0.3.2.5-alpha): + - Avoid a crash when attempting to use the seccomp2 sandbox together + with the OwningControllerProcess feature. Fixes bug 24198; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + + o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha): + - Recover better from empty or corrupt files in the consensus cache + directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. + - When a consensus diff calculation is only partially successful, + only record the successful parts as having succeeded. Partial + success can happen if (for example) one compression method fails + but the others succeed. Previously we misrecorded all the + calculations as having succeeded, which would later cause a + nonfatal assertion failure. Fixes bug 24086; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (entry guards, backport from 0.3.2.3-alpha): + - Tor now updates its guard state when it reads a consensus + regardless of whether it's missing descriptors. That makes tor use + its primary guards to fetch descriptors in some edge cases where + it would previously have used fallback directories. Fixes bug + 23862; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (logging, backport from 0.3.3.2-alpha): + - Don't treat inability to store a cached consensus object as a bug: + it can happen normally when we are out of disk space. Fixes bug + 24859; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (memory usage, backport from 0.3.2.8-rc): + - When queuing DESTROY cells on a channel, only queue the circuit-id + and reason fields: not the entire 514-byte cell. This fix should + help mitigate any bugs or attacks that fill up these queues, and + free more RAM for other uses. Fixes bug 24666; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (network layer, backport from 0.3.2.5-alpha): + - When closing a connection via close_connection_immediately(), we + mark it as "not blocked on bandwidth", to prevent later calls from + trying to unblock it, and give it permission to read. This fixes a + backtrace warning that can happen on relays under various + circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (path selection, backport from 0.3.2.4-alpha): + - When selecting relays by bandwidth, avoid a rounding error that + could sometimes cause load to be imbalanced incorrectly. + Previously, we would always round upwards; now, we round towards + the nearest integer. This had the biggest effect when a relay's + weight adjustments should have given it weight 0, but it got + weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha. + - When calculating the fraction of nodes that have descriptors, and + all nodes in the network have zero bandwidths, count the number of + nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha. + - Actually log the total bandwidth in compute_weighted_bandwidths(). + Fixes bug 24170; bugfix on 0.2.4.3-alpha. + + o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha): + - Improve the performance of our consensus-diff application code + when Tor is built with the --enable-fragile-hardening option set. + Fixes bug 24826; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (OSX, backport from 0.3.3.1-alpha): + - Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. + + o Minor bugfixes (portability, msvc, backport from 0.3.2.9): + - Fix a bug in the bit-counting parts of our timing-wheel code on + MSVC. (Note that MSVC is still not a supported build platform, due + to cyptographic timing channel risks.) Fixes bug 24633; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (relay, partial backport): + - Make the internal channel_is_client() function look at what sort + of connection handshake the other side used, rather than whether + the other side ever sent a create_fast cell to us. Backports part + of the fixes from bugs 22805 and 24898. + + o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha): + - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on + 0.2.9.4-alpha. + - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; + bugfix on 0.2.9.4-alpha. + + o Code simplification and refactoring (backport from 0.3.3.3-alpha): + - Update the "rust dependencies" submodule to be a project-level + repository, rather than a user repository. Closes ticket 25323. + + +Changes in version 0.2.9.15 - 2018-03-03 + Tor 0.2.9.15 backports important security and stability bugfixes from + later Tor releases. + + It includes an important security fix for a remote crash attack + against directory authorities, tracked as TROVE-2018-001. + + This release also backports our new system for improved resistance to + denial-of-service attacks against relays. + + This release also fixes several minor bugs and annoyances from + earlier releases. + + All directory authorities should upgrade to one of the versions + released today. Relays running 0.2.9.x may wish to update to one of + the versions released today, for the DoS mitigations. + + o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha): + - Fix a protocol-list handling bug that could be used to remotely crash + directory authorities with a null-pointer exception. Fixes bug 25074; + bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and + CVE-2018-0490. + + o Major features (denial-of-service mitigation): + - Give relays some defenses against the recent network overload. We + start with three defenses (default parameters in parentheses). + First: if a single client address makes too many concurrent + connections (>100), hang up on further connections. Second: if a + single client address makes circuits too quickly (more than 3 per + second, with an allowed burst of 90) while also having too many + connections open (3), refuse new create cells for the next while + (1-2 hours). Third: if a client asks to establish a rendezvous + point to you directly, ignore the request. These defenses can be + manually controlled by new torrc options, but relays will also + take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + + o Major bugfixes (bootstrapping): + - Fetch descriptors aggressively whenever we lack enough to build + circuits, regardless of how many descriptors we are missing. + Previously, we would delay launching the fetch when we had fewer + than 15 missing descriptors, even if some of those descriptors + were blocking circuits from building. Fixes bug 23985; bugfix on + 0.1.1.11-alpha. The effects of this bug became worse in + 0.3.0.3-alpha, when we began treating missing descriptors from our + primary guards as a reason to delay circuits. + + o Major bugfixes (onion services, retry behavior): + - Fix an "off by 2" error in counting rendezvous failures on the + onion service side. While we thought we would stop the rendezvous + attempt after one failed circuit, we were actually making three + circuit attempts before giving up. Now switch to a default of 2, + and allow the consensus parameter "hs_service_max_rdv_failures" to + override. Fixes bug 24895; bugfix on 0.0.6. + + o Minor feature (relay statistics): + - Change relay bandwidth reporting stats interval from 4 hours to 24 + hours in order to reduce the efficiency of guard discovery + attacks. Fixes ticket 23856. + + o Minor features (compatibility, OpenSSL): + - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released. + Previous versions of Tor would not have worked with OpenSSL 1.1.1, + since they neither disabled TLS 1.3 nor enabled any of the + ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites. + Closes ticket 24978. + + o Minor features (denial-of-service avoidance): + - Make our OOM handler aware of the geoip client history cache so it + doesn't fill up the memory. This check is important for IPv6 and + our DoS mitigation subsystem. Closes ticket 25122. + + o Minor features (fallback directory mirrors): + - The fallback directory list has been re-generated based on the + current status of the network. Tor uses fallback directories to + bootstrap when it doesn't yet have up-to-date directory + information. Closes ticket 24801. + - Make the default DirAuthorityFallbackRate 0.1, so that clients + prefer to bootstrap from fallback directory mirrors. This is a + follow-up to 24679, which removed weights from the default + fallbacks. Implements ticket 24681. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 + Country database. + + o Minor features (linux seccomp2 sandbox): + - Update the sandbox rules so that they should now work correctly + with Glibc 2.26. Closes ticket 24315. + + o Minor bugfix (channel connection): + - Use the actual observed address of an incoming relay connection, + not the canonical address of the relay from its descriptor, when + making decisions about how to handle the incoming connection. + Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera". + + o Minor bugfix (directory authority): + - Directory authorities, when refusing a descriptor from a rejected + relay, now explicitly tell the relay (in its logs) to set a valid + ContactInfo address and contact the bad-relays@ mailing list. + Fixes bug 25170; bugfix on 0.2.9.1. + + o Minor bugfixes (address selection): + - When the fascist_firewall_choose_address_ functions don't find a + reachable address, set the returned address to the null address + and port. This is a precautionary measure, because some callers do + not check the return value. Fixes bug 24736; bugfix + on 0.2.8.2-alpha. + + o Minor bugfixes (compilation): + - Fix a signed/unsigned comparison warning introduced by our fix to + TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. + + o Minor bugfixes (control port, linux seccomp2 sandbox): + - Avoid a crash when attempting to use the seccomp2 sandbox together + with the OwningControllerProcess feature. Fixes bug 24198; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + + o Minor bugfixes (memory usage): + - When queuing DESTROY cells on a channel, only queue the circuit-id + and reason fields: not the entire 514-byte cell. This fix should + help mitigate any bugs or attacks that fill up these queues, and + free more RAM for other uses. Fixes bug 24666; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (network layer): + - When closing a connection via close_connection_immediately(), we + mark it as "not blocked on bandwidth", to prevent later calls from + trying to unblock it, and give it permission to read. This fixes a + backtrace warning that can happen on relays under various + circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (OSX): + - Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. + + o Minor bugfixes (path selection): + - When selecting relays by bandwidth, avoid a rounding error that + could sometimes cause load to be imbalanced incorrectly. + Previously, we would always round upwards; now, we round towards + the nearest integer. This had the biggest effect when a relay's + weight adjustments should have given it weight 0, but it got + weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha. + - When calculating the fraction of nodes that have descriptors, and + all nodes in the network have zero bandwidths, count the number of + nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha. + - Actually log the total bandwidth in compute_weighted_bandwidths(). + Fixes bug 24170; bugfix on 0.2.4.3-alpha. + + o Minor bugfixes (portability, msvc): + - Fix a bug in the bit-counting parts of our timing-wheel code on + MSVC. (Note that MSVC is still not a supported build platform, due + to cryptographic timing channel risks.) Fixes bug 24633; bugfix + on 0.2.9.1-alpha. + + o Minor bugfixes (relay): + - Make the internal channel_is_client() function look at what sort + of connection handshake the other side used, rather than whether + the other side ever sent a create_fast cell to us. Backports part + of the fixes from bugs 22805 and 24898. + + o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha): + - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on + 0.2.9.4-alpha. + - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; + bugfix on 0.2.9.4-alpha. + + +Changes in version 0.3.2.10 - 2018-03-03 + Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It + backports a number of bugfixes, including important fixes for security + issues. + + It includes an important security fix for a remote crash attack + against directory authorities, tracked as TROVE-2018-001. + + Additionally, it backports a fix for a bug whose severity we have + upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely + triggered in order to crash relays with a use-after-free pattern. As + such, we are now tracking that bug as TROVE-2018-002 and + CVE-2018-0491, and backporting it to earlier releases. This bug + affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version + 0.3.3.1-alpha. + + This release also backports our new system for improved resistance to + denial-of-service attacks against relays. + + This release also fixes several minor bugs and annoyances from + earlier releases. + + Relays running 0.3.2.x SHOULD upgrade to one of the versions released + today, for the fix to TROVE-2018-002. Directory authorities should + also upgrade. (Relays on earlier versions might want to update too for + the DoS mitigations.) + + o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha): + - Fix a protocol-list handling bug that could be used to remotely crash + directory authorities with a null-pointer exception. Fixes bug 25074; + bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and + CVE-2018-0490. + + o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha): + - Avoid adding the same channel twice in the KIST scheduler pending + list, which could lead to remote denial-of-service use-after-free + attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha. + + o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha): + - Give relays some defenses against the recent network overload. We + start with three defenses (default parameters in parentheses). + First: if a single client address makes too many concurrent + connections (>100), hang up on further connections. Second: if a + single client address makes circuits too quickly (more than 3 per + second, with an allowed burst of 90) while also having too many + connections open (3), refuse new create cells for the next while + (1-2 hours). Third: if a client asks to establish a rendezvous + point to you directly, ignore the request. These defenses can be + manually controlled by new torrc options, but relays will also + take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + + o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha): + - Fix an "off by 2" error in counting rendezvous failures on the + onion service side. While we thought we would stop the rendezvous + attempt after one failed circuit, we were actually making three + circuit attempts before giving up. Now switch to a default of 2, + and allow the consensus parameter "hs_service_max_rdv_failures" to + override. Fixes bug 24895; bugfix on 0.0.6. + - New-style (v3) onion services now obey the "max rendezvous circuit + attempts" logic. Previously they would make as many rendezvous + circuit attempts as they could fit in the MAX_REND_TIMEOUT second + window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha. + + o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha): + - Add Link protocol version 5 to the supported protocols list. Fixes + bug 25070; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (relay, backport from 0.3.3.1-alpha): + - Fix a set of false positives where relays would consider + connections to other relays as being client-only connections (and + thus e.g. deserving different link padding schemes) if those + relays fell out of the consensus briefly. Now we look only at the + initial handshake and whether the connection authenticated as a + relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha): + - The scheduler subsystem was failing to promptly notice changes in + consensus parameters, making it harder to switch schedulers + network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha. + + o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha): + - Make our OOM handler aware of the geoip client history cache so it + doesn't fill up the memory. This check is important for IPv6 and + our DoS mitigation subsystem. Closes ticket 25122. + + o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha): + - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released. + Previous versions of Tor would not have worked with OpenSSL 1.1.1, + since they neither disabled TLS 1.3 nor enabled any of the + ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites. + Closes ticket 24978. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 + Country database. + + o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha): + - When logging a failure to create an onion service's descriptor, + also log what the problem with the descriptor was. Diagnostic + for ticket 24972. + + o Minor bugfix (channel connection, backport from 0.3.3.2-alpha): + - Use the actual observed address of an incoming relay connection, + not the canonical address of the relay from its descriptor, when + making decisions about how to handle the incoming connection. + Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera". + + o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + + o Minor bugfix (directory authority, backport from 0.3.3.2-alpha): + - Directory authorities, when refusing a descriptor from a rejected + relay, now explicitly tell the relay (in its logs) to set a valid + ContactInfo address and contact the bad-relays@ mailing list. + Fixes bug 25170; bugfix on 0.2.9.1. + + o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha): + - When building with Rust on OSX, link against libresolv, to work + around the issue at https://github.com/rust-lang/rust/issues/46797. + Fixes bug 24652; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (onion services, backport from 0.3.3.2-alpha): + - Remove a BUG() statement when a client fetches an onion descriptor + that has a lower revision counter than the one in its cache. This + can happen in normal circumstances due to HSDir desync. Fixes bug + 24976; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (logging, backport from 0.3.3.2-alpha): + - Don't treat inability to store a cached consensus object as a bug: + it can happen normally when we are out of disk space. Fixes bug + 24859; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha): + - Improve the performance of our consensus-diff application code + when Tor is built with the --enable-fragile-hardening option set. + Fixes bug 24826; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (OSX, backport from 0.3.3.1-alpha): + - Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. + + o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha): + - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on + 0.2.9.4-alpha. + - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; + bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (testing, backport from 0.3.3.1-alpha): + - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug + 25005; bugfix on 0.3.2.7-rc. + + o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha): + - Look at the "HSRend" protocol version, not the "HSDir" protocol + version, when deciding whether a consensus entry can support the + v3 onion service protocol as a rendezvous point. Fixes bug 25105; + bugfix on 0.3.2.1-alpha. + + o Code simplification and refactoring (backport from 0.3.3.3-alpha): + - Update the "rust dependencies" submodule to be a project-level + repository, rather than a user repository. Closes ticket 25323. + + o Documentation (backport from 0.3.3.1-alpha) + - Document that operators who run more than one relay or bridge are + expected to set MyFamily and ContactInfo correctly. Closes + ticket 24526. + + +Changes in version 0.3.3.3-alpha - 2018-03-03 + Tor 0.3.3.3-alpha is the third alpha release for the 0.3.3.x series. + It includes an important security fix for a remote crash attack + against directory authorities tracked as TROVE-2018-001. + + Additionally, with this release, we are upgrading the severity of a + bug fixed in 0.3.3.2-alpha. Bug 24700, which was fixed in + 0.3.3.2-alpha, can be remotely triggered in order to crash relays with + a use-after-free pattern. As such, we are now tracking that bug as + TROVE-2018-002 and CVE-2018-0491. This bug affected versions + 0.3.2.1-alpha through 0.3.2.9, as well as 0.3.3.1-alpha. + + This release also fixes several minor bugs and annoyances from + earlier releases. + + Relays running 0.3.2.x should upgrade to one of the versions released + today, for the fix to TROVE-2018-002. Directory authorities should + also upgrade. (Relays on earlier versions might want to update too for + the DoS mitigations.) + + o Major bugfixes (denial-of-service, directory authority): + - Fix a protocol-list handling bug that could be used to remotely crash + directory authorities with a null-pointer exception. Fixes bug 25074; + bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and + CVE-2018-0490. + + o Minor features (compatibility, OpenSSL): + - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released. + Previous versions of Tor would not have worked with OpenSSL 1.1.1, + since they neither disabled TLS 1.3 nor enabled any of the + ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites. + Closes ticket 24978. + + o Minor features (logging): + - Clarify the log messages produced when getrandom() or a related + entropy-generation mechanism gives an error. Closes ticket 25120. + + o Minor features (testing): + - Add a "make test-rust" target to run the rust tests only. Closes + ticket 25071. + + o Minor bugfixes (denial-of-service): + - Fix a possible crash on malformed consensus. If a consensus had + contained an unparseable protocol line, it could have made clients + and relays crash with a null-pointer exception. To exploit this + issue, however, an attacker would need to be able to subvert the + directory authority system. Fixes bug 25251; bugfix on + 0.2.9.4-alpha. Also tracked as TROVE-2018-004. + + o Minor bugfixes (DoS mitigation): + - Add extra safety checks when refilling the circuit creation bucket + to ensure we never set a value above the allowed maximum burst. + Fixes bug 25202; bugfix on 0.3.3.2-alpha. + - When a new consensus arrives, don't update our DoS-mitigation + parameters if we aren't a public relay. Fixes bug 25223; bugfix + on 0.3.3.2-alpha. + + o Minor bugfixes (man page, SocksPort): + - Remove dead code from the old "SocksSocket" option, and rename + SocksSocketsGroupWritable to UnixSocksGroupWritable. The old option + still works, but is deprecated. Fixes bug 24343; bugfix on 0.2.6.3. + + o Minor bugfixes (performance): + - Reduce the number of circuits that will be opened at once during + the circuit build timeout phase. This is done by increasing the + idle timeout to 3 minutes, and lowering the maximum number of + concurrent learning circuits to 10. Fixes bug 24769; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (spec conformance): + - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on + 0.2.9.4-alpha. + - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249; + bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (spec conformance, rust): + - Resolve a denial-of-service issue caused by an infinite loop in + the rust protover code. Fixes bug 25250, bugfix on 0.3.3.1-alpha. + Also tracked as TROVE-2018-003. + + o Code simplification and refactoring: + - Update the "rust dependencies" submodule to be a project-level + repository, rather than a user repository. Closes ticket 25323. + + +Changes in version 0.3.3.2-alpha - 2018-02-10 + Tor 0.3.3.2-alpha is the second alpha in the 0.3.3.x series. It + introduces a mechanism to handle the high loads that many relay + operators have been reporting recently. It also fixes several bugs in + older releases. If this new code proves reliable, we plan to backport + it to older supported release series. + + o Major features (denial-of-service mitigation): + - Give relays some defenses against the recent network overload. We + start with three defenses (default parameters in parentheses). + First: if a single client address makes too many concurrent + connections (>100), hang up on further connections. Second: if a + single client address makes circuits too quickly (more than 3 per + second, with an allowed burst of 90) while also having too many + connections open (3), refuse new create cells for the next while + (1-2 hours). Third: if a client asks to establish a rendezvous + point to you directly, ignore the request. These defenses can be + manually controlled by new torrc options, but relays will also + take guidance from consensus parameters, so there's no need to + configure anything manually. Implements ticket 24902. + + o Major bugfixes (netflow padding): + - Stop adding unneeded channel padding right after we finish + flushing to a connection that has been trying to flush for many + seconds. Instead, treat all partial or complete flushes as + activity on the channel, which will defer the time until we need + to add padding. This fix should resolve confusing and scary log + messages like "Channel padding timeout scheduled 221453ms in the + past." Fixes bug 22212; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (protocol versions): + - Add Link protocol version 5 to the supported protocols list. Fixes + bug 25070; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (scheduler, consensus): + - The scheduler subsystem was failing to promptly notice changes in + consensus parameters, making it harder to switch schedulers + network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha. + + o Minor features (denial-of-service avoidance): + - Make our OOM handler aware of the geoip client history cache so it + doesn't fill up the memory. This check is important for IPv6 and + our DoS mitigation subsystem. Closes ticket 25122. + + o Minor features (directory authority): + - When directory authorities are unable to add signatures to a + pending consensus, log the reason why. Closes ticket 24849. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2 + Country database. + + o Minor features (logging, diagnostic): + - When logging a failure to create an onion service's descriptor, + also log what the problem with the descriptor was. Diagnostic for + ticket 24972. + + o Minor bugfix (channel connection): + - Use the actual observed address of an incoming relay connection, + not the canonical address of the relay from its descriptor, when + making decisions about how to handle the incoming connection. + Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera". + + o Minor bugfix (directory authority): + - Directory authorities, when refusing a descriptor from a rejected + relay, now explicitly tell the relay (in its logs) to set a valid + ContactInfo address and contact the bad-relays@ mailing list. + Fixes bug 25170; bugfix on 0.2.9.1. + + o Minor bugfixes (all versions of Tor): + - Use the "misspell" tool to detect and fix typos throughout the + source code. Fixes bug 23650; bugfix on various versions of Tor. + Patch from Deepesh Pathak. + + o Minor bugfixes (circuit, cannibalization): + - Don't cannibalize preemptively-built circuits if we no longer + recognize their first hop. This situation can happen if our Guard + relay went off the consensus after the circuit was created. Fixes + bug 24469; bugfix on 0.0.6. + + o Minor bugfixes (correctness): + - Remove a nonworking, unnecessary check to see whether a circuit + hop's identity digest was set when the circuit failed. Fixes bug + 24927; bugfix on 0.2.4.4-alpha. + + o Minor bugfixes (logging): + - Don't treat inability to store a cached consensus object as a bug: + it can happen normally when we are out of disk space. Fixes bug + 24859; bugfix on 0.3.1.1-alpha. + - Fix a (mostly harmless) race condition when invoking + LOG_PROTOCOL_WARN message from a subthread while the torrc options + are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha. + + o Minor bugfixes (onion services): + - Remove a BUG() statement when a client fetches an onion descriptor + that has a lower revision counter than the one in its cache. This + can happen in normal circumstances due to HSDir desync. Fixes bug + 24976; bugfix on 0.3.2.1-alpha. + - If we are configured to offer a single onion service, don't log + long-term established one hop rendezvous points in the heartbeat. + Fixes bug 25116; bugfix on 0.2.9.6-rc. + + o Minor bugfixes (performance): + - Avoid calling protocol_list_supports_protocol() from inside tight + loops when running with cached routerinfo_t objects. Instead, + summarize the relevant protocols as flags in the routerinfo_t, as + we do for routerstatus_t objects. This change simplifies our code + a little, and saves a large amount of short-term memory allocation + operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha. + + o Minor bugfixes (Rust FFI): + - Fix a minor memory leak which would happen whenever the C code + would call the Rust implementation of + protover_get_supported_protocols(). This was due to the C version + returning a static string, whereas the Rust version newly allocated + a CString to pass across the FFI boundary. Consequently, the C + code was not expecting to need to free() what it was given. Fixes + bug 25127; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (scheduler, KIST): + - Avoid adding the same channel twice in the KIST scheduler pending + list, which would waste CPU cycles. Fixes bug 24700; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (unit test, monotonic time): + - Increase a constant (1msec to 10msec) in the monotonic time test + that makes sure the nsec/usec/msec times read are synchronized. + This change was needed to accommodate slow systems like armel or + when the clock_gettime() is not a VDSO on the running kernel. + Fixes bug 25113; bugfix on 0.2.9.1. + + o Minor bugfixes (v3 onion services): + - Look at the "HSRend" protocol version, not the "HSDir" protocol + version, when deciding whether a consensus entry can support the + v3 onion service protocol as a rendezvous point. Fixes bug 25105; + bugfix on 0.3.2.1-alpha. + + o Code simplification and refactoring: + - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes + ticket 25108. + - Remove a series of counters used to track circuit extend attempts + and connection status but that in reality we aren't using for + anything other than stats logged by a SIGUSR1 signal. Closes + ticket 25163. + + o Documentation (man page): + - The HiddenServiceVersion torrc option accepts only one number: + either version 2 or 3. Closes ticket 25026; bugfix + on 0.3.2.2-alpha. + + +Changes in version 0.3.3.1-alpha - 2018-01-25 + Tor 0.3.3.1-alpha is the first release in the 0.3.3.x series. It adds + several new features to Tor, including several improvements to + bootstrapping, and support for an experimental "vanguards" feature to + resist guard discovery attacks. This series also includes better + support for applications that need to embed Tor or manage v3 + onion services. + + o Major features (embedding): + - There is now a documented stable API for programs that need to + embed Tor. See tor_api.h for full documentation and known bugs. + Closes ticket 23684. + - Tor now has support for restarting in the same process. + Controllers that run Tor using the "tor_api.h" interface can now + restart Tor after Tor has exited. This support is incomplete, + however: we fixed crash bugs that prevented it from working at + all, but many bugs probably remain, including a possibility of + security issues. Implements ticket 24581. + + o Major features (IPv6, directory documents): + - Add consensus method 27, which adds IPv6 ORPorts to the microdesc + consensus. This information makes it easier for IPv6 clients to + bootstrap and choose reachable entry guards. Implements ticket 23826. + - Add consensus method 28, which removes IPv6 ORPorts from + microdescriptors. Now that the consensus contains IPv6 ORPorts, they + are redundant in microdescs. This change will be used by Tor clients + on 0.2.8.x and later. (That is to say, with all Tor clients that + have IPv6 bootstrap and guard support.) Implements ticket 23828. + - Expand the documentation for AuthDirHasIPv6Connectivity when it is + set by different numbers of authorities. Fixes 23870 + on 0.2.4.1-alpha. + + o Major features (onion service v3, control port): + - The control port now supports commands and events for v3 onion + services. It is now possible to create ephemeral v3 services using + ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT, + CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and + DEL_ONION) have been extended to support v3 onion services. Closes + ticket 20699; implements proposal 284. + + o Major features (onion services): + - Provide torrc options to pin the second and third hops of onion + service circuits to a list of nodes. The option HSLayer2Guards + pins the second hop, and the option HSLayer3Guards pins the third + hop. These options are for use in conjunction with experiments + with "vanguards" for preventing guard enumeration attacks. Closes + ticket 13837. + + o Major features (rust, portability, experimental): + - Tor now ships with an optional implementation of one of its + smaller modules (protover.c) in the Rust programming language. To + try it out, install a Rust build environment, and configure Tor + with "--enable-rust --enable-cargo-online-mode". This should not + cause any user-visible changes, but should help us gain more + experience with Rust, and plan future Rust integration work. + Implementation by Chelsea Komlo. Closes ticket 22840. + + o Minor features (storage, configuration): + - Users can store cached directory documents somewhere other than + the DataDirectory by using the CacheDirectory option. Similarly, + the storage location for relay's keys can be overridden with the + KeyDirectory option. Closes ticket 22703. + + o Major features (v3 onion services, ipv6): + - When v3 onion service clients send introduce cells, they now + include the IPv6 address of the rendezvous point, if it has one. + Current v3 onion services running 0.3.2 ignore IPv6 addresses, but + in future Tor versions, IPv6-only v3 single onion services will be + able to use IPv6 addresses to connect directly to the rendezvous + point. Closes ticket 23577. Patch by Neel Chauhan. + + o Major bugfixes (onion services, retry behavior): + - Fix an "off by 2" error in counting rendezvous failures on the + onion service side. While we thought we would stop the rendezvous + attempt after one failed circuit, we were actually making three + circuit attempts before giving up. Now switch to a default of 2, + and allow the consensus parameter "hs_service_max_rdv_failures" to + override. Fixes bug 24895; bugfix on 0.0.6. + - New-style (v3) onion services now obey the "max rendezvous circuit + attempts" logic. Previously they would make as many rendezvous + circuit attempts as they could fit in the MAX_REND_TIMEOUT second + window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha. + + o Major bugfixes (relays): + - Fix a set of false positives where relays would consider + connections to other relays as being client-only connections (and + thus e.g. deserving different link padding schemes) if those + relays fell out of the consensus briefly. Now we look only at the + initial handshake and whether the connection authenticated as a + relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha. + + o Minor feature (IPv6): + - Make IPv6-only clients wait for microdescs for relays, even if we + were previously using descriptors (or were using them as a bridge) + and have a cached descriptor for them. Implements ticket 23827. + - When a consensus has IPv6 ORPorts, make IPv6-only clients use + them, rather than waiting to download microdescriptors. + Implements ticket 23827. + + o Minor features (cleanup): + - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile + when it stops. Closes ticket 23271. + + o Minor features (defensive programming): + - Most of the functions in Tor that free objects have been replaced + with macros that free the objects and set the corresponding + pointers to NULL. This change should help prevent a large class of + dangling pointer bugs. Closes ticket 24337. + - Where possible, the tor_free() macro now only evaluates its input + once. Part of ticket 24337. + - Check that microdesc ed25519 ids are non-zero in + node_get_ed25519_id() before returning them. Implements ticket + 24001, patch by "aruna1234". + + o Minor features (embedding): + - Tor can now start with a preauthenticated control connection + created by the process that launched it. This feature is meant for + use by programs that want to launch and manage a Tor process + without allowing other programs to manage it as well. For more + information, see the __OwningControllerFD option documented in + control-spec.txt. Closes ticket 23900. + - On most errors that would cause Tor to exit, it now tries to + return from the tor_main() function, rather than calling the + system exit() function. Most users won't notice a difference here, + but it should be significant for programs that run Tor inside + a separate thread: they should now be able to survive Tor's exit + conditions rather than having Tor shut down the entire process. + Closes ticket 23848. + - Applications that want to embed Tor can now tell Tor not to + register any of its own POSIX signal handlers, using the + __DisableSignalHandlers option. Closes ticket 24588. + + o Minor features (fallback directory list): + - Avoid selecting fallbacks that change their IP addresses too + often. Select more fallbacks by ignoring the Guard flag, and + allowing lower cutoffs for the Running and V2Dir flags. Also allow + a lower bandwidth, and a higher number of fallbacks per operator + (5% of the list). Implements ticket 24785. + - Update the fallback whitelist and blacklist based on opt-ins and + relay changes. Closes tickets 22321, 24678, 22527, 24135, + and 24695. + + o Minor features (fallback directory mirror configuration): + - Add a nickname to each fallback in a C comment. This makes it + easier for operators to find their relays, and allows stem to use + nicknames to identify fallbacks. Implements ticket 24600. + - Add a type and version header to the fallback directory mirror + file. Also add a delimiter to the end of each fallback entry. This + helps external parsers like stem and Relay Search. Implements + ticket 24725. + - Add an extrainfo cache flag for each fallback in a C comment. This + allows stem to use fallbacks to fetch extra-info documents, rather + than using authorities. Implements ticket 22759. + - Add the generateFallbackDirLine.py script for automatically + generating fallback directory mirror lines from relay fingerprints. + No more typos! Add the lookupFallbackDirContact.py script for + automatically looking up operator contact info from relay + fingerprints. Implements ticket 24706, patch by teor and atagar. + - Reject any fallback directory mirror that serves an expired + consensus. Implements ticket 20942, patch by "minik". + - Remove commas and equals signs from external string inputs to the + fallback list. This avoids format confusion attacks. Implements + ticket 24726. + - Remove the "weight=10" line from fallback directory mirror + entries. Ticket 24681 will maintain the current fallback weights + by changing Tor's default fallback weight to 10. Implements + ticket 24679. + - Stop logging excessive information about fallback netblocks. + Implements ticket 24791. + + o Minor features (forward-compatibility): + - If a relay supports some link authentication protocol that we do + not recognize, then include that relay's ed25519 key when telling + other relays to extend to it. Previously, we treated future + versions as if they were too old to support ed25519 link + authentication. Closes ticket 20895. + + o Minor features (heartbeat): + - Add onion service information to our heartbeat logs, displaying + stats about the activity of configured onion services. Closes + ticket 24896. + + o Minor features (instrumentation, development): + - Add the MainloopStats option to allow developers to get + instrumentation information from the main event loop via the + heartbeat messages. We hope to use this to improve Tor's behavior + when it's trying to sleep. Closes ticket 24605. + + o Minor features (log messages): + - Improve a warning message that happens when we fail to re-parse an + old router because of an expired certificate. Closes ticket 20020. + - Make the log more quantitative when we hit MaxMemInQueues + threshold exposing some values. Closes ticket 24501. + + o Minor features (logging, android): + - Added support for the Android logging subsystem. Closes + ticket 24362. + + o Minor features (performance): + - Support predictive circuit building for onion service circuits + with multiple layers of guards. Closes ticket 23101. + - Use stdatomic.h where available, rather than mutexes, to implement + atomic_counter_t. Closes ticket 23953. + + o Minor features (performance, 32-bit): + - Improve performance on 32-bit systems by avoiding 64-bit division + when calculating the timestamp in milliseconds for channel padding + computations. Implements ticket 24613. + - Improve performance on 32-bit systems by avoiding 64-bit division + when timestamping cells and buffer chunks for OOM calculations. + Implements ticket 24374. + + o Minor features (performance, OSX, iOS): + - Use the mach_approximate_time() function (when available) to + implement coarse monotonic time. Having a coarse time function + should avoid a large number of system calls, and improve + performance slightly, especially under load. Closes ticket 24427. + + o Minor features (performance, windows): + - Improve performance on Windows Vista and Windows 7 by adjusting + TCP send window size according to the recommendation from + SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch + from Vort. + + o Major features (relay): + - Implement an option, ReducedExitPolicy, to allow an Tor exit relay + operator to use a more reasonable ("reduced") exit policy, rather + than the default one. If you want to run an exit node without + thinking too hard about which ports to allow, this one is for you. + Closes ticket 13605. Patch from Neel Chauhan. + + o Minor features (testing, debugging, embedding): + - For development purposes, Tor now has a mode in which it runs for + a few seconds, then stops, and starts again without exiting the + process. This mode is meant to help us debug various issues with + ticket 23847. To use this feature, compile with + --enable-restart-debugging, and set the TOR_DEBUG_RESTART + environment variable. This is expected to crash a lot, and is + really meant for developers only. It will likely be removed in a + future release. Implements ticket 24583. + + o Minor bugfix (network IPv6 test): + - Tor's test scripts now check if "ping -6 ::1" works when the user + runs "make test-network-all". Fixes bug 24677; bugfix on + 0.2.9.3-alpha. Patch by "ffmancera". + + o Minor bugfixes (build, rust): + - Fix output of autoconf checks to display success messages for Rust + dependencies and a suitable rustc compiler version. Fixes bug + 24612; bugfix on 0.3.1.3-alpha. + - When building with Rust on OSX, link against libresolv, to work + around the issue at https://github.com/rust-lang/rust/issues/46797. + Fixes bug 24652; bugfix on 0.3.1.1-alpha. + - Don't pass the --quiet option to cargo: it seems to suppress some + errors, which is not what we want to do when building. Fixes bug + 24518; bugfix on 0.3.1.7. + - Build correctly when building from outside Tor's source tree with + the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix + on 0.3.1.7. + + o Minor bugfixes (directory authorities, IPv6): + - When creating a routerstatus (vote) from a routerinfo (descriptor), + set the IPv6 address to the unspecified IPv6 address, and + explicitly initialize the port to zero. Fixes bug 24488; bugfix + on 0.2.4.1-alpha. + + o Minor bugfixes (fallback directory mirrors): + - Make updateFallbackDirs.py search harder for python. (Some OSs + don't put it in /usr/bin.) Fixes bug 24708; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (hibernation, bandwidth accounting, shutdown): + - When hibernating, close connections normally and allow them to + flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes + bug 7267. + - Do not attempt to launch self-reachability tests when entering + hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5. + - Resolve several bugs related to descriptor fetching on bridge + clients with bandwidth accounting enabled. (This combination is + not recommended!) Fixes a case of bug 12062; bugfix + on 0.2.0.3-alpha. + - When hibernating, do not attempt to launch DNS checks. Fixes a + case of bug 12062; bugfix on 0.1.2.2-alpha. + - When hibernating, do not try to upload or download descriptors. + Fixes a case of bug 12062; bugfix on 0.0.9pre5. + + o Minor bugfixes (IPv6, bridges): + - Tor now always sets IPv6 preferences for bridges. Fixes bug 24573; + bugfix on 0.2.8.2-alpha. + - Tor now sets IPv6 address in the routerstatus as well as in the + router descriptors when updating addresses for a bridge. Closes + ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera". + + o Minor bugfixes (linux seccomp2 sandbox): + - When running with the sandbox enabled, reload configuration files + correctly even when %include was used. Previously we would crash. + Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto. + + o Minor bugfixes (memory leaks): + - Avoid possible at-exit memory leaks related to use of Libevent's + event_base_once() function. (This function tends to leak memory if + the event_base is closed before the event fires.) Fixes bug 24584; + bugfix on 0.2.8.1-alpha. + - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix + on 0.2.1.1-alpha. + + o Minor bugfixes (OSX): + - Don't exit the Tor process if setrlimit() fails to change the file + limit (which can happen sometimes on some versions of OSX). Fixes + bug 21074; bugfix on 0.0.9pre5. + + o Minor bugfixes (performance, fragile-hardening): + - Improve the performance of our consensus-diff application code + when Tor is built with the --enable-fragile-hardening option set. + Fixes bug 24826; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (performance, timeouts): + - Consider circuits for timeout as soon as they complete a hop. This + is more accurate than applying the timeout in + circuit_expire_building() because that function is only called + once per second, which is now too slow for typical timeouts on the + current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha. + - Use onion service circuits (and other circuits longer than 3 hops) + to calculate a circuit build timeout. Previously, Tor only + calculated its build timeout based on circuits that planned to be + exactly 3 hops long. With this change, we include measurements + from all circuits at the point where they complete their third + hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha. + + o Minor bugfixes (testing): + - Give out Exit flags in bootstrapping networks. Fixes bug 24137; + bugfix on 0.2.3.1-alpha. + - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug + 25005; bugfix on 0.3.2.7-rc. + + o Code simplification and refactoring: + - Remove /usr/athena from search path in configure.ac. Closes + ticket 24363. + - Remove duplicate code in node_has_curve25519_onion_key() and + node_get_curve25519_onion_key(), and add a check for a zero + microdesc curve25519 onion key. Closes ticket 23966, patch by + "aruna1234" and teor. + - Rewrite channel_rsa_id_group_set_badness to reduce temporary + memory allocations with large numbers of OR connections (e.g. + relays). Closes ticket 24119. + - Separate the function that deletes ephemeral files when Tor + stops gracefully. + - Small changes to Tor's buf_t API to make it suitable for use as a + general-purpose safe string constructor. Closes ticket 22342. + - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to + avoid source code identifier confusion. Closes ticket 24467. + - The tor_git_revision[] constant no longer needs to be redeclared + by everything that links against the rest of Tor. Done as part of + ticket 23845, to simplify our external API. + - We make extend_info_from_node() use node_get_curve25519_onion_key() + introduced in ticket 23577 to access the curve25519 public keys + rather than accessing it directly. Closes ticket 23760. Patch by + Neel Chauhan. + - Add a function to log channels' scheduler state changes to aid + debugging efforts. Closes ticket 24531. + + o Documentation: + - Add documentation on how to build tor with Rust dependencies + without having to be online. Closes ticket 22907; bugfix + on 0.3.0.3-alpha. + - Clarify the behavior of RelayBandwidth{Rate,Burst} with client + traffic. Closes ticket 24318. + - Document that OutboundBindAddress doesn't apply to DNS requests. + Closes ticket 22145. Patch from Aruna Maurya. + - Document that operators who run more than one relay or bridge are + expected to set MyFamily and ContactInfo correctly. Closes + ticket 24526. + + o Code simplification and refactoring (channels): + - Remove the incoming and outgoing channel queues. These were never + used, but still took up a step in our fast path. + - The majority of the channel unit tests have been rewritten and the + code coverage has now been raised to 83.6% for channel.c. Closes + ticket 23709. + - Remove other dead code from the channel subsystem: All together, + this cleanup has removed more than 1500 lines of code overall and + adding very little except for unit test. + + o Code simplification and refactoring (circuit rendezvous): + - Split the client-side rendezvous circuit lookup into two + functions: one that returns only established circuits and another + that returns all kinds of circuits. Closes ticket 23459. + + o Code simplification and refactoring (controller): + - Make most of the variables in networkstatus_getinfo_by_purpose() + const. Implements ticket 24489. + + +Changes in version 0.3.2.9 - 2018-01-09 + Tor 0.3.2.9 is the first stable release in the 0.3.2 series. + + The 0.3.2 series includes our long-anticipated new onion service + design, with numerous security features. (For more information, see + our blog post at https://blog.torproject.org/fall-harvest.) We also + have a new circuit scheduler algorithm for improved performance on + relays everywhere (see https://blog.torproject.org/kist-and-tell), + along with many smaller features and bugfixes. + + Per our stable release policy, we plan to support each stable release + series for at least the next nine months, or for three months after + the first stable release of the next series: whichever is longer. If + you need a release with long-term support, we recommend that you stay + with the 0.2.9 series. + + Below is a list of the changes since 0.3.2.8-rc. For a list of all + changes since 0.3.1, see the ReleaseNotes file. + + o Minor features (fallback directory mirrors): + - The fallback directory list has been re-generated based on the + current status of the network. Tor uses fallback directories to + bootstrap when it doesn't yet have up-to-date directory + information. Closes ticket 24801. + - Make the default DirAuthorityFallbackRate 0.1, so that clients + prefer to bootstrap from fallback directory mirrors. This is a + follow-up to 24679, which removed weights from the default + fallbacks. Implements ticket 24681. + + o Minor features (geoip): + - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (address selection): + - When the fascist_firewall_choose_address_ functions don't find a + reachable address, set the returned address to the null address + and port. This is a precautionary measure, because some callers do + not check the return value. Fixes bug 24736; bugfix + on 0.2.8.2-alpha. + + o Minor bugfixes (compilation): + - Resolve a few shadowed-variable warnings in the onion service + code. Fixes bug 24634; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (portability, msvc): + - Fix a bug in the bit-counting parts of our timing-wheel code on + MSVC. (Note that MSVC is still not a supported build platform, due + to cryptographic timing channel risks.) Fixes bug 24633; bugfix + on 0.2.9.1-alpha. + + +Changes in version 0.3.2.8-rc - 2017-12-21 + Tor 0.3.2.8-rc fixes a pair of bugs in the KIST and KISTLite + schedulers that had led servers under heavy load to overload their + outgoing connections. All relay operators running earlier 0.3.2.x + versions should upgrade. This version also includes a mitigation for + over-full DESTROY queues leading to out-of-memory conditions: if it + works, we will soon backport it to earlier release series. + + This is the second release candidate in the 0.3.2 series. If we find + no new bugs or regression here, then the first stable 0.3.2 release + will be nearly identical to this. + + o Major bugfixes (KIST, scheduler): + - The KIST scheduler did not correctly account for data already + enqueued in each connection's send socket buffer, particularly in + cases when the TCP/IP congestion window was reduced between + scheduler calls. This situation lead to excessive per-connection + buffering in the kernel, and a potential memory DoS. Fixes bug + 24665; bugfix on 0.3.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (hidden service v3): + - Bump hsdir_spread_store parameter from 3 to 4 in order to increase + the probability of reaching a service for a client missing + microdescriptors. Fixes bug 24425; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (memory usage): + - When queuing DESTROY cells on a channel, only queue the circuit-id + and reason fields: not the entire 514-byte cell. This fix should + help mitigate any bugs or attacks that fill up these queues, and + free more RAM for other uses. Fixes bug 24666; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (scheduler, KIST): + - Use a sane write limit for KISTLite when writing onto a connection + buffer instead of using INT_MAX and shoving as much as it can. + Because the OOM handler cleans up circuit queues, we are better + off at keeping them in that queue instead of the connection's + buffer. Fixes bug 24671; bugfix on 0.3.2.1-alpha. + + +Changes in version 0.3.2.7-rc - 2017-12-14 + Tor 0.3.2.7-rc fixes various bugs in earlier versions of Tor, + including some that could affect reliability or correctness. + + This is the first release candidate in the 0.3.2 series. If we find no + new bugs or regression here, then the first stable 0.3.2. release will + be nearly identical to this. + + o Major bugfixes (circuit prediction): + - Fix circuit prediction logic so that a client doesn't treat a port + as being "handled" by a circuit if that circuit already has + isolation settings on it. This change should make Tor clients more + responsive by improving their chances of having a pre-created + circuit ready for use when a request arrives. Fixes bug 18859; + bugfix on 0.2.3.3-alpha. + + o Minor features (logging): + - Provide better warnings when the getrandom() syscall fails. Closes + ticket 24500. + + o Minor features (portability): + - Tor now compiles correctly on arm64 with libseccomp-dev installed. + (It doesn't yet work with the sandbox enabled.) Closes + ticket 24424. + + o Minor bugfixes (bridge clients, bootstrap): + - Retry directory downloads when we get our first bridge descriptor + during bootstrap or while reconnecting to the network. Keep + retrying every time we get a bridge descriptor, until we have a + reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha. + - Stop delaying bridge descriptor fetches when we have cached bridge + descriptors. Instead, only delay bridge descriptor fetches when we + have at least one reachable bridge. Fixes part of bug 24367; + bugfix on 0.2.0.3-alpha. + - Stop delaying directory fetches when we have cached bridge + descriptors. Instead, only delay bridge descriptor fetches when + all our bridges are definitely unreachable. Fixes part of bug + 24367; bugfix on 0.2.0.3-alpha. + + o Minor bugfixes (compilation): + - Fix a signed/unsigned comparison warning introduced by our fix to + TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16. + + o Minor bugfixes (correctness): + - Fix several places in our codebase where a C compiler would be + likely to eliminate a check, based on assuming that undefined + behavior had not happened elsewhere in the code. These cases are + usually a sign of redundant checking or dubious arithmetic. Found + by Georg Koppen using the "STACK" tool from Wang, Zeldovich, + Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various + Tor versions. + + o Minor bugfixes (onion service v3): + - Fix a race where an onion service would launch a new intro circuit + after closing an old one, but fail to register it before freeing + the previously closed circuit. This bug was making the service + unable to find the established intro circuit and thus not upload + its descriptor, thus making a service unavailable for up to 24 + hours. Fixes bug 23603; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (scheduler, KIST): + - Properly set the scheduler state of an unopened channel in the + KIST scheduler main loop. This prevents a harmless but annoying + log warning. Fixes bug 24502; bugfix on 0.3.2.4-alpha. + - Avoid a possible integer overflow when computing the available + space on the TCP buffer of a channel. This had no security + implications; but could make KIST allow too many cells on a + saturated connection. Fixes bug 24590; bugfix on 0.3.2.1-alpha. + - Downgrade to "info" a harmless warning about the monotonic time + moving backwards: This can happen on platform not supporting + monotonic time. Fixes bug 23696; bugfix on 0.3.2.1-alpha. + + +Changes in version 0.3.2.6-alpha - 2017-12-01 + This version of Tor is the latest in the 0.3.2 alpha series. It + includes fixes for several important security issues. All Tor users + should upgrade to this release, or to one of the other releases coming + out today. + + o Major bugfixes (security): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - Fix a denial of service issue where an attacker could crash a + directory authority using a malformed router descriptor. Fixes bug + 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 + and CVE-2017-8820. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, onion service v2): + - Fix a use-after-free error that could crash v2 Tor onion services + when they failed to open circuits while expiring introduction + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is + also tracked as TROVE-2017-013 and CVE-2017-8823. + + o Major bugfixes (security, relay): + - When running as a relay, make sure that we never build a path + through ourselves, even in the case where we have somehow lost the + version of our descriptor appearing in the consensus. Fixes part + of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked + as TROVE-2017-012 and CVE-2017-8822. + - When running as a relay, make sure that we never choose ourselves + as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This + issue is also tracked as TROVE-2017-012 and CVE-2017-8822. + + o Minor feature (relay statistics): + - Change relay bandwidth reporting stats interval from 4 hours to 24 + hours in order to reduce the efficiency of guard discovery + attacks. Fixes ticket 23856. + + o Minor features (directory authority): + - Add an IPv6 address for the "bastet" directory authority. Closes + ticket 24394. + + o Minor bugfixes (client): + - By default, do not enable storage of client-side DNS values. These + values were unused by default previously, but they should not have + been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha. + + +Changes in version 0.3.1.9 - 2017-12-01: + Tor 0.3.1.9 backports important security and stability fixes from the + 0.3.2 development series. All Tor users should upgrade to this + release, or to another of the releases coming out today. + + o Major bugfixes (security, backport from 0.3.2.6-alpha): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - Fix a denial of service issue where an attacker could crash a + directory authority using a malformed router descriptor. Fixes bug + 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 + and CVE-2017-8820. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha): + - Fix a use-after-free error that could crash v2 Tor onion services + when they failed to open circuits while expiring introduction + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is + also tracked as TROVE-2017-013 and CVE-2017-8823. + + o Major bugfixes (security, relay, backport from 0.3.2.6-alpha): + - When running as a relay, make sure that we never build a path + through ourselves, even in the case where we have somehow lost the + version of our descriptor appearing in the consensus. Fixes part + of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked + as TROVE-2017-012 and CVE-2017-8822. + - When running as a relay, make sure that we never choose ourselves + as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This + issue is also tracked as TROVE-2017-012 and CVE-2017-8822. + + o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha): + - Fix an issue causing DNS to fail on high-bandwidth exit nodes, + making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on + 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for + identifying and finding a workaround to this bug and to Moritz, + Arthur Edelstein, and Roger for helping to track it down and + analyze it. + + o Minor features (bridge): + - Bridges now include notice in their descriptors that they are + bridges, and notice of their distribution status, based on their + publication settings. Implements ticket 18329. For more fine- + grained control of how a bridge is distributed, upgrade to 0.3.2.x + or later. + + o Minor features (directory authority, backport from 0.3.2.6-alpha): + - Add an IPv6 address for the "bastet" directory authority. Closes + ticket 24394. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha): + - Avoid unnecessary calls to directory_fetches_from_authorities() on + relays, to prevent spurious address resolutions and descriptor + rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; + bugfix on in 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.2.1-alpha): + - Fix unused variable warnings in donna's Curve25519 SSE2 code. + Fixes bug 22895; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha): + - When a circuit is marked for close, do not attempt to package any + cells for channels on that circuit. Previously, we would detect + this condition lower in the call stack, when we noticed that the + circuit had no attached channel, and log an annoying message. + Fixes bug 8185; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (onion service, backport from 0.3.2.5-alpha): + - Rename the consensus parameter "hsdir-interval" to "hsdir_interval" + so it matches dir-spec.txt. Fixes bug 24262; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha): + - Avoid a crash when transitioning from client mode to bridge mode. + Previously, we would launch the worker threads whenever our + "public server" mode changed, but not when our "server" mode + changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha. + + +Changes in version 0.3.0.13 - 2017-12-01 + Tor 0.3.0.13 backports important security and stability bugfixes from + later Tor releases. All Tor users should upgrade to this release, or + to another of the releases coming out today. + + Note: the Tor 0.3.0 series will no longer be supported after 26 Jan + 2018. If you need a release with long-term support, please stick with + the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later. + + o Major bugfixes (security, backport from 0.3.2.6-alpha): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - Fix a denial of service issue where an attacker could crash a + directory authority using a malformed router descriptor. Fixes bug + 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 + and CVE-2017-8820. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha): + - Fix a use-after-free error that could crash v2 Tor onion services + when they failed to open circuits while expiring introduction + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is + also tracked as TROVE-2017-013 and CVE-2017-8823. + + o Major bugfixes (security, relay, backport from 0.3.2.6-alpha): + - When running as a relay, make sure that we never build a path + through ourselves, even in the case where we have somehow lost the + version of our descriptor appearing in the consensus. Fixes part + of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked + as TROVE-2017-012 and CVE-2017-8822. + - When running as a relay, make sure that we never choose ourselves + as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This + issue is also tracked as TROVE-2017-012 and CVE-2017-8822. + + o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha): + - Fix an issue causing DNS to fail on high-bandwidth exit nodes, + making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on + 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for + identifying and finding a workaround to this bug and to Moritz, + Arthur Edelstein, and Roger for helping to track it down and + analyze it. + + o Minor features (security, windows, backport from 0.3.1.1-alpha): + - Enable a couple of pieces of Windows hardening: one + (HeapEnableTerminationOnCorruption) that has been on-by-default + since Windows 8, and unavailable before Windows 7; and one + (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't + affect us, but shouldn't do any harm. Closes ticket 21953. + + o Minor features (bridge, backport from 0.3.1.9): + - Bridges now include notice in their descriptors that they are + bridges, and notice of their distribution status, based on their + publication settings. Implements ticket 18329. For more fine- + grained control of how a bridge is distributed, upgrade to 0.3.2.x + or later. + + o Minor features (directory authority, backport from 0.3.2.6-alpha): + - Add an IPv6 address for the "bastet" directory authority. Closes + ticket 24394. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha): + - Avoid unnecessary calls to directory_fetches_from_authorities() on + relays, to prevent spurious address resolutions and descriptor + rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; + bugfix on in 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.2.1-alpha): + - Fix unused variable warnings in donna's Curve25519 SSE2 code. + Fixes bug 22895; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha): + - When a circuit is marked for close, do not attempt to package any + cells for channels on that circuit. Previously, we would detect + this condition lower in the call stack, when we noticed that the + circuit had no attached channel, and log an annoying message. + Fixes bug 8185; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha): + - Avoid a crash when transitioning from client mode to bridge mode. + Previously, we would launch the worker threads whenever our + "public server" mode changed, but not when our "server" mode + changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (testing, backport from 0.3.1.6-rc): + - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; + bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij. + + +Changes in version 0.2.9.14 - 2017-12-01 + Tor 0.3.0.13 backports important security and stability bugfixes from + later Tor releases. All Tor users should upgrade to this release, or + to another of the releases coming out today. + + o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha): + - Fix an issue causing DNS to fail on high-bandwidth exit nodes, + making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on + 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for + identifying and finding a workaround to this bug and to Moritz, + Arthur Edelstein, and Roger for helping to track it down and + analyze it. + + o Major bugfixes (security, backport from 0.3.2.6-alpha): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - Fix a denial of service issue where an attacker could crash a + directory authority using a malformed router descriptor. Fixes bug + 24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010 + and CVE-2017-8820. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha): + - Fix a use-after-free error that could crash v2 Tor onion services + when they failed to open circuits while expiring introduction + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is + also tracked as TROVE-2017-013 and CVE-2017-8823. + + o Major bugfixes (security, relay, backport from 0.3.2.6-alpha): + - When running as a relay, make sure that we never build a path + through ourselves, even in the case where we have somehow lost the + version of our descriptor appearing in the consensus. Fixes part + of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked + as TROVE-2017-012 and CVE-2017-8822. + + o Minor features (bridge, backport from 0.3.1.9): + - Bridges now include notice in their descriptors that they are + bridges, and notice of their distribution status, based on their + publication settings. Implements ticket 18329. For more fine- + grained control of how a bridge is distributed, upgrade to 0.3.2.x + or later. + + o Minor features (directory authority, backport from 0.3.2.6-alpha): + - Add an IPv6 address for the "bastet" directory authority. Closes + ticket 24394. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + o Minor features (security, windows, backport from 0.3.1.1-alpha): + - Enable a couple of pieces of Windows hardening: one + (HeapEnableTerminationOnCorruption) that has been on-by-default + since Windows 8, and unavailable before Windows 7; and one + (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't + affect us, but shouldn't do any harm. Closes ticket 21953. + + o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha): + - Avoid unnecessary calls to directory_fetches_from_authorities() on + relays, to prevent spurious address resolutions and descriptor + rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; + bugfix on in 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.2.1-alpha): + - Fix unused variable warnings in donna's Curve25519 SSE2 code. + Fixes bug 22895; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha): + - When a circuit is marked for close, do not attempt to package any + cells for channels on that circuit. Previously, we would detect + this condition lower in the call stack, when we noticed that the + circuit had no attached channel, and log an annoying message. + Fixes bug 8185; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha): + - Avoid a crash when transitioning from client mode to bridge mode. + Previously, we would launch the worker threads whenever our + "public server" mode changed, but not when our "server" mode + changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (testing, backport from 0.3.1.6-rc): + - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; + bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij. + + +Changes in version 0.2.8.17 - 2017-12-01 + Tor 0.2.8.17 backports important security and stability bugfixes from + later Tor releases. All Tor users should upgrade to this release, or + to another of the releases coming out today. + + Note: the Tor 0.2.8 series will no longer be supported after 1 Jan + 2018. If you need a release with long-term support, please upgrade with + the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later. + + o Major bugfixes (security, backport from 0.3.2.6-alpha): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha): + - Fix a use-after-free error that could crash v2 Tor onion services + when they failed to open circuits while expiring introduction + points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is + also tracked as TROVE-2017-013 and CVE-2017-8823. + + o Major bugfixes (security, relay, backport from 0.3.2.6-alpha): + - When running as a relay, make sure that we never build a path through + ourselves, even in the case where we have somehow lost the version of + our descriptor appearing in the consensus. Fixes part of bug 21534; + bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012 + and CVE-2017-8822. + + o Minor features (bridge, backport from 0.3.1.9): + - Bridges now include notice in their descriptors that they are + bridges, and notice of their distribution status, based on their + publication settings. Implements ticket 18329. For more fine- + grained control of how a bridge is distributed, upgrade to 0.3.2.x + or later. + + o Minor features (directory authority, backport from 0.3.2.6-alpha): + - Add an IPv6 address for the "bastet" directory authority. Closes + ticket 24394. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (testing, backport from 0.3.1.6-rc): + - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; + bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij. + + +Changes in version 0.2.5.16 - 2017-12-01 + Tor 0.2.5.13 backports important security and stability bugfixes from + later Tor releases. All Tor users should upgrade to this release, or + to another of the releases coming out today. + + Note: the Tor 0.2.5 series will no longer be supported after 1 May + 2018. If you need a release with long-term support, please upgrade to + the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later. + + o Major bugfixes (security, backport from 0.3.2.6-alpha): + - Fix a denial of service bug where an attacker could use a + malformed directory object to cause a Tor instance to pause while + OpenSSL would try to read a passphrase from the terminal. (Tor + instances run without a terminal, which is the case for most Tor + packages, are not impacted.) Fixes bug 24246; bugfix on every + version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821. + Found by OSS-Fuzz as testcase 6360145429790720. + - When checking for replays in the INTRODUCE1 cell data for a + (legacy) onion service, correctly detect replays in the RSA- + encrypted part of the cell. We were previously checking for + replays on the entire cell, but those can be circumvented due to + the malleability of Tor's legacy hybrid encryption. This fix helps + prevent a traffic confirmation attack. Fixes bug 24244; bugfix on + 0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009 + and CVE-2017-8819. + + o Major bugfixes (security, relay, backport from 0.3.2.6-alpha): + - When running as a relay, make sure that we never build a path + through ourselves, even in the case where we have somehow lost the + version of our descriptor appearing in the consensus. Fixes part + of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked + as TROVE-2017-012 and CVE-2017-8822. + + o Minor features (bridge, backport from 0.3.1.9): + - Bridges now include notice in their descriptors that they are + bridges, and notice of their distribution status, based on their + publication settings. Implements ticket 18329. For more fine- + grained control of how a bridge is distributed, upgrade to 0.3.2.x + or later. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + +Changes in version 0.3.2.5-alpha - 2017-11-22 + Tor 0.3.2.5-alpha is the fifth alpha release in the 0.3.2.x series. It + fixes several stability and reliability bugs, including a fix for + intermittent bootstrapping failures that some people have been seeing + since the 0.3.0.x series. + + Please test this alpha out -- many of these fixes will soon be + backported to stable Tor versions if no additional bugs are found + in them. + + o Major bugfixes (bootstrapping): + - Fetch descriptors aggressively whenever we lack enough to build + circuits, regardless of how many descriptors we are missing. + Previously, we would delay launching the fetch when we had fewer + than 15 missing descriptors, even if some of those descriptors + were blocking circuits from building. Fixes bug 23985; bugfix on + 0.1.1.11-alpha. The effects of this bug became worse in + 0.3.0.3-alpha, when we began treating missing descriptors from our + primary guards as a reason to delay circuits. + - Don't try fetching microdescriptors from relays that have failed + to deliver them in the past. Fixes bug 23817; bugfix + on 0.3.0.1-alpha. + + o Minor features (directory authority): + - Make the "Exit" flag assignment only depend on whether the exit + policy allows connections to ports 80 and 443. Previously relays + would get the Exit flag if they allowed connections to one of + these ports and also port 6667. Resolves ticket 23637. + + o Minor features (geoip): + - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2 + Country database. + + o Minor features (linux seccomp2 sandbox): + - Update the sandbox rules so that they should now work correctly + with Glibc 2.26. Closes ticket 24315. + + o Minor features (logging): + - Downgrade a pair of log messages that could occur when an exit's + resolver gave us an unusual (but not forbidden) response. Closes + ticket 24097. + - Improve the message we log when re-enabling circuit build timeouts + after having received a consensus. Closes ticket 20963. + + o Minor bugfixes (compilation): + - Fix a memory leak warning in one of the libevent-related + configuration tests that could occur when manually specifying + -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha. + Found and patched by Alex Xu. + - When detecting OpenSSL on Windows from our configure script, make + sure to try linking with the ws2_32 library. Fixes bug 23783; + bugfix on 0.3.2.2-alpha. + + o Minor bugfixes (control port, linux seccomp2 sandbox): + - Avoid a crash when attempting to use the seccomp2 sandbox together + with the OwningControllerProcess feature. Fixes bug 24198; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (control port, onion services): + - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the + HS_DESC event when a service is not able to upload a descriptor. + Fixes bug 24230; bugfix on 0.2.7.1-alpha. + + o Minor bugfixes (directory cache): + - Recover better from empty or corrupt files in the consensus cache + directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha. + - When a consensus diff calculation is only partially successful, + only record the successful parts as having succeeded. Partial + success can happen if (for example) one compression method fails + but the others succeed. Previously we misrecorded all the + calculations as having succeeded, which would later cause a + nonfatal assertion failure. Fixes bug 24086; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (logging): + - Only log once if we notice that KIST support is gone. Fixes bug + 24158; bugfix on 0.3.2.1-alpha. + - Suppress a log notice when relay descriptors arrive. We already + have a bootstrap progress for this so no need to log notice + everytime tor receives relay descriptors. Microdescriptors behave + the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (network layer): + - When closing a connection via close_connection_immediately(), we + mark it as "not blocked on bandwidth", to prevent later calls from + trying to unblock it, and give it permission to read. This fixes a + backtrace warning that can happen on relays under various + circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc. + + o Minor bugfixes (onion services): + - The introduction circuit was being timed out too quickly while + waiting for the rendezvous circuit to complete. Keep the intro + circuit around longer instead of timing out and reopening new ones + constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha. + - Rename the consensus parameter "hsdir-interval" to "hsdir_interval" + so it matches dir-spec.txt. Fixes bug 24262; bugfix + on 0.3.1.1-alpha. + - Silence a warning about failed v3 onion descriptor uploads that + can happen naturally under certain edge cases. Fixes part of bug + 23662; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (tests): + - Fix a memory leak in one of the bridge-distribution test cases. + Fixes bug 24345; bugfix on 0.3.2.3-alpha. + - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(), + to correctly handle cases where a caller gives it an RSA key of + under 160 bits. (This is not actually a bug in Tor itself, but + rather in our fuzzing code.) Fixes bug 24247; bugfix on + 0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177. + + o Documentation: + - Add notes in man page regarding OS support for the various + scheduler types. Attempt to use less jargon in the scheduler + section. Closes ticket 24254. + + +Changes in version 0.3.2.4-alpha - 2017-11-08 + Tor 0.3.2.4-alpha is the fourth alpha release in the 0.3.2.x series. + It fixes several stability and reliability bugs, especially including + a major reliability issue that has been plaguing fast exit relays in + recent months. + + o Major bugfixes (exit relays, DNS): + - Fix an issue causing DNS to fail on high-bandwidth exit nodes, + making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on + 0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for + identifying and finding a workaround to this bug and to Moritz, + Arthur Edelstein, and Roger for helping to track it down and + analyze it. + + o Major bugfixes (scheduler, channel): + - Stop processing scheduled channels if they closed while flushing + cells. This can happen if the write on the connection fails + leading to the channel being closed while in the scheduler loop. + Fixes bug 23751; bugfix on 0.3.2.1-alpha. + + o Minor features (logging, scheduler): + - Introduce a SCHED_BUG() function to log extra information about + the scheduler state if we ever catch a bug in the scheduler. + Closes ticket 23753. + + o Minor features (removed deprecations): + - The ClientDNSRejectInternalAddresses flag can once again be set in + non-testing Tor networks, so long as they do not use the default + directory authorities. This change also removes the deprecation of + this flag from 0.2.9.2-alpha. Closes ticket 21031. + + o Minor features (testing): + - Our fuzzing tests now test the encrypted portions of v3 onion + service descriptors. Implements more of 21509. + + o Minor bugfixes (directory client): + - On failure to download directory information, delay retry attempts + by a random amount based on the "decorrelated jitter" algorithm. + Our previous delay algorithm tended to produce extra-long delays + too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (IPv6, v3 single onion services): + - Remove buggy code for IPv6-only v3 single onion services, and + reject attempts to configure them. This release supports IPv4, + dual-stack, and IPv6-only v3 onion services; and IPv4 and dual- + stack v3 single onion services. Fixes bug 23820; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (logging, relay): + - Give only a protocol warning when the ed25519 key is not + consistent between the descriptor and microdescriptor of a relay. + This can happen, for instance, if the relay has been flagged + NoEdConsensus. Fixes bug 24025; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (manpage, onion service): + - Document that the HiddenServiceNumIntroductionPoints option is + 0-10 for v2 services and 0-20 for v3 services. Fixes bug 24115; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (memory leaks): + - Fix a minor memory leak at exit in the KIST scheduler. This bug + should have no user-visible impact. Fixes bug 23774; bugfix + on 0.3.2.1-alpha. + - Fix a memory leak when decrypting a badly formatted v3 onion + service descriptor. Fixes bug 24150; bugfix on 0.3.2.1-alpha. + Found by OSS-Fuzz; this is OSS-Fuzz issue 3994. + + o Minor bugfixes (onion services): + - Cache some needed onion service client information instead of + constantly computing it over and over again. Fixes bug 23623; + bugfix on 0.3.2.1-alpha. + - Properly retry HSv3 descriptor fetches when missing required + directory information. Fixes bug 23762; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (path selection): + - When selecting relays by bandwidth, avoid a rounding error that + could sometimes cause load to be imbalanced incorrectly. + Previously, we would always round upwards; now, we round towards + the nearest integer. This had the biggest effect when a relay's + weight adjustments should have given it weight 0, but it got + weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha. + - When calculating the fraction of nodes that have descriptors, and + all nodes in the network have zero bandwidths, count the number of + nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha. + - Actually log the total bandwidth in compute_weighted_bandwidths(). + Fixes bug 24170; bugfix on 0.2.4.3-alpha. + + o Minor bugfixes (relay, crash): + - Avoid a crash when transitioning from client mode to bridge mode. + Previously, we would launch the worker threads whenever our + "public server" mode changed, but not when our "server" mode + changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha. + + o Minor bugfixes (testing): + - Fix a spurious fuzzing-only use of an uninitialized value. Found + by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha. + - Test that IPv6-only clients can use microdescriptors when running + "make test-network-all". Requires chutney master 61c28b9 or later. + Closes ticket 24109. + + +Changes in version 0.3.2.3-alpha - 2017-10-27 + Tor 0.3.2.3-alpha is the third release in the 0.3.2 series. It fixes + numerous small bugs in earlier versions of 0.3.2.x, and adds a new + directory authority, Bastet. + + o Directory authority changes: + - Add "Bastet" as a ninth directory authority to the default list. + Closes ticket 23910. + - The directory authority "Longclaw" has changed its IP address. + Closes ticket 23592. + + o Minor features (bridge): + - Bridge relays can now set the BridgeDistribution config option to + add a "bridge-distribution-request" line to their bridge + descriptor, which tells BridgeDB how they'd like their bridge + address to be given out. (Note that as of Oct 2017, BridgeDB does + not yet implement this feature.) As a side benefit, this feature + provides a way to distinguish bridge descriptors from non-bridge + descriptors. Implements tickets 18329. + + o Minor features (client, entry guards): + - Improve log messages when missing descriptors for primary guards. + Resolves ticket 23670. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (bridge): + - Overwrite the bridge address earlier in the process of retrieving + its descriptor, to make sure we reach it on the configured + address. Fixes bug 20532; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (documentation): + - Document better how to read gcov, and what our gcov postprocessing + scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (entry guards): + - Tor now updates its guard state when it reads a consensus + regardless of whether it's missing descriptors. That makes tor use + its primary guards to fetch descriptors in some edge cases where + it would previously have used fallback directories. Fixes bug + 23862; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (hidden service client): + - When handling multiple SOCKS request for the same .onion address, + only fetch the service descriptor once. + - When a descriptor fetch fails with a non-recoverable error, close + all pending SOCKS requests for that .onion. Fixes bug 23653; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (hidden service): + - Always regenerate missing hidden service public key files. Prior + to this, if the public key was deleted from disk, it wouldn't get + recreated. Fixes bug 23748; bugfix on 0.3.2.2-alpha. Patch + from "cathugger". + - Make sure that we have a usable ed25519 key when the intro point + relay supports ed25519 link authentication. Fixes bug 24002; + bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (hidden service, v2): + - When reloading configured hidden services, copy all information + from the old service object. Previously, some data was omitted, + causing delays in descriptor upload, and other bugs. Fixes bug + 23790; bugfix on 0.2.1.9-alpha. + + o Minor bugfixes (memory safety, defensive programming): + - Clear the target address when node_get_prim_orport() returns + early. Fixes bug 23874; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (relay): + - Avoid a BUG warning when receiving a dubious CREATE cell while an + option transition is in progress. Fixes bug 23952; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (testing): + - Adjust the GitLab CI configuration to more closely match that of + Travis CI. Fixes bug 23757; bugfix on 0.3.2.2-alpha. + - Prevent scripts/test/coverage from attempting to move gcov output + to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha. + - When running unit tests as root, skip a test that would fail + because it expects a permissions error. This affects some + continuous integration setups. Fixes bug 23758; bugfix + on 0.3.2.2-alpha. + - Stop unconditionally mirroring the tor repository in GitLab CI. + This prevented developers from enabling GitLab CI on master. Fixes + bug 23755; bugfix on 0.3.2.2-alpha. + - Fix the hidden service v3 descriptor decoding fuzzing to use the + latest decoding API correctly. Fixes bug 21509; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (warnings): + - When we get an HTTP request on a SOCKS port, tell the user about + the new HTTPTunnelPort option. Previously, we would give a "Tor is + not an HTTP Proxy" message, which stopped being true when + HTTPTunnelPort was introduced. Fixes bug 23678; bugfix + on 0.3.2.1-alpha. + + +Changes in version 0.2.5.15 - 2017-10-25 + Tor 0.2.5.15 backports a collection of bugfixes from later Tor release + series. It also adds a new directory authority, Bastet. + + Note: the Tor 0.2.5 series will no longer be supported after 1 May + 2018. If you need a release with long-term support, please upgrade to + the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later. + + o Directory authority changes: + - Add "Bastet" as a ninth directory authority to the default list. + Closes ticket 23910. + - The directory authority "Longclaw" has changed its IP address. + Closes ticket 23592. + + o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xx" differs from what we had expected. Fixes bug + 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha): + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes are + still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to make + sure that any other cell-handling bugs can't expose bytes to the + network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + o Build features (backport from 0.3.1.5-alpha): + - Tor's repository now includes a Travis Continuous Integration (CI) + configuration file (.travis.yml). This is meant to help new + developers and contributors who fork Tor to a Github repository be + better able to test their changes, and understand what we expect + to pass. To use this new build feature, you must fork Tor to your + Github account, then go into the "Integrations" menu in the + repository settings for your fork and enable Travis, then push + your changes. Closes ticket 22636. + + +Changes in version 0.2.8.16 - 2017-10-25 + Tor 0.2.8.16 backports a collection of bugfixes from later Tor release + series, including a bugfix for a crash issue that had affected relays + under memory pressure. It also adds a new directory authority, Bastet. + + Note: the Tor 0.2.8 series will no longer be supported after 1 Jan + 2018. If you need a release with long-term support, please stick with + the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later. + + o Directory authority changes: + - Add "Bastet" as a ninth directory authority to the default list. + Closes ticket 23910. + - The directory authority "Longclaw" has changed its IP address. + Closes ticket 23592. + + o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + + o Minor features (directory authorities, backport from 0.3.2.2-alpha): + - Remove longclaw's IPv6 address, as it will soon change. Authority + IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves + 3/8 directory authorities with IPv6 addresses, but there are also + 52 fallback directory mirrors with IPv6 addresses. Resolves 19760. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 + Country database. + + +Changes in version 0.2.9.13 - 2017-10-25 + Tor 0.2.9.13 backports a collection of bugfixes from later Tor release + series, including a bugfix for a crash issue that had affected relays + under memory pressure. It also adds a new directory authority, Bastet. + + o Directory authority changes: + - Add "Bastet" as a ninth directory authority to the default list. + Closes ticket 23910. + - The directory authority "Longclaw" has changed its IP address. + Closes ticket 23592. + + o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + + o Minor features (directory authorities, backport from 0.3.2.2-alpha): + - Remove longclaw's IPv6 address, as it will soon change. Authority + IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves + 3/8 directory authorities with IPv6 addresses, but there are also + 52 fallback directory mirrors with IPv6 addresses. Resolves 19760. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha): + - When a directory authority rejects a descriptor or extrainfo with + a given digest, mark that digest as undownloadable, so that we do + not attempt to download it again over and over. We previously + tried to avoid downloading such descriptors by other means, but we + didn't notice if we accidentally downloaded one anyway. This + behavior became problematic in 0.2.7.2-alpha, when authorities + began pinning Ed25519 keys. Fixes bug 22349; bugfix + on 0.2.1.19-alpha. + + o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha): + - Clear the address when node_get_prim_orport() returns early. + Fixes bug 23874; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (Windows service, backport from 0.3.1.6-rc): + - When running as a Windows service, set the ID of the main thread + correctly. Failure to do so made us fail to send log messages to + the controller in 0.2.1.16-rc, slowed down controller event + delivery in 0.2.7.3-rc and later, and crash with an assertion + failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha. + Patch and diagnosis from "Vort". + + +Changes in version 0.3.0.12 - 2017-10-25 + Tor 0.3.0.12 backports a collection of bugfixes from later Tor release + series, including a bugfix for a crash issue that had affected relays + under memory pressure. It also adds a new directory authority, Bastet. + + Note: the Tor 0.3.0 series will no longer be supported after 26 Jan + 2018. If you need a release with long-term support, please stick with + the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later. + + o Directory authority changes: + - Add "Bastet" as a ninth directory authority to the default list. + Closes ticket 23910. + - The directory authority "Longclaw" has changed its IP address. + Closes ticket 23592. + + o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + + o Minor features (directory authorities, backport from 0.3.2.2-alpha): + - Remove longclaw's IPv6 address, as it will soon change. Authority + IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves + 3/8 directory authorities with IPv6 addresses, but there are also + 52 fallback directory mirrors with IPv6 addresses. Resolves 19760. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha): + - When a directory authority rejects a descriptor or extrainfo with + a given digest, mark that digest as undownloadable, so that we do + not attempt to download it again over and over. We previously + tried to avoid downloading such descriptors by other means, but we + didn't notice if we accidentally downloaded one anyway. This + behavior became problematic in 0.2.7.2-alpha, when authorities + began pinning Ed25519 keys. Fixes bug 22349; bugfix + on 0.2.1.19-alpha. + + o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha): + - Avoid a possible double close of a circuit by the intro point on + error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; + bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha): + - Clear the address when node_get_prim_orport() returns early. + Fixes bug 23874; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (Windows service, backport from 0.3.1.6-rc): + - When running as a Windows service, set the ID of the main thread + correctly. Failure to do so made us fail to send log messages to + the controller in 0.2.1.16-rc, slowed down controller event + delivery in 0.2.7.3-rc and later, and crash with an assertion + failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha. + Patch and diagnosis from "Vort". + + +Changes in version 0.3.1.8 - 2017-10-25 + Tor 0.3.1.8 is the second stable release in the 0.3.1 series. + It includes several bugfixes, including a bugfix for a crash issue + that had affected relays under memory pressure. It also adds + a new directory authority, Bastet. + + o Directory authority changes: + - Add "Bastet" as a ninth directory authority to the default list. + Closes ticket 23910. + - The directory authority "Longclaw" has changed its IP address. + Closes ticket 23592. + + o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + + o Minor features (directory authorities, backport from 0.3.2.2-alpha): + - Remove longclaw's IPv6 address, as it will soon change. Authority + IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves + 3/8 directory authorities with IPv6 addresses, but there are also + 52 fallback directory mirrors with IPv6 addresses. Resolves 19760. + + o Minor features (geoip): + - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation, backport from 0.3.2.2-alpha): + - Fix a compilation warning when building with zstd support on + 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found + and fixed by Andreas Stieger. + + o Minor bugfixes (compression, backport from 0.3.2.2-alpha): + - Handle a pathological case when decompressing Zstandard data when + the output buffer size is zero. Fixes bug 23551; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha): + - Remove the length limit on HTTP status lines that authorities can + send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc. + + o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha): + - Avoid a possible double close of a circuit by the intro point on + error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; + bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha): + - Clear the address when node_get_prim_orport() returns early. + Fixes bug 23874; bugfix on 0.2.8.2-alpha. + + o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha): + - Fix additional channelpadding unit test failures by using mocked + time instead of actual time for all tests. Fixes bug 23608; bugfix + on 0.3.1.1-alpha. + + +Changes in version 0.3.2.2-alpha - 2017-09-29 + Tor 0.3.2.2-alpha is the second release in the 0.3.2 series. This + release fixes several minor bugs in the new scheduler and next- + generation onion services; both features were newly added in the 0.3.2 + series. Other fixes in this alpha include several fixes for non-fatal + tracebacks which would appear in logs. + + With the aim to stabilise the 0.3.2 series by 15 December 2017, this + alpha does not contain any substantial new features. Minor features + include better testing and logging. + + The following comprises the complete list of changes included + in 0.3.2.2-alpha: + + o Major bugfixes (relay, crash, assertion failure): + - Fix a timing-based assertion failure that could occur when the + circuit out-of-memory handler freed a connection's output buffer. + Fixes bug 23690; bugfix on 0.2.6.1-alpha. + + o Major bugfixes (scheduler): + - If a channel is put into the scheduler's pending list, then it + starts closing, and then if the scheduler runs before it finishes + closing, the scheduler will get stuck trying to flush its cells + while the lower layers refuse to cooperate. Fix that race + condition by giving the scheduler an escape method. Fixes bug + 23676; bugfix on 0.3.2.1-alpha. + + o Minor features (build, compilation): + - The "check-changes" feature is now part of the "make check" tests; + we'll use it to try to prevent misformed changes files from + accumulating. Closes ticket 23564. + - Tor builds should now fail if there are any mismatches between the + C type representing a configuration variable and the C type the + data-driven parser uses to store a value there. Previously, we + needed to check these by hand, which sometimes led to mistakes. + Closes ticket 23643. + + o Minor features (directory authorities): + - Remove longclaw's IPv6 address, as it will soon change. Authority + IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves + 3/8 directory authorities with IPv6 addresses, but there are also + 52 fallback directory mirrors with IPv6 addresses. Resolves 19760. + + o Minor features (hidden service, circuit, logging): + - Improve logging of many callsite in the circuit subsystem to print + the circuit identifier(s). + - Log when we cleanup an intro point from a service so we know when + and for what reason it happened. Closes ticket 23604. + + o Minor features (logging): + - Log more circuit information whenever we are about to try to + package a relay cell on a circuit with a nonexistent n_chan. + Attempt to diagnose ticket 8185. + - Improve info-level log identification of particular circuits, to + help with debugging. Closes ticket 23645. + + o Minor features (relay): + - When choosing which circuits can be expired as unused, consider + circuits from clients even if those clients used regular CREATE + cells to make them; and do not consider circuits from relays even + if they were made with CREATE_FAST. Part of ticket 22805. + + o Minor features (robustness): + - Change several fatal assertions when flushing buffers into non- + fatal assertions, to prevent any recurrence of 23690. + + o Minor features (spec conformance, bridge, diagnostic): + - When handling the USERADDR command on an ExtOrPort, warn when the + transports provides a USERADDR with no port. In a future version, + USERADDR commands of this format may be rejected. Detects problems + related to ticket 23080. + + o Minor features (testing): + - Add a unit test to make sure that our own generated platform + string will be accepted by directory authorities. Closes + ticket 22109. + + o Minor bugfixes (bootstrapping): + - When warning about state file clock skew, report the correct + direction for the detected skew. Fixes bug 23606; bugfix + on 0.2.8.1-alpha. + - Avoid an assertion failure when logging a state file clock skew + very early in bootstrapping. Fixes bug 23607; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (build, compilation): + - Fix a compilation warning when building with zstd support on + 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found + and fixed by Andreas Stieger. + - When searching for OpenSSL, don't accept any OpenSSL library that + lacks TLSv1_1_method(): Tor doesn't build with those versions. + Additionally, look in /usr/local/opt/openssl, if it's present. + These changes together repair the default build on OSX systems + with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (compression): + - Handle a pathological case when decompressing Zstandard data when + the output buffer size is zero. Fixes bug 23551; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (documentation): + - Fix manpage to not refer to the obsolete (and misspelled) + UseEntryGuardsAsDirectoryGuards parameter in the description of + NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha. + + o Minor bugfixes (hidden service v3): + - Don't log an assertion failure when we can't find the right + information to extend to an introduction point. In rare cases, + this could happen, causing a warning, even though tor would + recover gracefully. Fixes bug 23159; bugfix on 0.3.2.1-alpha. + - Pad RENDEZVOUS cell up to the size of the legacy cell which is + much bigger so the rendezvous point can't distinguish which hidden + service protocol is being used. Fixes bug 23420; bugfix + on 0.3.2.1-alpha. + + o Minor bugfixes (hidden service, relay): + - Avoid a possible double close of a circuit by the intro point on + error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610; + bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (logging, relay shutdown, annoyance): + - When a circuit is marked for close, do not attempt to package any + cells for channels on that circuit. Previously, we would detect + this condition lower in the call stack, when we noticed that the + circuit had no attached channel, and log an annoying message. + Fixes bug 8185; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (scheduler): + - When switching schedulers due to a consensus change, we didn't + give the new scheduler a chance to react to the consensus. Fix + that. Fixes bug 23537; bugfix on 0.3.2.1-alpha. + - Make the KISTSchedRunInterval option a non negative value. With + this, the way to disable KIST through the consensus is to set it + to 0. Fixes bug 23539; bugfix on 0.3.2.1-alpha. + - Only notice log the selected scheduler when we switch scheduler + types. Fixes bug 23552; bugfix on 0.3.2.1-alpha. + - Avoid a compilation warning on macOS in scheduler_ev_add() caused + by a different tv_usec data type. Fixes bug 23575; bugfix + on 0.3.2.1-alpha. + - Make a hard exit if tor is unable to pick a scheduler which can + happen if the user specifies a scheduler type that is not + supported and not other types in Schedulers. Fixes bug 23581; + bugfix on 0.3.2.1-alpha. + - Properly initialize the scheduler last run time counter so it is + not 0 at the first tick. Fixes bug 23696; bugfix on 0.3.2.1-alpha. + + o Minor bugfixes (testing): + - Capture and detect several "Result does not fit" warnings in unit + tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix + on 0.2.9.3-alpha. + - Fix additional channelpadding unit test failures by using mocked + time instead of actual time for all tests. Fixes bug 23608; bugfix + on 0.3.1.1-alpha. + - The removal of some old scheduler options caused some tests to + fail on BSD systems. Assume current behavior is correct and make + the tests pass again. Fixes bug 23566; bugfix on 0.3.2.1-alpha. + + o Code simplification and refactoring: + - Remove various ways of testing circuits and connections for + "clientness"; instead, favor channel_is_client(). Part of + ticket 22805. + + o Deprecated features: + - The ReachableDirAddresses and ClientPreferIPv6DirPort options are + now deprecated; they do not apply to relays, and they have had no + effect on clients since 0.2.8.x. Closes ticket 19704. + + o Documentation: + - HiddenServiceVersion man page entry wasn't mentioning the now + supported version 3. Fixes ticket 23580; bugfix on 0.3.2.1-alpha. + - Clarify that the Address option is entirely about setting an + advertised IPv4 address. Closes ticket 18891. + - Clarify the manpage's use of the term "address" to clarify what + kind of address is intended. Closes ticket 21405. + - Document that onion service subdomains are allowed, and ignored. + Closes ticket 18736. + + +Changes in version 0.3.2.1-alpha - 2017-09-18 + Tor 0.3.2.1-alpha is the first release in the 0.3.2.x series. It + includes support for our next-generation ("v3") onion service + protocol, and adds a new circuit scheduler for more responsive + forwarding decisions from relays. There are also numerous other small + features and bugfixes here. + + Below are the changes since Tor 0.3.1.7. + + o Major feature (scheduler, channel): + - Tor now uses new schedulers to decide which circuits should + deliver cells first, in order to improve congestion at relays. The + first type is called "KIST" ("Kernel Informed Socket Transport"), + and is only available on Linux-like systems: it uses feedback from + the kernel to prevent the kernel's TCP buffers from growing too + full. The second new scheduler type is called "KISTLite": it + behaves the same as KIST, but runs on systems without kernel + support for inspecting TCP implementation details. The old + scheduler is still available, under the name "Vanilla". To change + the default scheduler preference order, use the new "Schedulers" + option. (The default preference order is "KIST,KISTLite,Vanilla".) + + Matt Traudt implemented KIST, based on research by Rob Jansen, + John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For + more information, see the design paper at + http://www.robgjansen.com/publications/kist-sec2014.pdf and the + followup implementation paper at https://arxiv.org/abs/1709.01044. + Closes ticket 12541. + + o Major features (next-generation onion services): + - Tor now supports the next-generation onion services protocol for + clients and services! As part of this release, the core of + proposal 224 has been implemented and is available for + experimentation and testing by our users. This newer version of + onion services ("v3") features many improvements over the legacy + system, including: + + a) Better crypto (replaced SHA1/DH/RSA1024 + with SHA3/ed25519/curve25519) + + b) Improved directory protocol, leaking much less information to + directory servers. + + c) Improved directory protocol, with smaller surface for + targeted attacks. + + d) Better onion address security against impersonation. + + e) More extensible introduction/rendezvous protocol. + + f) A cleaner and more modular codebase. + + You can identify a next-generation onion address by its length: + they are 56 characters long, as in + "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion". + + In the future, we will release more options and features for v3 + onion services, but we first need a testing period, so that the + current codebase matures and becomes more robust. Planned features + include: offline keys, advanced client authorization, improved + guard algorithms, and statistics. For full details, see + proposal 224. + + Legacy ("v2") onion services will still work for the foreseeable + future, and will remain the default until this new codebase gets + tested and hardened. Service operators who want to experiment with + the new system can use the 'HiddenServiceVersion 3' torrc + directive along with the regular onion service configuration + options. We will publish a blog post about this new feature + soon! Enjoy! + + o Major bugfixes (usability, control port): + - Report trusted clock skew indications as bootstrap errors, so + controllers can more easily alert users when their clocks are + wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha. + + o Minor features (bug detection): + - Log a warning message with a stack trace for any attempt to call + get_options() during option validation. This pattern has caused + subtle bugs in the past. Closes ticket 22281. + + o Minor features (client): + - You can now use Tor as a tunneled HTTP proxy: use the new + HTTPTunnelPort option to open a port that accepts HTTP CONNECT + requests. Closes ticket 22407. + - Add an extra check to make sure that we always use the newer guard + selection code for picking our guards. Closes ticket 22779. + - When downloading (micro)descriptors, don't split the list into + multiple requests unless we want at least 32 descriptors. + Previously, we split at 4, not 32, which led to significant + overhead in HTTP request size and degradation in compression + performance. Closes ticket 23220. + + o Minor features (command line): + - Add a new commandline option, --key-expiration, which prints when + the current signing key is going to expire. Implements ticket + 17639; patch by Isis Lovecruft. + + o Minor features (control port): + - If an application tries to use the control port as an HTTP proxy, + respond with a meaningful "This is the Tor control port" message, + and log the event. Closes ticket 1667. Patch from Ravi + Chandra Padmala. + - Provide better error message for GETINFO desc/(id|name) when not + fetching router descriptors. Closes ticket 5847. Patch by + Kevin Butler. + - Add GETINFO "{desc,md}/download-enabled", to inform the controller + whether Tor will try to download router descriptors and + microdescriptors respectively. Closes ticket 22684. + - Added new GETINFO targets "ip-to-country/{ipv4,ipv6}-available", + so controllers can tell whether the geoip databases are loaded. + Closes ticket 23237. + - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth + events. Closes ticket 19254. Patch by "DonnchaC". + + o Minor features (development support): + - Developers can now generate a call-graph for Tor using the + "calltool" python program, which post-processes object dumps. It + should work okay on many Linux and OSX platforms, and might work + elsewhere too. To run it, install calltool from + https://gitweb.torproject.org/user/nickm/calltool.git and run + "make callgraph". Closes ticket 19307. + + o Minor features (ed25519): + - Add validation function to checks for torsion components in + ed25519 public keys, used by prop224 client-side code. Closes + ticket 22006. Math help by Ian Goldberg. + + o Minor features (exit relay, DNS): + - Improve the clarity and safety of the log message from evdns when + receiving an apparently spoofed DNS reply. Closes ticket 3056. + + o Minor features (integration, hardening): + - Add a new NoExec option to prevent Tor from running other + programs. When this option is set to 1, Tor will never try to run + another program, regardless of the settings of + PortForwardingHelper, ClientTransportPlugin, or + ServerTransportPlugin. Once NoExec is set, it cannot be disabled + without restarting Tor. Closes ticket 22976. + + o Minor features (logging): + - Improve the warning message for specifying a relay by nickname. + The previous message implied that nickname registration was still + part of the Tor network design, which it isn't. Closes + ticket 20488. + - If the sandbox filter fails to load, suggest to the user that + their kernel might not support seccomp2. Closes ticket 23090. + + o Minor features (portability): + - Check at configure time whether uint8_t is the same type as + unsigned char. Lots of existing code already makes this + assumption, and there could be strict aliasing issues if the + assumption is violated. Closes ticket 22410. + + o Minor features (relay, configuration): + - Reject attempts to use relative file paths when RunAsDaemon is + set. Previously, Tor would accept these, but the directory- + changing step of RunAsDaemon would give strange and/or confusing + results. Closes ticket 22731. + + o Minor features (startup, safety): + - When configured to write a PID file, Tor now exits if it is unable + to do so. Previously, it would warn and continue. Closes + ticket 20119. + + o Minor features (static analysis): + - The BUG() macro has been changed slightly so that Coverity no + longer complains about dead code if the bug is impossible. Closes + ticket 23054. + + o Minor features (testing): + - The default chutney network tests now include tests for the v3 + hidden service design. Make sure you have the latest version of + chutney if you want to run these. Closes ticket 22437. + - Add a unit test to verify that we can parse a hardcoded v2 hidden + service descriptor. Closes ticket 15554. + + o Minor bugfixes (certificate handling): + - Fix a time handling bug in Tor certificates set to expire after + the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by + Coverity as CID 1415728. + + o Minor bugfixes (client, usability): + - Refrain from needlessly rejecting SOCKS5-with-hostnames and + SOCKS4a requests that contain IP address strings, even when + SafeSocks in enabled, as this prevents user from connecting to + known IP addresses without relying on DNS for resolving. SafeSocks + still rejects SOCKS connections that connect to IP addresses when + those addresses are _not_ encoded as hostnames. Fixes bug 22461; + bugfix on Tor 0.2.6.2-alpha. + + o Minor bugfixes (code correctness): + - Call htons() in extend_cell_format() for encoding a 16-bit value. + Previously we used ntohs(), which happens to behave the same on + all the platforms we support, but which isn't really correct. + Fixes bug 23106; bugfix on 0.2.4.8-alpha. + - For defense-in-depth, make the controller's write_escaped_data() + function robust to extremely long inputs. Fixes bug 19281; bugfix + on 0.1.1.1-alpha. Reported by Guido Vranken. + + o Minor bugfixes (compilation): + - Fix unused-variable warnings in donna's Curve25519 SSE2 code. + Fixes bug 22895; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (consensus expiry): + - Check for adequate directory information correctly. Previously, Tor + would reconsider whether it had sufficient directory information + every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha. + + o Minor bugfixes (directory protocol): + - Directory servers now include a "Date:" http header for response + codes other than 200. Clients starting with a skewed clock and a + recent consensus were getting "304 Not modified" responses from + directory authorities, so without the Date header, the client + would never hear about a wrong clock. Fixes bug 23499; bugfix + on 0.0.8rc1. + - Make clients wait for 6 seconds before trying to download a + consensus from an authority. Fixes bug 17750; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (DoS-resistance): + - If future code asks if there are any running bridges, without + checking if bridges are enabled, log a BUG warning rather than + crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (format strictness): + - Restrict several data formats to decimal. Previously, the + BuildTimeHistogram entries in the state file, the "bw=" entries in + the bandwidth authority file, and the process IDs passed to the + __OwningControllerProcess option could all be specified in hex or + octal as well as in decimal. This was not an intentional feature. + Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha, + and 0.2.2.28-beta. + + o Minor bugfixes (heartbeat): + - If we fail to write a heartbeat message, schedule a retry for the + minimum heartbeat interval number of seconds in the future. Fixes + bug 19476; bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, logging): + - Fix some messages on unexpected errors from the seccomp2 library. + Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks". + + o Minor bugfixes (logging): + - Remove duplicate log messages regarding opening non-local + SocksPorts upon parsing config and opening listeners at startup. + Fixes bug 4019; bugfix on 0.2.3.3-alpha. + - Use a more comprehensible log message when telling the user + they've excluded every running exit node. Fixes bug 7890; bugfix + on 0.2.2.25-alpha. + - When logging the number of descriptors we intend to download per + directory request, do not log a number higher than then the number + of descriptors we're fetching in total. Fixes bug 19648; bugfix + on 0.1.1.8-alpha. + - When warning about a directory owned by the wrong user, log the + actual name of the user owning the directory. Previously, we'd log + the name of the process owner twice. Fixes bug 23487; bugfix + on 0.2.9.1-alpha. + - The tor specification says hop counts are 1-based, so fix two log + messages that mistakenly logged 0-based hop counts. Fixes bug + 18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor. + Credit to Xiaofan Li for reporting this issue. + + o Minor bugfixes (portability): + - Stop using the PATH_MAX variable, which is not defined on GNU + Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (relay): + - When uploading our descriptor for the first time after startup, + report the reason for uploading as "Tor just started" rather than + leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha. + - Avoid unnecessary calls to directory_fetches_from_authorities() on + relays, to prevent spurious address resolutions and descriptor + rebuilds. This is a mitigation for bug 21789. Fixes bug 23470; + bugfix on in 0.2.8.1-alpha. + + o Minor bugfixes (tests): + - Fix a broken unit test for the OutboundAddress option: the parsing + function was never returning an error on failure. Fixes bug 23366; + bugfix on 0.3.0.3-alpha. + - Fix a signed-integer overflow in the unit tests for + dir/download_status_random_backoff, which was untriggered until we + fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (usability, control port): + - Stop making an unnecessary routerlist check in NETINFO clock skew + detection; this was preventing clients from reporting NETINFO clock + skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha. + + o Code simplification and refactoring: + - Extract the code for handling newly-open channels into a separate + function from the general code to handle channel state + transitions. This change simplifies our callgraph, reducing the + size of the largest strongly connected component by roughly a + factor of two. Closes ticket 22608. + - Remove dead code for largely unused statistics on the number of + times we've attempted various public key operations. Fixes bug + 19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft. + - Remove several now-obsolete functions for asking about old + variants directory authority status. Closes ticket 22311; patch + from "huyvq". + - Remove some of the code that once supported "Named" and "Unnamed" + routers. Authorities no longer vote for these flags. Closes + ticket 22215. + - Rename the obsolete malleable hybrid_encrypt functions used in TAP + and old hidden services, to indicate that they aren't suitable for + new protocols or formats. Closes ticket 23026. + - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket + 22521. Patch from Neel Chauhan. + - Split the enormous circuit_send_next_onion_skin() function into + multiple subfunctions. Closes ticket 22804. + - Split the portions of the buffer.c module that handle particular + protocols into separate modules. Part of ticket 23149. + - Use our test macros more consistently, to produce more useful + error messages when our unit tests fail. Add coccinelle patches to + allow us to re-check for test macro uses. Closes ticket 22497. + + o Deprecated features: + - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They + only applies to direct unencrypted HTTP connections to your + directory server, which your Tor probably isn't using. Closes + ticket 20575. + + o Documentation: + - Clarify in the manual that "Sandbox 1" is only supported on Linux + kernels. Closes ticket 22677. + - Document all values of PublishServerDescriptor in the manpage. + Closes ticket 15645. + - Improve the documentation for the directory port part of the + DirAuthority line. Closes ticket 20152. + - Restore documentation for the authorities' "approved-routers" + file. Closes ticket 21148. + + o Removed features: + - The AllowDotExit option has been removed as unsafe. It has been + deprecated since 0.2.9.2-alpha. Closes ticket 23426. + - The ClientDNSRejectInternalAddresses flag can no longer be set on + non-testing networks. It has been deprecated since 0.2.9.2-alpha. + Closes ticket 21031. + - The controller API no longer includes an AUTHDIR_NEWDESCS event: + nobody was using it any longer. Closes ticket 22377. + + +Changes in version 0.2.8.15 - 2017-09-18 + Tor 0.2.8.15 backports a collection of bugfixes from later + Tor series. + + Most significantly, it includes a fix for TROVE-2017-008, a + security bug that affects hidden services running with the + SafeLogging option disabled. For more information, see + https://trac.torproject.org/projects/tor/ticket/23490 + + Note that Tor 0.2.8.x will no longer be supported after 1 Jan + 2018. We suggest that you upgrade to the latest stable release if + possible. If you can't, we recommend that you upgrade at least to + 0.2.9, which will be supported until 2020. + + o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xx" differs from what we had expected. Fixes bug + 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007. + + o Minor features: + - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): + - Backport a fix for an "unused variable" warning that appeared + in some versions of mingw. Fixes bug 22838; bugfix on + 0.2.8.1-alpha. + + o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha): + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes are + still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to make + sure that any other cell-handling bugs can't expose bytes to the + network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + o Build features (backport from 0.3.1.5-alpha): + - Tor's repository now includes a Travis Continuous Integration (CI) + configuration file (.travis.yml). This is meant to help new + developers and contributors who fork Tor to a Github repository be + better able to test their changes, and understand what we expect + to pass. To use this new build feature, you must fork Tor to your + Github account, then go into the "Integrations" menu in the + repository settings for your fork and enable Travis, then push + your changes. Closes ticket 22636. + + +Changes in version 0.2.9.12 - 2017-09-18 + Tor 0.2.9.12 backports a collection of bugfixes from later + Tor series. + + Most significantly, it includes a fix for TROVE-2017-008, a + security bug that affects hidden services running with the + SafeLogging option disabled. For more information, see + https://trac.torproject.org/projects/tor/ticket/23490 + + o Major features (security, backport from 0.3.0.2-alpha): + - Change the algorithm used to decide DNS TTLs on client and server + side, to better resist DNS-based correlation attacks like the + DefecTor attack of Greschbach, Pulls, Roberts, Winter, and + Feamster. Now relays only return one of two possible DNS TTL + values, and clients are willing to believe DNS TTL values up to 3 + hours long. Closes ticket 19769. + + o Major bugfixes (crash, directory connections, backport from 0.3.0.5-rc): + - Fix a rare crash when sending a begin cell on a circuit whose + linked directory connection had already been closed. Fixes bug + 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett. + + o Major bugfixes (DNS, backport from 0.3.0.2-alpha): + - Fix a bug that prevented exit nodes from caching DNS records for + more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha. + + o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha): + - Fix a typo that had prevented TPROXY-based transparent proxying + from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + + o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xx" differs from what we had expected. Fixes bug + 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007. + + o Minor features (code style, backport from 0.3.1.3-alpha): + - Add "Falls through" comments to our codebase, in order to silence + GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas + Stieger. Closes ticket 22446. + + o Minor features (geoip): + - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (bandwidth accounting, backport from 0.3.1.1-alpha): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. + + o Minor bugfixes (compilation, backport from 0.3.1.5-alpha): + - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; + bugfix on 0.2.8.1-alpha. + - Fix warnings when building with libscrypt and openssl scrypt support + on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. + - When building with certain versions the mingw C header files, avoid + float-conversion warnings when calling the C functions isfinite(), + isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, backport from 0.3.1.7): + - Avoid compiler warnings in the unit tests for running tor_sscanf() + with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): + - Backport a fix for an "unused variable" warning that appeared + in some versions of mingw. Fixes bug 22838; bugfix on + 0.2.8.1-alpha. + + o Minor bugfixes (controller, backport from 0.3.1.7): + - Do not crash when receiving a HSPOST command with an empty body. + Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. + - Do not crash when receiving a POSTDESCRIPTOR command with an + empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha): + - Avoid Coverity build warnings related to our BUG() macro. By + default, Coverity treats BUG() as the Linux kernel does: an + instant abort(). We need to override that so our BUG() macro + doesn't prevent Coverity from analyzing functions that use it. + Fixes bug 23030; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha): + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes are + still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to make + sure that any other cell-handling bugs can't expose bytes to the + network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha): + - When setting the maximum number of connections allowed by the OS, + always allow some extra file descriptors for other files. Fixes + bug 22797; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha): + - Avoid a sandbox failure when trying to re-bind to a socket and + mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of + permissions on the data directory or its contents. Fixes bug + 22516; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (relay, backport from 0.3.0.5-rc): + - Avoid a double-marked-circuit warning that could happen when we + receive DESTROY cells under heavy load. Fixes bug 20059; bugfix + on 0.1.0.1-rc. + + o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha): + - Reject version numbers with non-numeric prefixes (such as +, -, or + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. Fixes bug 21507 + and part of 21508; bugfix on 0.0.8pre1. + + o Build features (backport from 0.3.1.5-alpha): + - Tor's repository now includes a Travis Continuous Integration (CI) + configuration file (.travis.yml). This is meant to help new + developers and contributors who fork Tor to a Github repository be + better able to test their changes, and understand what we expect + to pass. To use this new build feature, you must fork Tor to your + Github account, then go into the "Integrations" menu in the + repository settings for your fork and enable Travis, then push + your changes. Closes ticket 22636. + + +Changes in version 0.3.0.11 - 2017-09-18 + Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1 + series. + + Most significantly, it includes a fix for TROVE-2017-008, a + security bug that affects hidden services running with the + SafeLogging option disabled. For more information, see + https://trac.torproject.org/projects/tor/ticket/23490 + + o Minor features (code style, backport from 0.3.1.7): + - Add "Falls through" comments to our codebase, in order to silence + GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas + Stieger. Closes ticket 22446. + + o Minor features: + - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation, backport from 0.3.1.7): + - Avoid compiler warnings in the unit tests for calling tor_sscanf() + with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (controller, backport from 0.3.1.7): + - Do not crash when receiving a HSPOST command with an empty body. + Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. + - Do not crash when receiving a POSTDESCRIPTOR command with an empty + body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha): + - When setting the maximum number of connections allowed by the OS, + always allow some extra file descriptors for other files. Fixes + bug 22797; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc): + - Remove a forgotten debugging message when an introduction point + successfully establishes a hidden service prop224 circuit with + a client. + - Change three other log_warn() for an introduction point to + protocol warnings, because they can be failure from the network + and are not relevant to the operator. Fixes bug 23078; bugfix on + 0.3.0.1-alpha and 0.3.0.2-alpha. + + +Changes in version 0.3.1.7 - 2017-09-18 + Tor 0.3.1.7 is the first stable release in the 0.3.1 series. + + With the 0.3.1 series, Tor now serves and downloads directory + information in more compact formats, to save on bandwidth overhead. It + also contains a new padding system to resist netflow-based traffic + analysis, and experimental support for building parts of Tor in Rust + (though no parts of Tor are in Rust yet). There are also numerous + small features, bugfixes on earlier release series, and groundwork for + the hidden services revamp of 0.3.2. + + This release also includes a fix for TROVE-2017-008, a security bug + that affects hidden services running with the SafeLogging option + disabled. For more information, see + https://trac.torproject.org/projects/tor/ticket/23490 + + Per our stable release policy, we plan to support each stable release + series for at least the next nine months, or for three months after + the first stable release of the next series: whichever is longer. If + you need a release with long-term support, we recommend that you stay + with the 0.2.9 series. + + Below is a list of the changes since 0.3.1.6-rc. For a list of all + changes since 0.3.0, see the ReleaseNotes file. + + o Major bugfixes (security, hidden services, loggging): + - Fix a bug where we could log uninitialized stack when a certain + hidden service error occurred while SafeLogging was disabled. + Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as + TROVE-2017-008 and CVE-2017-0380. + + o Minor features (defensive programming): + - Create a pair of consensus parameters, nf_pad_tor2web and + nf_pad_single_onion, to disable netflow padding in the consensus + for non-anonymous connections in case the overhead is high. Closes + ticket 17857. + + o Minor features (diagnostic): + - Add a stack trace to the bug warnings that can be logged when + trying to send an outgoing relay cell with n_chan == 0. Diagnostic + attempt for bug 23105. + + o Minor features (geoip): + - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation): + - Avoid compiler warnings in the unit tests for calling tor_sscanf() + with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha. + + o Minor bugfixes (controller): + - Do not crash when receiving a HSPOST command with an empty body. + Fixes part of bug 22644; bugfix on 0.2.7.1-alpha. + - Do not crash when receiving a POSTDESCRIPTOR command with an empty + body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha. + + o Minor bugfixes (relay): + - Inform the geoip and rephist modules about all requests, even on + relays that are only fetching microdescriptors. Fixes a bug + related to 21585; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (unit tests): + - Fix a channelpadding unit test failure on slow systems by using + mocked time instead of actual time. Fixes bug 23077; bugfix + on 0.3.1.1-alpha. + + +Changes in version 0.3.1.6-rc - 2017-09-05 + Tor 0.3.1.6-rc fixes a few small bugs and annoyances in the 0.3.1 + release series, including a bug that produced weird behavior on + Windows directory caches. + + This is the first release candidate in the Tor 0.3.1 series. If we + find no new bugs or regressions here, the first stable 0.3.1 release + will be nearly identical to it. + + o Major bugfixes (windows, directory cache): + - On Windows, do not try to delete cached consensus documents and + diffs before they are unmapped from memory--Windows won't allow + that. Instead, allow the consensus cache directory to grow larger, + to hold files that might need to stay around longer. Fixes bug + 22752; bugfix on 0.3.1.1-alpha. + + o Minor features (directory authority): + - Improve the message that authorities report to relays that present + RSA/Ed25519 keypairs that conflict with previously pinned keys. + Closes ticket 22348. + + o Minor features (geoip): + - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2 + Country database. + + o Minor features (testing): + - Add more tests for compression backend initialization. Closes + ticket 22286. + + o Minor bugfixes (directory cache): + - Fix a memory leak when recovering space in the consensus cache. + Fixes bug 23139; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (hidden service): + - Increase the number of circuits that a service is allowed to + open over a specific period of time. The value was lower than it + should be (8 vs 12) in the normal case of 3 introduction points. + Fixes bug 22159; bugfix on 0.3.0.5-rc. + - Fix a BUG warning during HSv3 descriptor decoding that could be + cause by a specially crafted descriptor. Fixes bug 23233; bugfix + on 0.3.0.1-alpha. Bug found by "haxxpop". + - Rate-limit the log messages if we exceed the maximum number of + allowed intro circuits. Fixes bug 22159; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (logging, relay): + - Remove a forgotten debugging message when an introduction point + successfully establishes a hidden service prop224 circuit with + a client. + - Change three other log_warn() for an introduction point to + protocol warnings, because they can be failure from the network + and are not relevant to the operator. Fixes bug 23078; bugfix on + 0.3.0.1-alpha and 0.3.0.2-alpha. + + o Minor bugfixes (relay): + - When a relay is not running as a directory cache, it will no + longer generate compressed consensuses and consensus diff + information. Previously, this was a waste of disk and CPU. Fixes + bug 23275; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (robustness, error handling): + - Improve our handling of the cases where OpenSSL encounters a + memory error while encoding keys and certificates. We haven't + observed these errors in the wild, but if they do happen, we now + detect and respond better. Fixes bug 19418; bugfix on all versions + of Tor. Reported by Guido Vranken. + + o Minor bugfixes (stability): + - Avoid crashing on a double-free when unable to load or process an + included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha. Found + with the clang static analyzer. + + o Minor bugfixes (testing): + - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; + bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij. + - Port the hs_ntor handshake test to work correctly with recent + versions of the pysha3 module. Fixes bug 23071; bugfix + on 0.3.1.1-alpha. + + o Minor bugfixes (Windows service): + - When running as a Windows service, set the ID of the main thread + correctly. Failure to do so made us fail to send log messages to + the controller in 0.2.1.16-rc, slowed down controller event + delivery in 0.2.7.3-rc and later, and crash with an assertion + failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha. + Patch and diagnosis from "Vort". + + +Changes in version 0.3.0.10 - 2017-08-02 + Tor 0.3.0.10 backports a collection of small-to-medium bugfixes + from the current Tor alpha series. OpenBSD users and TPROXY users + should upgrade; others are probably okay sticking with 0.3.0.9. + + o Major features (build system, continuous integration, backport from 0.3.1.5-alpha): + - Tor's repository now includes a Travis Continuous Integration (CI) + configuration file (.travis.yml). This is meant to help new + developers and contributors who fork Tor to a Github repository be + better able to test their changes, and understand what we expect + to pass. To use this new build feature, you must fork Tor to your + Github account, then go into the "Integrations" menu in the + repository settings for your fork and enable Travis, then push + your changes. Closes ticket 22636. + + o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha): + - Fix a typo that had prevented TPROXY-based transparent proxying + from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + + o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xbar" differs from what we had expected. Fixes bug + 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007. + + o Minor features (backport from 0.3.1.5-alpha): + - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. + + o Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha): + - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915; + bugfix on 0.2.8.1-alpha. + - Fix warnings when building with libscrypt and openssl scrypt + support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. + - When building with certain versions of the mingw C header files, + avoid float-conversion warnings when calling the C functions + isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha): + - Backport a fix for an "unused variable" warning that appeared + in some versions of mingw. Fixes bug 22838; bugfix on + 0.2.8.1-alpha. + + o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha): + - Avoid Coverity build warnings related to our BUG() macro. By + default, Coverity treats BUG() as the Linux kernel does: an + instant abort(). We need to override that so our BUG() macro + doesn't prevent Coverity from analyzing functions that use it. + Fixes bug 23030; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (directory authority, backport from 0.3.1.1-alpha): + - When rejecting a router descriptor for running an obsolete version + of Tor without ntor support, warn about the obsolete tor version, + not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha): + - Avoid a sandbox failure when trying to re-bind to a socket and + mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (unit tests, backport from 0.3.1.5-alpha) + - Fix a memory leak in the link-handshake/certs_ok_ed25519 test. + Fixes bug 22803; bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.1.5-alpha - 2017-08-01 + Tor 0.3.1.5-alpha improves the performance of consensus diff + calculation, fixes a crash bug on older versions of OpenBSD, and fixes + several other bugs. If no serious bugs are found in this version, the + next version will be a release candidate. + + This release also marks the end of support for the Tor 0.2.4.x, + 0.2.6.x, and 0.2.7.x release series. Those releases will receive no + further bug or security fixes. Anyone still running or distributing + one of those versions should upgrade. + + o Major features (build system, continuous integration): + - Tor's repository now includes a Travis Continuous Integration (CI) + configuration file (.travis.yml). This is meant to help new + developers and contributors who fork Tor to a Github repository be + better able to test their changes, and understand what we expect + to pass. To use this new build feature, you must fork Tor to your + Github account, then go into the "Integrations" menu in the + repository settings for your fork and enable Travis, then push + your changes. Closes ticket 22636. + + o Major bugfixes (openbsd, denial-of-service): + - Avoid an assertion failure bug affecting our implementation of + inet_pton(AF_INET6) on certain OpenBSD systems whose strtol() + handling of "0xbar" differs from what we had expected. Fixes bug + 22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007. + + o Major bugfixes (relay, performance): + - Perform circuit handshake operations at a higher priority than we + use for consensus diff creation and compression. This should + prevent circuits from starving when a relay or bridge receives a + new consensus, especially on lower-powered machines. Fixes bug + 22883; bugfix on 0.3.1.1-alpha. + + o Minor features (bridge authority): + - Add "fingerprint" lines to the networkstatus-bridges file produced + by bridge authorities. Closes ticket 22207. + + o Minor features (directory cache, consensus diff): + - Add a new MaxConsensusAgeForDiffs option to allow directory cache + operators with low-resource environments to adjust the number of + consensuses they'll store and generate diffs from. Most cache + operators should leave it unchanged. Helps to work around + bug 22883. + + o Minor features (geoip): + - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2 + Country database. + + o Minor features (relay, performance): + - Always start relays with at least two worker threads, to prevent + priority inversion on slow tasks. Part of the fix for bug 22883. + - Allow background work to be queued with different priorities, so + that a big pile of slow low-priority jobs will not starve out + higher priority jobs. This lays the groundwork for a fix for + bug 22883. + + o Minor bugfixes (build system, rust): + - Fix a problem where Rust toolchains were not being found when + building without --enable-cargo-online-mode, due to setting the + $HOME environment variable instead of $CARGO_HOME. Fixes bug + 22830; bugfix on 0.3.1.1-alpha. Fix by Chelsea Komlo. + + o Minor bugfixes (compatibility, zstd): + - Write zstd epilogues correctly when the epilogue requires + reallocation of the output buffer, even with zstd 1.3.0. + (Previously, we worked on 1.2.0 and failed with 1.3.0). Fixes bug + 22927; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (compilation warnings): + - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug + 22915; bugfix on 0.2.8.1-alpha. + - Fix warnings when building with libscrypt and openssl scrypt + support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha. + - Compile correctly when both openssl 1.1.0 and libscrypt are + detected. Previously this would cause an error. Fixes bug 22892; + bugfix on 0.3.1.1-alpha. + - When building with certain versions of the mingw C header files, + avoid float-conversion warnings when calling the C functions + isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix + on 0.2.8.1-alpha. + + o Minor bugfixes (coverity build support): + - Avoid Coverity build warnings related to our BUG() macro. By + default, Coverity treats BUG() as the Linux kernel does: an + instant abort(). We need to override that so our BUG() macro + doesn't prevent Coverity from analyzing functions that use it. + Fixes bug 23030; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (directory authority): + - When a directory authority rejects a descriptor or extrainfo with + a given digest, mark that digest as undownloadable, so that we do + not attempt to download it again over and over. We previously + tried to avoid downloading such descriptors by other means, but we + didn't notice if we accidentally downloaded one anyway. This + behavior became problematic in 0.2.7.2-alpha, when authorities + began pinning Ed25519 keys. Fixes bug 22349; bugfix + on 0.2.1.19-alpha. + + o Minor bugfixes (error reporting, windows): + - When formatting Windows error messages, use the English format to + avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha. + Patch from "Vort". + + o Minor bugfixes (file limits, osx): + - When setting the maximum number of connections allowed by the OS, + always allow some extra file descriptors for other files. Fixes + bug 22797; bugfix on 0.2.0.10-alpha. + + o Minor bugfixes (linux seccomp2 sandbox): + - Avoid a sandbox failure when trying to re-bind to a socket and + mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha. + + o Minor bugfixes (memory leaks): + - Fix a small memory leak when validating a configuration that uses + two or more AF_UNIX sockets for the same port type. Fixes bug + 23053; bugfix on 0.2.6.3-alpha. This is CID 1415725. + + o Minor bugfixes (unit tests): + - test_consdiff_base64cmp would fail on OS X because while OS X + follows the standard of (less than zero/zero/greater than zero), + it doesn't follow the convention of (-1/0/+1). Make the test + comply with the standard. Fixes bug 22870; bugfix on 0.3.1.1-alpha. + - Fix a memory leak in the link-handshake/certs_ok_ed25519 test. + Fixes bug 22803; bugfix on 0.3.0.1-alpha. + + +Changes in version 0.3.1.4-alpha - 2017-06-29 + Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client + to use a guard that was in the same network family as a chosen exit + relay. This is a security regression; all clients running earlier + versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 + or 0.3.1.4-alpha. + + This release also fixes several other bugs introduced in 0.3.0.x + and 0.3.1.x, including others that can affect bandwidth usage + and correctness. + + o New dependencies: + - To build with zstd and lzma support, Tor now requires the + pkg-config tool at build time. (This requirement was new in + 0.3.1.1-alpha, but was not noted at the time. Noting it here to + close ticket 22623.) + + o Major bugfixes (path selection, security): + - When choosing which guard to use for a circuit, avoid the exit's + family along with the exit itself. Previously, the new guard + selection logic avoided the exit, but did not consider its family. + Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017- + 006 and CVE-2017-0377. + + o Major bugfixes (compression, zstd): + - Correctly detect a full buffer when decompressing a large zstd- + compressed input. Previously, we would sometimes treat a full + buffer as an error. Fixes bug 22628; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (directory protocol): + - Ensure that we send "304 Not modified" as HTTP status code when a + client is attempting to fetch a consensus or consensus diff, and + the best one we can send them is one they already have. Fixes bug + 22702; bugfix on 0.3.1.1-alpha. + + o Major bugfixes (entry guards): + - When starting with an old consensus, do not add new entry guards + unless the consensus is "reasonably live" (under 1 day old). Fixes + one root cause of bug 22400; bugfix on 0.3.0.1-alpha. + + o Minor features (bug mitigation, diagnostics, logging): + - Avoid an assertion failure, and log a better error message, when + unable to remove a file from the consensus cache on Windows. + Attempts to mitigate and diagnose bug 22752. + + o Minor features (geoip): + - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compression): + - When compressing or decompressing a buffer, check for a failure to + create a compression object. Fixes bug 22626; bugfix + on 0.3.1.1-alpha. + - When decompressing a buffer, check for extra data after the end of + the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha. + - When decompressing an object received over an anonymous directory + connection, if we have already decompressed it using an acceptable + compression method, do not reject it for looking like an + unacceptable compression method. Fixes part of bug 22670; bugfix + on 0.3.1.1-alpha. + - When serving directory votes compressed with zlib, do not claim to + have compressed them with zstd. Fixes bug 22669; bugfix + on 0.3.1.1-alpha. + - When spooling compressed data to an output buffer, don't try to + spool more data when there is no more data to spool and we are not + trying to flush the input. Previously, we would sometimes launch + compression requests with nothing to do, which interferes with our + 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha. + + o Minor bugfixes (defensive programming): + - Detect and break out of infinite loops in our compression code. We + don't think that any such loops exist now, but it's best to be + safe. Closes ticket 22672. + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes are + still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to make + sure that any other cell-handling bugs can't expose bytes to the + network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + o Minor bugfixes (linux seccomp2 sandbox): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of + permissions on the data directory or its contents. Fixes bug + 22516; bugfix on 0.2.5.4-alpha. + - Fix a crash in the LZMA module, when the sandbox was enabled, and + liblzma would allocate more than 16 MB of memory. We solve this by + bumping the mprotect() limit in the sandbox module from 16 MB to + 20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (logging): + - When decompressing, do not warn if we fail to decompress using a + compression method that we merely guessed. Fixes part of bug + 22670; bugfix on 0.1.1.14-alpha. + - When decompressing, treat mismatch between content-encoding and + actual compression type as a protocol warning. Fixes part of bug + 22670; bugfix on 0.1.1.9-alpha. + - Downgrade "assigned_to_cpuworker failed" message to info-level + severity. In every case that can reach it, either a better warning + has already been logged, or no warning is warranted. Fixes bug + 22356; bugfix on 0.2.6.3-alpha. + - Demote a warn that was caused by libevent delays to info if + netflow padding is less than 4.5 seconds late, or to notice + if it is more (4.5 seconds is the amount of time that a netflow + record might be emitted after, if we chose the maximum timeout). + Fixes bug 22212; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (process behavior): + - When exiting because of an error, always exit with a nonzero exit + status. Previously, we would fail to report an error in our exit + status in cases related to __OwningControllerProcess failure, + lockfile contention, and Ed25519 key initialization. Fixes bug + 22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and + 0.2.7.2-alpha respectively. Reported by "f55jwk4f"; patch + from "huyvq". + + o Documentation: + - Add a manpage description for the key-pinning-journal file. Closes + ticket 22347. + - Correctly note that bandwidth accounting values are stored in the + state file, and the bw_accounting file is now obsolete. Closes + ticket 16082. + - Document more of the files in the Tor data directory, including + cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats, + approved-routers, sr-random, and diff-cache. Found while fixing + ticket 22347. + + +Changes in version 0.3.0.9 - 2017-06-29 + Tor 0.3.0.9 fixes a path selection bug that would allow a client + to use a guard that was in the same network family as a chosen exit + relay. This is a security regression; all clients running earlier + versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or + 0.3.1.4-alpha. + + This release also backports several other bugfixes from the 0.3.1.x + series. + + o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha): + - When choosing which guard to use for a circuit, avoid the exit's + family along with the exit itself. Previously, the new guard + selection logic avoided the exit, but did not consider its family. + Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017- + 006 and CVE-2017-0377. + + o Major bugfixes (entry guards, backport from 0.3.1.1-alpha): + - Don't block bootstrapping when a primary bridge is offline and we + can't get its descriptor. Fixes bug 22325; fixes one case of bug + 21969; bugfix on 0.3.0.3-alpha. + + o Major bugfixes (entry guards, backport from 0.3.1.4-alpha): + - When starting with an old consensus, do not add new entry guards + unless the consensus is "reasonably live" (under 1 day old). Fixes + one root cause of bug 22400; bugfix on 0.3.0.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha): + - Reject version numbers with non-numeric prefixes (such as +, -, or + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. Fixes bug 21507 + and part of 21508; bugfix on 0.0.8pre1. + + o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha): + - Permit the fchmod system call, to avoid crashing on startup when + starting with the seccomp2 sandbox and an unexpected set of + permissions on the data directory or its contents. Fixes bug + 22516; bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha): + - Fix a memset() off the end of an array when packing cells. This + bug should be harmless in practice, since the corrupted bytes are + still in the same structure, and are always padding bytes, + ignored, or immediately overwritten, depending on compiler + behavior. Nevertheless, because the memset()'s purpose is to make + sure that any other cell-handling bugs can't expose bytes to the + network, we need to fix it. Fixes bug 22737; bugfix on + 0.2.4.11-alpha. Fixes CID 1401591. + + +Changes in version 0.3.1.3-alpha - 2017-06-08 + Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-004 and TROVE-2017-005. + + Tor 0.3.1.3-alpha also includes fixes for several key management bugs + that sometimes made relays unreliable, as well as several other + bugfixes described below. + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure when a hidden service + handles a malformed BEGIN cell. Fixes bug 22493, tracked as + TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Major bugfixes (relay, link handshake): + - When performing the v3 link handshake on a TLS connection, report + that we have the x509 certificate that we actually used on that + connection, even if we have changed certificates since that + connection was first opened. Previously, we would claim to have + used our most recent x509 link certificate, which would sometimes + make the link handshake fail. Fixes one case of bug 22460; bugfix + on 0.2.3.6-alpha. + + o Major bugfixes (relays, key management): + - Regenerate link and authentication certificates whenever the key + that signs them changes; also, regenerate link certificates + whenever the signed key changes. Previously, these processes were + only weakly coupled, and we relays could (for minutes to hours) + wind up with an inconsistent set of keys and certificates, which + other relays would not accept. Fixes two cases of bug 22460; + bugfix on 0.3.0.1-alpha. + - When sending an Ed25519 signing->link certificate in a CERTS cell, + send the certificate that matches the x509 certificate that we + used on the TLS connection. Previously, there was a race condition + if the TLS context rotated after we began the TLS handshake but + before we sent the CERTS cell. Fixes a case of bug 22460; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (torrc, crash): + - Fix a crash bug when using %include in torrc. Fixes bug 22417; + bugfix on 0.3.1.1-alpha. Patch by Daniel Pinto. + + o Minor features (code style): + - Add "Falls through" comments to our codebase, in order to silence + GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas + Stieger. Closes ticket 22446. + + o Minor features (diagnostic): + - Add logging messages to try to diagnose a rare bug that seems to + generate RSA->Ed25519 cross-certificates dated in the 1970s. We + think this is happening because of incorrect system clocks, but + we'd like to know for certain. Diagnostic for bug 22466. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + + o Minor bugfixes (directory protocol): + - Check for libzstd >= 1.1, because older versions lack the + necessary streaming API. Fixes bug 22413; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (link handshake): + - Lower the lifetime of the RSA->Ed25519 cross-certificate to six + months, and regenerate it when it is within one month of expiring. + Previously, we had generated this certificate at startup with a + ten-year lifetime, but that could lead to weird behavior when Tor + was started with a grossly inaccurate clock. Mitigates bug 22466; + mitigation on 0.3.0.1-alpha. + + o Minor bugfixes (storage directories): + - Always check for underflows in the cached storage directory usage. + If the usage does underflow, re-calculate it. Also, avoid a + separate underflow when the usage is not known. Fixes bug 22424; + bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (unit tests): + - The unit tests now pass on systems where localhost is misconfigured + to some IPv4 address other than 127.0.0.1. Fixes bug 6298; bugfix + on 0.0.9pre2. + + o Documentation: + - Clarify the manpage for the (deprecated) torify script. Closes + ticket 6892. + +Changes in version 0.3.0.8 - 2017-06-08 + Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-004 and TROVE-2017-005. + + Tor 0.3.0.8 also includes fixes for several key management bugs + that sometimes made relays unreliable, as well as several other + bugfixes described below. + + o Major bugfixes (hidden service, relay, security, backport + from 0.3.1.3-alpha): + - Fix a remotely triggerable assertion failure when a hidden service + handles a malformed BEGIN cell. Fixes bug 22493, tracked as + TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha. + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha): + - When performing the v3 link handshake on a TLS connection, report + that we have the x509 certificate that we actually used on that + connection, even if we have changed certificates since that + connection was first opened. Previously, we would claim to have + used our most recent x509 link certificate, which would sometimes + make the link handshake fail. Fixes one case of bug 22460; bugfix + on 0.2.3.6-alpha. + + o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha): + - Regenerate link and authentication certificates whenever the key + that signs them changes; also, regenerate link certificates + whenever the signed key changes. Previously, these processes were + only weakly coupled, and we relays could (for minutes to hours) + wind up with an inconsistent set of keys and certificates, which + other relays would not accept. Fixes two cases of bug 22460; + bugfix on 0.3.0.1-alpha. + - When sending an Ed25519 signing->link certificate in a CERTS cell, + send the certificate that matches the x509 certificate that we + used on the TLS connection. Previously, there was a race condition + if the TLS context rotated after we began the TLS handshake but + before we sent the CERTS cell. Fixes a case of bug 22460; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha): + - Stop rejecting v3 hidden service descriptors because their size + did not match an old padding rule. Fixes bug 22447; bugfix on + 0.3.0.1-alpha. + + o Minor features (fallback directory list, backport from 0.3.1.3-alpha): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional) with a list of + 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May + 2017. Resolves ticket 21564. + + o Minor bugfixes (configuration, backport from 0.3.1.1-alpha): + - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes + bug 22252; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (correctness, backport from 0.3.1.3-alpha): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + + o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha): + - Lower the lifetime of the RSA->Ed25519 cross-certificate to six + months, and regenerate it when it is within one month of expiring. + Previously, we had generated this certificate at startup with a + ten-year lifetime, but that could lead to weird behavior when Tor + was started with a grossly inaccurate clock. Mitigates bug 22466; + mitigation on 0.3.0.1-alpha. + + o Minor bugfixes (memory leak, directory authority, backport from + 0.3.1.2-alpha): + - When directory authorities reject a router descriptor due to + keypinning, free the router descriptor rather than leaking the + memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha. + + +Changes in version 0.2.9.11 - 2017-06-08 + Tor 0.2.9.11 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + Tor 0.2.9.11 also backports fixes for several key management bugs + that sometimes made relays unreliable, as well as several other + bugfixes described below. + + o Major bugfixes (hidden service, relay, security, backport + from 0.3.1.3-alpha): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha): + - When performing the v3 link handshake on a TLS connection, report + that we have the x509 certificate that we actually used on that + connection, even if we have changed certificates since that + connection was first opened. Previously, we would claim to have + used our most recent x509 link certificate, which would sometimes + make the link handshake fail. Fixes one case of bug 22460; bugfix + on 0.2.3.6-alpha. + + o Minor features (fallback directory list, backport from 0.3.1.3-alpha): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional) with a list of + 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May + 2017. Resolves ticket 21564. + + o Minor features (future-proofing, backport from 0.3.0.7): + - Tor no longer refuses to download microdescriptors or descriptors if + they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + + o Minor features (directory authorities, backport from 0.3.0.4-rc) + - Directory authorities now reject relays running versions + 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays + suffer from bug 20499 and don't keep their consensus cache + up-to-date. Resolves ticket 20509. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (control port, backport from 0.3.0.6): + - The GETINFO extra-info/digest/ command was broken because + of a wrong base16 decode return value check, introduced when + refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (correctness, backport from 0.3.1.3-alpha): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + + o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.0.7): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix + on 0.2.5.1-alpha. + + o Minor bugfixes (memory leak, directory authority, backport + from 0.3.1.2-alpha): + - When directory authorities reject a router descriptor due to + keypinning, free the router descriptor rather than leaking the + memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha. + +Changes in version 0.2.8.14 - 2017-06-08 + Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor features (fallback directory list, backport from 0.3.1.3-alpha): + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional) with a list of + 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May + 2017. Resolves ticket 21564. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + +Changes in version 0.2.7.8 - 2017-06-08 + Tor 0.2.7.8 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + + +Changes in version 0.2.6.12 - 2017-06-08 + Tor 0.2.6.12 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + +Changes in version 0.2.5.14 - 2017-06-08 + Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + +Changes in version 0.2.4.29 - 2017-06-08 + Tor 0.2.4.29 backports a fix for a bug that would allow an attacker to + remotely crash a hidden service with an assertion failure. Anyone + running a hidden service should upgrade to this version, or to some + other version with fixes for TROVE-2017-005. (Versions before 0.3.0 + are not affected by TROVE-2017-004.) + + o Major bugfixes (hidden service, relay, security): + - Fix a remotely triggerable assertion failure caused by receiving a + BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug + 22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix + on 0.2.2.1-alpha. + + o Minor features (geoip): + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (correctness): + - Avoid undefined behavior when parsing IPv6 entries from the geoip6 + file. Fixes bug 22490; bugfix on 0.2.4.6-alpha. + + +Changes in version 0.3.1.2-alpha - 2017-05-26 + Tor 0.3.1.2-alpha is the second release in the 0.3.1.x series. It + fixes a few bugs found while testing 0.3.1.1-alpha, including a + memory corruption bug that affected relay stability. + + o Major bugfixes (crash, relay): + - Fix a memory-corruption bug in relays that set MyFamily. + Previously, they would double-free MyFamily elements when making + the next descriptor or when changing their configuration. Fixes + bug 22368; bugfix on 0.3.1.1-alpha. + + o Minor bugfixes (logging): + - Log a better message when a directory authority replies to an + upload with an unexpected status code. Fixes bug 11121; bugfix + on 0.1.0.1-rc. + + o Minor bugfixes (memory leak, directory authority): + - When directory authorities reject a router descriptor due to + keypinning, free the router descriptor rather than leaking the + memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha. + + +Changes in version 0.3.1.1-alpha - 2017-05-22 + Tor 0.3.1.1-alpha is the first release in the 0.3.1.x series. It + reduces the bandwidth usage for Tor's directory protocol, adds some + basic padding to resist netflow-based traffic analysis and to serve as + the basis of other padding in the future, and adds rust support to the + build system. + + It also contains numerous other small features and improvements to + security, correctness, and performance. + + Below are the changes since 0.3.0.7. + + o Major features (directory protocol): + - Tor relays and authorities can now serve clients an abbreviated + version of the consensus document, containing only the changes + since an older consensus document that the client holds. Clients + now request these documents when available. When both client and + server use this new protocol, they will use far less bandwidth (up + to 94% less) to keep the client's consensus up-to-date. Implements + proposal 140; closes ticket 13339. Based on work by Daniel Martí. + - Tor can now compress directory traffic with lzma or with zstd + compression algorithms, which can deliver better bandwidth + performance. Because lzma is computationally expensive, it's only + used for documents that can be compressed once and served many + times. Support for these algorithms requires that tor is built + with the libzstd and/or liblzma libraries available. Implements + proposal 278; closes ticket 21662. + - Relays now perform the more expensive compression operations, and + consensus diff generation, in worker threads. This separation + avoids delaying the main thread when a new consensus arrives. + + o Major features (experimental): + - Tor can now build modules written in Rust. To turn this on, pass + the "--enable-rust" flag to the configure script. It's not time to + get excited yet: currently, there is no actual Rust functionality + beyond some simple glue code, and a notice at startup to tell you + that Rust is running. Still, we hope that programmers and + packagers will try building Tor with Rust support, so that we can + find issues and solve portability problems. Closes ticket 22106. + + o Major features (traffic analysis resistance): + - Connections between clients and relays now send a padding cell in + each direction every 1.5 to 9.5 seconds (tunable via consensus + parameters). This padding will not resist specialized + eavesdroppers, but it should be enough to make many ISPs' routine + network flow logging less useful in traffic analysis against + Tor users. + + Padding is negotiated using Tor's link protocol, so both relays + and clients must upgrade for this to take effect. Clients may + still send padding despite the relay's version by setting + ConnectionPadding 1 in torrc, and may disable padding by setting + ConnectionPadding 0 in torrc. Padding may be minimized for mobile + users with the torrc option ReducedConnectionPadding. Implements + Proposal 251 and Section 2 of Proposal 254; closes ticket 16861. + - Relays will publish 24 hour totals of padding and non-padding cell + counts to their extra-info descriptors, unless PaddingStatistics 0 + is set in torrc. These 24 hour totals are also rounded to + multiples of 10000. + + o Major bugfixes (connection usage): + - We use NETINFO cells to try to determine if both relays involved + in a connection will agree on the canonical status of that + connection. We prefer the connections where this is the case for + extend cells, and try to close connections where relays disagree + on their canonical status early. Also, we now prefer the oldest + valid connection for extend cells. These two changes should reduce + the number of long-term connections that are kept open between + relays. Fixes bug 17604; bugfix on 0.2.5.5-alpha. + - Relays now log hourly statistics (look for + "channel_check_for_duplicates" lines) on the total number of + connections to other relays. If the number of connections per + relay is unexpectedly large, this log message is at notice level. + Otherwise it is at info. + + o Major bugfixes (entry guards): + - Don't block bootstrapping when a primary bridge is offline and we + can't get its descriptor. Fixes bug 22325; fixes one case of bug + 21969; bugfix on 0.3.0.3-alpha. + + o Major bugfixes (linux TPROXY support): + - Fix a typo that had prevented TPROXY-based transparent proxying + from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha. + Patch from "d4fq0fQAgoJ". + + o Minor features (security, windows): + - Enable a couple of pieces of Windows hardening: one + (HeapEnableTerminationOnCorruption) that has been on-by-default + since Windows 8, and unavailable before Windows 7; and one + (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't + affect us, but shouldn't do any harm. Closes ticket 21953. + + o Minor features (config options): + - Allow "%include" directives in torrc configuration files. These + directives import the settings from other files, or from all the + files in a directory. Closes ticket 1922. Code by Daniel Pinto. + - Make SAVECONF return an error when overwriting a torrc that has + includes. Using SAVECONF with the FORCE option will allow it to + overwrite torrc even if includes are used. Related to ticket 1922. + - Add "GETINFO config-can-saveconf" to tell controllers if SAVECONF + will work without the FORCE option. Related to ticket 1922. + + o Minor features (controller): + - Warn the first time that a controller requests data in the long- + deprecated 'GETINFO network-status' format. Closes ticket 21703. + + o Minor features (defaults): + - The default value for UseCreateFast is now 0: clients which + haven't yet received a consensus document will now use a proper + ntor handshake to talk to their directory servers whenever they + can. Closes ticket 21407. + - Onion key rotation and expiry intervals are now defined as a + network consensus parameter, per proposal 274. The default + lifetime of an onion key is increased from 7 to 28 days. Old onion + keys will expire after 7 days by default. This change will make + consensus diffs much smaller, and save significant bandwidth. + Closes ticket 21641. + + o Minor features (fallback directory list): + - Update the fallback directory mirror whitelist and blacklist based + on operator emails. Closes task 21121. + - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in + December 2016 (of which ~126 were still functional) with a list of + 151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May + 2017. Resolves ticket 21564. + + o Minor features (hidden services, logging): + - Log a message when a hidden service descriptor has fewer + introduction points than specified in + HiddenServiceNumIntroductionPoints. Closes tickets 21598. + - Log a message when a hidden service reaches its introduction point + circuit limit, and when that limit is reset. Follow up to ticket + 21594; closes ticket 21622. + - Warn user if multiple entries in EntryNodes and at least one + HiddenService are used together. Pinning EntryNodes along with a + hidden service can be possibly harmful; for instance see ticket + 14917 or 21155. Closes ticket 21155. + + o Minor features (linux seccomp2 sandbox): + - We now have a document storage backend compatible with the Linux + seccomp2 sandbox. This backend is used for consensus documents and + diffs between them; in the long term, we'd like to use it for + unparseable directory material too. Closes ticket 21645 + - Increase the maximum allowed size passed to mprotect(PROT_WRITE) + from 1MB to 16MB. This was necessary with the glibc allocator in + order to allow worker threads to allocate more memory -- which in + turn is necessary because of our new use of worker threads for + compression. Closes ticket 22096. + + o Minor features (logging): + - Log files are no longer created world-readable by default. + (Previously, most distributors would store the logs in a non- + world-readable location to prevent inappropriate access. This + change is an extra precaution.) Closes ticket 21729; patch + from toralf. + + o Minor features (performance): + - Our Keccak (SHA-3) implementation now accesses memory more + efficiently, especially on little-endian systems. Closes + ticket 21737. + - Add an O(1) implementation of channel_find_by_global_id(), to + speed some controller functions. + + o Minor features (relay, configuration): + - The MyFamily option may now be repeated as many times as desired, + for relays that want to configure large families. Closes ticket + 4998; patch by Daniel Pinto. + + o Minor features (safety): + - Add an explicit check to extrainfo_parse_entry_from_string() for + NULL inputs. We don't believe this can actually happen, but it may + help silence a warning from the Clang analyzer. Closes + ticket 21496. + + o Minor features (testing): + - Add a "--disable-memory-sentinels" feature to help with fuzzing. + When Tor is compiled with this option, we disable a number of + redundant memory-safety failsafes that are intended to stop bugs + from becoming security issues. This makes it easier to hunt for + bugs that would be security issues without the failsafes turned + on. Closes ticket 21439. + - Add a general event-tracing instrumentation support to Tor. This + subsystem will enable developers and researchers to add fine- + grained instrumentation to their Tor instances, for use when + examining Tor network performance issues. There are no trace + events yet, and event-tracing is off by default unless enabled at + compile time. Implements ticket 13802. + - Improve our version parsing tests: add tests for typical version + components, add tests for invalid versions, including numeric + range and non-numeric prefixes. Unit tests 21278, 21450, and + 21507. Partially implements 21470. + + o Minor bugfixes (bandwidth accounting): + - Roll over monthly accounting at the configured hour and minute, + rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1. + Found by Andrey Karpov with PVS-Studio. + + o Minor bugfixes (code correctness): + - Accurately identify client connections by their lack of peer + authentication. This means that we bail out earlier if asked to + extend to a client. Follow-up to 21407. Fixes bug 21406; bugfix + on 0.2.4.23. + + o Minor bugfixes (configuration): + - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes + bug 22252; bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (connection lifespan): + - Allow more control over how long TLS connections are kept open: + unify CircuitIdleTimeout and PredictedPortsRelevanceTime into a + single option called CircuitsAvailableTimeout. Also, allow the + consensus to control the default values for both this preference + and the lifespan of relay-to-relay connections. Fixes bug 17592; + bugfix on 0.2.5.5-alpha. + - Increase the initial circuit build timeout testing frequency, to + help ensure that ReducedConnectionPadding clients finish learning + a timeout before their orconn would expire. The initial testing + rate was set back in the days of TAP and before the Tor Browser + updater, when we had to be much more careful about new clients + making lots of circuits. With this change, a circuit build timeout + is learned in about 15-20 minutes, instead of 100-120 minutes. + + o Minor bugfixes (controller): + - GETINFO onions/current and onions/detached no longer respond with + 551 on empty lists. Fixes bug 21329; bugfix on 0.2.7.1-alpha. + - Trigger HS descriptor events on the control port when the client + fails to pick a hidden service directory for a hidden service. + This can happen if all the hidden service directories are in + ExcludeNodes, or they have all been queried within the last 15 + minutes. Fixes bug 22042; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (directory authority): + - When rejecting a router descriptor for running an obsolete version + of Tor without ntor support, warn about the obsolete tor version, + not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha. + - Prevent the shared randomness subsystem from asserting when + initialized by a bridge authority with an incomplete configuration + file. Fixes bug 21586; bugfix on 0.2.9.8. + + o Minor bugfixes (exit-side DNS): + - Fix an untriggerable assertion that checked the output of a + libevent DNS error, so that the assertion actually behaves as + expected. Fixes bug 22244; bugfix on 0.2.0.20-rc. Found by Andrey + Karpov using PVS-Studio. + + o Minor bugfixes (fallback directories): + - Make the usage example in updateFallbackDirs.py actually work, and + explain what it does. Fixes bug 22270; bugfix on 0.3.0.3-alpha. + - Decrease the guard flag average required to be a fallback. This + allows us to keep relays that have their guard flag removed when + they restart. Fixes bug 20913; bugfix on 0.2.8.1-alpha. + - Decrease the minimum number of fallbacks to 100. Fixes bug 20913; + bugfix on 0.2.8.1-alpha. + - Make sure fallback directory mirrors have the same address, port, + and relay identity key for at least 30 days before they are + selected. Fixes bug 20913; bugfix on 0.2.8.1-alpha. + + o Minor bugfixes (hidden services): + - Stop printing a cryptic warning when a hidden service gets a + request to connect to a virtual port that it hasn't configured. + Fixes bug 16706; bugfix on 0.2.6.3-alpha. + - Simplify hidden service descriptor creation by using an existing + flag to check if an introduction point is established. Fixes bug + 21599; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (memory leak): + - Fix a small memory leak at exit from the backtrace handler code. + Fixes bug 21788; bugfix on 0.2.5.2-alpha. Patch from Daniel Pinto. + + o Minor bugfixes (protocol, logging): + - Downgrade a log statement about unexpected relay cells from "bug" + to "protocol warning", because there is at least one use case + where it can be triggered by a buggy tor implementation. Fixes bug + 21293; bugfix on 0.1.1.14-alpha. + + o Minor bugfixes (testing): + - Use unbuffered I/O for utility functions around the + process_handle_t type. This fixes unit test failures reported on + OpenBSD and FreeBSD. Fixes bug 21654; bugfix on 0.2.3.1-alpha. + - Make display of captured unit test log messages consistent. Fixes + bug 21510; bugfix on 0.2.9.3-alpha. + - Make test-network.sh always call chutney's test-network.sh. + Previously, this only worked on systems which had bash installed, + due to some bash-specific code in the script. Fixes bug 19699; + bugfix on 0.3.0.4-rc. Follow-up to ticket 21581. + + o Minor bugfixes (voting consistency): + - Reject version numbers with non-numeric prefixes (such as +, -, or + whitespace). Disallowing whitespace prevents differential version + parsing between POSIX-based and Windows platforms. Fixes bug 21507 + and part of 21508; bugfix on 0.0.8pre1. + + o Minor bugfixes (windows, relay): + - Resolve "Failure from drain_fd: No error" warnings on Windows + relays. Fixes bug 21540; bugfix on 0.2.6.3-alpha. + + o Code simplification and refactoring: + - Break up the 630-line function connection_dir_client_reached_eof() + into a dozen smaller functions. This change should help + maintainability and readability of the client directory code. + - Isolate our use of the openssl headers so that they are only + included from our crypto wrapper modules, and from tests that + examine those modules' internals. Closes ticket 21841. + - Simplify our API to launch directory requests, making it more + extensible and less error-prone. Now it's easier to add extra + headers to directory requests. Closes ticket 21646. + - Our base64 decoding functions no longer overestimate the output + space that they need when parsing unpadded inputs. Closes + ticket 17868. + - Remove unused "ROUTER_ADDED_NOTIFY_GENERATOR" internal value. + Resolves ticket 22213. + - The logic that directory caches use to spool request to clients, + serving them one part at a time so as not to allocate too much + memory, has been refactored for consistency. Previously there was + a separate spooling implementation per type of spoolable data. Now + there is one common spooling implementation, with extensible data + types. Closes ticket 21651. + - Tor's compression module now supports multiple backends. Part of + the implementation for proposal 278; closes ticket 21663. + + o Documentation: + - Clarify the behavior of the KeepAliveIsolateSOCKSAuth sub-option. + Closes ticket 21873. + - Correct documentation about the default DataDirectory value. + Closes ticket 21151. + - Document the default behavior of NumEntryGuards and + NumDirectoryGuards correctly. Fixes bug 21715; bugfix + on 0.3.0.1-alpha. + - Document key=value pluggable transport arguments for Bridge lines + in torrc. Fixes bug 20341; bugfix on 0.2.5.1-alpha. + - Note that bandwidth-limiting options don't affect TCP headers or + DNS. Closes ticket 17170. + + o Removed features (configuration options, all in ticket 22060): + - These configuration options are now marked Obsolete, and no longer + have any effect: AllowInvalidNodes, AllowSingleHopCircuits, + AllowSingleHopExits, ExcludeSingleHopRelays, FastFirstHopPK, + TLSECGroup, WarnUnsafeSocks. They were first marked as deprecated + in 0.2.9.2-alpha and have now been removed. The previous default + behavior is now always chosen; the previous (less secure) non- + default behavior is now unavailable. + - CloseHSClientCircuitsImmediatelyOnTimeout and + CloseHSServiceRendCircuitsImmediatelyOnTimeout were deprecated in + 0.2.9.2-alpha and now have been removed. HS circuits never close + on circuit build timeout; they have a longer timeout period. + - {Control,DNS,Dir,Socks,Trans,NATD,OR}ListenAddress were deprecated + in 0.2.9.2-alpha and now have been removed. Use the ORPort option + (and others) to configure listen-only and advertise-only addresses. + + o Removed features (tools): + - We've removed the tor-checkkey tool from src/tools. Long ago, we + used it to help people detect RSA keys that were generated by + versions of Debian affected by CVE-2008-0166. But those keys have + been out of circulation for ages, and this tool is no longer + required. Closes ticket 21842. + + +Changes in version 0.3.0.7 - 2017-05-15 + Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions + of Tor 0.3.0.x, where an attacker could cause a Tor relay process + to exit. Relays running earlier versions of Tor 0.3.0.x should upgrade; + clients are not affected. + + o Major bugfixes (hidden service directory, security): + - Fix an assertion failure in the hidden service directory code, which + could be used by an attacker to remotely cause a Tor relay process to + exit. Relays running earlier versions of Tor 0.3.0.x should upgrade. + should upgrade. This security issue is tracked as TROVE-2017-002. + Fixes bug 22246; bugfix on 0.3.0.1-alpha. + + o Minor features: + - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2 + Country database. + + o Minor features (future-proofing): + - Tor no longer refuses to download microdescriptors or descriptors + if they are listed as "published in the future". This change will + eventually allow us to stop listing meaningful "published" dates + in microdescriptor consensuses, and thereby allow us to reduce the + resources required to download consensus diffs by over 50%. + Implements part of ticket 21642; implements part of proposal 275. + + o Minor bugfixes (Linux seccomp2 sandbox): + - The getpid() system call is now permitted under the Linux seccomp2 + sandbox, to avoid crashing with versions of OpenSSL (and other + libraries) that attempt to learn the process's PID by using the + syscall rather than the VDSO code. Fixes bug 21943; bugfix + on 0.2.5.1-alpha. + + +Changes in version 0.3.0.6 - 2017-04-26 + Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series. + + With the 0.3.0 series, clients and relays now use Ed25519 keys to + authenticate their link connections to relays, rather than the old + RSA1024 keys that they used before. (Circuit crypto has been + Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced + the guard selection and replacement algorithm to behave more robustly + in the presence of unreliable networks, and to resist guard- + capture attacks. + + This series also includes numerous other small features and bugfixes, + along with more groundwork for the upcoming hidden-services revamp. + + Per our stable release policy, we plan to support the Tor 0.3.0 + release series for at least the next nine months, or for three months + after the first stable release of the 0.3.1 series: whichever is + longer. If you need a release with long-term support, we recommend + that you stay with the 0.2.9 series. + + Below are the changes since 0.3.0.5-rc. For a list of all changes + since 0.2.9, see the ReleaseNotes file. + + o Minor features (geoip): + - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (control port): + - The GETINFO extra-info/digest/ command was broken because + of a wrong base16 decode return value check, introduced when + refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (crash prevention): + - Fix a (currently untriggerable, but potentially dangerous) crash + bug when base32-encoding inputs whose sizes are not a multiple of + 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha. + + +Changes in version 0.3.0.5-rc - 2017-04-05 + Tor 0.3.0.5-rc fixes a few remaining bugs, large and small, in the + 0.3.0 release series. + + This is the second release candidate in the Tor 0.3.0 series, and has + much fewer changes than the first. If we find no new bugs or + regressions here, the first stable 0.3.0 release will be nearly + identical to it. + + o Major bugfixes (crash, directory connections): + - Fix a rare crash when sending a begin cell on a circuit whose + linked directory connection had already been closed. Fixes bug + 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett. + + o Major bugfixes (guard selection): + - Fix a guard selection bug where Tor would refuse to bootstrap in + some cases if the user swapped a bridge for another bridge in + their configuration file. Fixes bug 21771; bugfix on 0.3.0.1-alpha. + Reported by "torvlnt33r". + + o Minor features (geoip): + - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfix (compilation): + - Fix a warning when compiling hs_service.c. Previously, it had no + exported symbols when compiled for libor.a, resulting in a + compilation warning from clang. Fixes bug 21825; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (hidden services): + - Make hidden services check for failed intro point connections, + even when they have exceeded their intro point creation limit. + Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett. + - Make hidden services with 8 to 10 introduction points check for + failed circuits immediately after startup. Previously, they would + wait for 5 minutes before performing their first checks. Fixes bug + 21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett. + + o Minor bugfixes (memory leaks): + - Fix a memory leak when using GETCONF on a port option. Fixes bug + 21682; bugfix on 0.3.0.3-alpha. + + o Minor bugfixes (relay): + - Avoid a double-marked-circuit warning that could happen when we + receive DESTROY cells under heavy load. Fixes bug 20059; bugfix + on 0.1.0.1-rc. + + o Minor bugfixes (tests): + - Run the entry_guard_parse_from_state_full() test with the time set + to a specific date. (The guard state that this test was parsing + contained guards that had expired since the test was first + written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha. + + o Documentation: + - Update the description of the directory server options in the + manual page, to clarify that a relay no longer needs to set + DirPort in order to be a directory cache. Closes ticket 21720. + + + +Changes in version 0.2.8.13 - 2017-03-03 + Tor 0.2.8.13 backports a security fix from later Tor + releases. Anybody running Tor 0.2.8.12 or earlier should upgrade to this + this release, if for some reason they cannot upgrade to a later + release series, and if they build Tor with the --enable-expensive-hardening + option. + + Note that support for Tor 0.2.8.x is ending next year: we will not issue + any fixes for the Tor 0.2.8.x series after 1 Jan 2018. If you need + a Tor release series with longer-term support, we recommend Tor 0.2.9.x. + + o Major bugfixes (parsing, backported from 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + +Changes in version 0.2.7.7 - 2017-03-03 + Tor 0.2.7.7 backports a number of security fixes from later Tor + releases. Anybody running Tor 0.2.7.6 or earlier should upgrade to + this release, if for some reason they cannot upgrade to a later + release series. + + Note that support for Tor 0.2.7.x is ending this year: we will not issue + any fixes for the Tor 0.2.7.x series after 1 August 2017. If you need + a Tor release series with longer-term support, we recommend Tor 0.2.9.x. + + o Directory authority changes (backport from 0.2.8.5-rc): + - Urras is no longer a directory authority. Closes ticket 19271. + + o Directory authority changes (backport from 0.2.9.2-alpha): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Directory authority key updates (backport from 0.2.8.1-alpha): + - Update the V3 identity key for the dannenberg directory authority: + it was changed on 18 November 2015. Closes task 17906. Patch + by "teor". + + o Major bugfixes (parsing, security, backport from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, and the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha): + - Avoid a difficult-to-trigger heap corruption attack when extending + a smartlist to contain over 16GB of pointers. Fixes bug 18162; + bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. + Reported by Guido Vranken. + + o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". + + o Major bugfixes (key management, backport from 0.2.8.3-alpha): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (parsing, backported from 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (security, memory erasure, backport from 0.2.8.1-alpha): + - Make memwipe() do nothing when passed a NULL pointer or buffer of + zero size. Check size argument to memwipe() for underflow. Fixes + bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", + patch by "teor". + + o Minor features (bug-resistance, backport from 0.2.8.2-alpha): + - Make Tor survive errors involving connections without a + corresponding event object. Previously we'd fail with an + assertion; now we produce a log message. Related to bug 16248. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + +Changes in version 0.2.6.11 - 2017-03-03 + Tor 0.2.6.11 backports a number of security fixes from later Tor + releases. Anybody running Tor 0.2.6.10 or earlier should upgrade to + this release, if for some reason they cannot upgrade to a later + release series. + + Note that support for Tor 0.2.6.x is ending this year: we will not issue + any fixes for the Tor 0.2.6.x series after 1 August 2017. If you need + a Tor release series with longer-term support, we recommend Tor 0.2.9.x. + + o Directory authority changes (backport from 0.2.8.5-rc): + - Urras is no longer a directory authority. Closes ticket 19271. + + o Directory authority changes (backport from 0.2.9.2-alpha): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Directory authority key updates (backport from 0.2.8.1-alpha): + - Update the V3 identity key for the dannenberg directory authority: + it was changed on 18 November 2015. Closes task 17906. Patch + by "teor". + + o Major features (security fixes, backport from 0.2.9.4-alpha): + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Major bugfixes (parsing, security, backport from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, and the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + + o Major bugfixes (security, correctness, backport from 0.2.7.4-rc): + - Fix an error that could cause us to read 4 bytes before the + beginning of an openssl string. This bug could be used to cause + Tor to crash on systems with unusual malloc implementations, or + systems with unusual hardening installed. Fixes bug 17404; bugfix + on 0.2.3.6-alpha. + + o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha): + - Avoid a difficult-to-trigger heap corruption attack when extending + a smartlist to contain over 16GB of pointers. Fixes bug 18162; + bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. + Reported by Guido Vranken. + + o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". + + o Major bugfixes (guard selection, backport from 0.2.7.6): + - Actually look at the Guard flag when selecting a new directory + guard. When we implemented the directory guard design, we + accidentally started treating all relays as if they have the Guard + flag during guard selection, leading to weaker anonymity and worse + performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered + by Mohsen Imani. + + o Major bugfixes (key management, backport from 0.2.8.3-alpha): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (parsing, backported from 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (security, memory erasure, backport from 0.2.8.1-alpha): + - Make memwipe() do nothing when passed a NULL pointer or buffer of + zero size. Check size argument to memwipe() for underflow. Fixes + bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", + patch by "teor". + + o Minor features (bug-resistance, backport from 0.2.8.2-alpha): + - Make Tor survive errors involving connections without a + corresponding event object. Previously we'd fail with an + assertion; now we produce a log message. Related to bug 16248. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation, backport from 0.2.7.6): + - Fix a compilation warning with Clang 3.6: Do not check the + presence of an address which can never be NULL. Fixes bug 17781. + + +Changes in version 0.2.5.13 - 2017-03-03 + Tor 0.2.5.13 backports a number of security fixes from later Tor + releases. Anybody running Tor 0.2.5.13 or earlier should upgrade to + this release, if for some reason they cannot upgrade to a later + release series. + + Note that support for Tor 0.2.5.x is ending next year: we will not issue + any fixes for the Tor 0.2.5.x series after 1 May 2018. If you need + a Tor release series with longer-term support, we recommend Tor 0.2.9.x. + + o Directory authority changes (backport from 0.2.8.5-rc): + - Urras is no longer a directory authority. Closes ticket 19271. + + o Directory authority changes (backport from 0.2.9.2-alpha): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Directory authority key updates (backport from 0.2.8.1-alpha): + - Update the V3 identity key for the dannenberg directory authority: + it was changed on 18 November 2015. Closes task 17906. Patch + by "teor". + + o Major features (security fixes, backport from 0.2.9.4-alpha): + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Major bugfixes (parsing, security, backport from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha): + - Stop a crash that could occur when a client running with DNSPort + received a query with multiple address types, and the first + address type was not supported. Found and fixed by Scott Dial. + Fixes bug 18710; bugfix on 0.2.5.4-alpha. + + o Major bugfixes (security, correctness, backport from 0.2.7.4-rc): + - Fix an error that could cause us to read 4 bytes before the + beginning of an openssl string. This bug could be used to cause + Tor to crash on systems with unusual malloc implementations, or + systems with unusual hardening installed. Fixes bug 17404; bugfix + on 0.2.3.6-alpha. + + o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha): + - Avoid a difficult-to-trigger heap corruption attack when extending + a smartlist to contain over 16GB of pointers. Fixes bug 18162; + bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. + Reported by Guido Vranken. + + o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". + + o Major bugfixes (guard selection, backport from 0.2.7.6): + - Actually look at the Guard flag when selecting a new directory + guard. When we implemented the directory guard design, we + accidentally started treating all relays as if they have the Guard + flag during guard selection, leading to weaker anonymity and worse + performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered + by Mohsen Imani. + + o Major bugfixes (key management, backport from 0.2.8.3-alpha): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (parsing, backported from 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (security, memory erasure, backport from 0.2.8.1-alpha): + - Make memwipe() do nothing when passed a NULL pointer or buffer of + zero size. Check size argument to memwipe() for underflow. Fixes + bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", + patch by "teor". + + o Minor features (bug-resistance, backport from 0.2.8.2-alpha): + - Make Tor survive errors involving connections without a + corresponding event object. Previously we'd fail with an + assertion; now we produce a log message. Related to bug 16248. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation, backport from 0.2.7.6): + - Fix a compilation warning with Clang 3.6: Do not check the + presence of an address which can never be NULL. Fixes bug 17781. + + o Minor bugfixes (crypto error-handling, backport from 0.2.7.2-alpha): + - Check for failures from crypto_early_init, and refuse to continue. + A previous typo meant that we could keep going with an + uninitialized crypto library, and would have OpenSSL initialize + its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced + when implementing ticket 4900. Patch by "teor". + + o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha): + - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on + a client authorized hidden service. Fixes bug 15823; bugfix + on 0.2.1.6-alpha. + + +Changes in version 0.2.4.28 - 2017-03-03 + Tor 0.2.4.28 backports a number of security fixes from later Tor + releases. Anybody running Tor 0.2.4.27 or earlier should upgrade to + this release, if for some reason they cannot upgrade to a later + release series. + + Note that support for Tor 0.2.4.x is ending soon: we will not issue + any fixes for the Tor 0.2.4.x series after 1 August 2017. If you need + a Tor release series with long-term support, we recommend Tor 0.2.9.x. + + o Directory authority changes (backport from 0.2.8.5-rc): + - Urras is no longer a directory authority. Closes ticket 19271. + + o Directory authority changes (backport from 0.2.9.2-alpha): + - The "Tonga" bridge authority has been retired; the new bridge + authority is "Bifroest". Closes tickets 19728 and 19690. + + o Directory authority key updates (backport from 0.2.8.1-alpha): + - Update the V3 identity key for the dannenberg directory authority: + it was changed on 18 November 2015. Closes task 17906. Patch + by "teor". + + o Major features (security fixes, backport from 0.2.9.4-alpha): + - Prevent a class of security bugs caused by treating the contents + of a buffer chunk as if they were a NUL-terminated string. At + least one such bug seems to be present in all currently used + versions of Tor, and would allow an attacker to remotely crash + most Tor instances, especially those compiled with extra compiler + hardening. With this defense in place, such bugs can't crash Tor, + though we should still fix them as they occur. Closes ticket + 20384 (TROVE-2016-10-001). + + o Major bugfixes (parsing, security, backport from 0.2.9.8): + - Fix a bug in parsing that could cause clients to read a single + byte past the end of an allocated region. This bug could be used + to cause hardened clients (built with --enable-expensive-hardening) + to crash if they tried to visit a hostile hidden service. Non- + hardened clients are only affected depending on the details of + their platform's memory allocator. Fixes bug 21018; bugfix on + 0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE- + 2016-12-002 and as CVE-2016-1254. + + o Major bugfixes (security, correctness, backport from 0.2.7.4-rc): + - Fix an error that could cause us to read 4 bytes before the + beginning of an openssl string. This bug could be used to cause + Tor to crash on systems with unusual malloc implementations, or + systems with unusual hardening installed. Fixes bug 17404; bugfix + on 0.2.3.6-alpha. + + o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha): + - Avoid a difficult-to-trigger heap corruption attack when extending + a smartlist to contain over 16GB of pointers. Fixes bug 18162; + bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely. + Reported by Guido Vranken. + + o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha): + - Avoid crashing when running as a DNS proxy. Fixes bug 16248; + bugfix on 0.2.0.1-alpha. Patch from "cypherpunks". + + o Major bugfixes (guard selection, backport from 0.2.7.6): + - Actually look at the Guard flag when selecting a new directory + guard. When we implemented the directory guard design, we + accidentally started treating all relays as if they have the Guard + flag during guard selection, leading to weaker anonymity and worse + performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered + by Mohsen Imani. + + o Major bugfixes (key management, backport from 0.2.8.3-alpha): + - If OpenSSL fails to generate an RSA key, do not retain a dangling + pointer to the previous (uninitialized) key value. The impact here + should be limited to a difficult-to-trigger crash, if OpenSSL is + running an engine that makes key generation failures possible, or + if OpenSSL runs out of memory. Fixes bug 19152; bugfix on + 0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and + Baishakhi Ray. + + o Major bugfixes (parsing, backported from 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (security, memory erasure, backport from 0.2.8.1-alpha): + - Make memwipe() do nothing when passed a NULL pointer or buffer of + zero size. Check size argument to memwipe() for underflow. Fixes + bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", + patch by "teor". + + o Minor features (bug-resistance, backport from 0.2.8.2-alpha): + - Make Tor survive errors involving connections without a + corresponding event object. Previously we'd fail with an + assertion; now we produce a log message. Related to bug 16248. + + o Minor features (DoS-resistance, backport from 0.2.7.1-alpha): + - Make it harder for attackers to overload hidden services with + introductions, by blocking multiple introduction requests on the + same circuit. Resolves ticket 15515. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + o Minor bugfixes (compilation, backport from 0.2.7.6): + - Fix a compilation warning with Clang 3.6: Do not check the + presence of an address which can never be NULL. Fixes bug 17781. + + o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha): + - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on + a client authorized hidden service. Fixes bug 15823; bugfix + on 0.2.1.6-alpha. + + +Changes in version 0.3.0.4-rc - 2017-03-01 + Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the + 0.3.0 release series, and introduces a few reliability features to + keep them from coming back. + + This is the first release candidate in the Tor 0.3.0 series. If we + find no new bugs or regressions here, the first stable 0.3.0 release + will be nearly identical to it. + + o Major bugfixes (bridges): + - When the same bridge is configured multiple times with the same + identity, but at different address:port combinations, treat those + bridge instances as separate guards. This fix restores the ability + of clients to configure the same bridge with multiple pluggable + transports. Fixes bug 21027; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (hidden service directory v3): + - Stop crashing on a failed v3 hidden service descriptor lookup + failure. Fixes bug 21471; bugfixes on 0.3.0.1-alpha. + + o Major bugfixes (parsing): + - When parsing a malformed content-length field from an HTTP + message, do not read off the end of the buffer. This bug was a + potential remote denial-of-service attack against Tor clients and + relays. A workaround was released in October 2016, to prevent this + bug from crashing Tor. This is a fix for the underlying issue, + which should no longer matter (if you applied the earlier patch). + Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing + using AFL (http://lcamtuf.coredump.cx/afl/). + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor feature (protocol versioning): + - Add new protocol version for proposal 224. HSIntro now advertises + version "3-4" and HSDir version "1-2". Fixes ticket 20656. + + o Minor features (directory authorities): + - Directory authorities now reject descriptors that claim to be + malformed versions of Tor. Helps prevent exploitation of + bug 21278. + - Reject version numbers with components that exceed INT32_MAX. + Otherwise 32-bit and 64-bit platforms would behave inconsistently. + Fixes bug 21450; bugfix on 0.0.8pre1. + - Directory authorities now reject relays running versions + 0.2.9.1-alpha through 0.2.9.4-alpha, because those relays + suffer from bug 20499 and don't keep their consensus cache + up-to-date. Resolves ticket 20509. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + o Minor features (reliability, crash): + - Try better to detect problems in buffers where they might grow (or + think they have grown) over 2 GB in size. Diagnostic for + bug 21369. + + o Minor features (testing): + - During 'make test-network-all', if tor logs any warnings, ask + chutney to output them. Requires a recent version of chutney with + the 21572 patch. Implements 21570. + + o Minor bugfixes (certificate expiration time): + - Avoid using link certificates that don't become valid till some + time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha + + o Minor bugfixes (code correctness): + - Repair a couple of (unreachable or harmless) cases of the risky + comparison-by-subtraction pattern that caused bug 21278. + - Remove a redundant check for the UseEntryGuards option from the + options_transition_affects_guards() function. Fixes bug 21492; + bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (directory mirrors): + - Allow relays to use directory mirrors without a DirPort: these + relays need to be contacted over their ORPorts using a begindir + connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha. + - Clarify the message logged when a remote relay is unexpectedly + missing an ORPort or DirPort: users were confusing this with a + local port. Fixes another case of bug 20711; bugfix + on 0.2.8.2-alpha. + + o Minor bugfixes (guards): + - Don't warn about a missing guard state on timeout-measurement + circuits: they aren't supposed to be using guards. Fixes an + instance of bug 21007; bugfix on 0.3.0.1-alpha. + - Silence a BUG() warning when attempting to use a guard whose + descriptor we don't know, and make this scenario less likely to + happen. Fixes bug 21415; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (hidden service): + - Pass correct buffer length when encoding legacy ESTABLISH_INTRO + cells. Previously, we were using sizeof() on a pointer, instead of + the real destination buffer. Fortunately, that value was only used + to double-check that there was enough room--which was already + enforced elsewhere. Fixes bug 21553; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (testing): + - Fix Raspbian build issues related to missing socket errno in + test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch + by "hein". + - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't + actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha. + - Use bash in src/test/test-network.sh. This ensures we reliably + call chutney's newer tools/test-network.sh when available. Fixes + bug 21562; bugfix on 0.2.9.1-alpha. + + o Documentation: + - Small fixes to the fuzzing documentation. Closes ticket 21472. + + +Changes in version 0.2.9.10 - 2017-03-01 + Tor 0.2.9.10 backports a security fix from later Tor release. It also + includes fixes for some major issues affecting directory authorities, + LibreSSL compatibility, and IPv6 correctness. + + The Tor 0.2.9.x release series is now marked as a long-term-support + series. We intend to backport security fixes to 0.2.9.x until at + least January of 2020. + + o Major bugfixes (directory authority, 0.3.0.3-alpha): + - During voting, when marking a relay as a probable sybil, do not + clear its BadExit flag: sybils can still be bad in other ways + too. (We still clear the other flags.) Fixes bug 21108; bugfix + on 0.2.0.13-alpha. + + o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha): + - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects + any IPv6 addresses. Instead, only reject a port over IPv6 if the + exit policy rejects that port on more than an IPv6 /16 of + addresses. This bug was made worse by 17027 in 0.2.8.1-alpha, + which rejected a relay's own IPv6 address by default. Fixes bug + 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. + + o Major bugfixes (parsing, also in 0.3.0.4-rc): + - Fix an integer underflow bug when comparing malformed Tor + versions. This bug could crash Tor when built with + --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor + 0.2.9.8, which were built with -ftrapv by default. In other cases + it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix + on 0.0.8pre1. Found by OSS-Fuzz. + + o Minor features (directory authorities, also in 0.3.0.4-rc): + - Directory authorities now reject descriptors that claim to be + malformed versions of Tor. Helps prevent exploitation of + bug 21278. + - Reject version numbers with components that exceed INT32_MAX. + Otherwise 32-bit and 64-bit platforms would behave inconsistently. + Fixes bug 21450; bugfix on 0.0.8pre1. + + o Minor features (geoip): + - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2 + Country database. + + o Minor features (portability, compilation, backport from 0.3.0.3-alpha): + - Autoconf now checks to determine if OpenSSL structures are opaque, + instead of explicitly checking for OpenSSL version numbers. Part + of ticket 21359. + - Support building with recent LibreSSL code that uses opaque + structures. Closes ticket 21359. + + o Minor bugfixes (code correctness, also in 0.3.0.4-rc): + - Repair a couple of (unreachable or harmless) cases of the risky + comparison-by-subtraction pattern that caused bug 21278. + + o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha): + - The tor-resolve command line tool now rejects hostnames over 255 + characters in length. Previously, it would silently truncate them, + which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. + Patch by "junglefowl". + + +Changes in version 0.3.0.3-alpha - 2017-02-03 + Tor 0.3.0.3-alpha fixes a few significant bugs introduced over the + 0.3.0.x development series, including some that could cause + authorities to behave badly. There is also a fix for a longstanding + bug that could prevent IPv6 exits from working. Tor 0.3.0.3-alpha also + includes some smaller features and bugfixes. + + The Tor 0.3.0.x release series is now in patch-freeze: no additional + features will be considered for inclusion in 0.3.0.x. We suspect that + some bugs will probably remain, however, and we encourage people to + test this release. + + o Major bugfixes (directory authority): + - During voting, when marking a relay as a probable sybil, do not + clear its BadExit flag: sybils can still be bad in other ways + too. (We still clear the other flags.) Fixes bug 21108; bugfix + on 0.2.0.13-alpha. + - When deciding whether we have just found a router to be reachable, + do not penalize it for not having performed an Ed25519 link + handshake if it does not claim to support an Ed25519 handshake. + Previously, we would treat such relays as non-running. Fixes bug + 21107; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (entry guards): + - Stop trying to build circuits through entry guards for which we + have no descriptor. Also, stop crashing in the case that we *do* + accidentally try to build a circuit in such a state. Fixes bug + 21242; bugfix on 0.3.0.1-alpha. + + o Major bugfixes (IPv6 Exits): + - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects + any IPv6 addresses. Instead, only reject a port over IPv6 if the + exit policy rejects that port on more than an IPv6 /16 of + addresses. This bug was made worse by 17027 in 0.2.8.1-alpha, + which rejected a relay's own IPv6 address by default. Fixes bug + 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. + + o Minor feature (client): + - Enable IPv6 traffic on the SocksPort by default. To disable this, + a user will have to specify "NoIPv6Traffic". Closes ticket 21269. + + o Minor feature (fallback scripts): + - Add a check_existing mode to updateFallbackDirs.py, which checks + if fallbacks in the hard-coded list are working. Closes ticket + 20174. Patch by haxxpop. + + o Minor features (ciphersuite selection): + - Clients now advertise a list of ciphersuites closer to the ones + preferred by Firefox. Closes part of ticket 15426. + - Allow relays to accept a wider range of ciphersuites, including + chacha20-poly1305 and AES-CCM. Closes the other part of 15426. + + o Minor features (controller, configuration): + - Each of the *Port options, such as SocksPort, ORPort, ControlPort, + and so on, now comes with a __*Port variant that will not be saved + to the torrc file by the controller's SAVECONF command. This + change allows TorBrowser to set up a single-use domain socket for + each time it launches Tor. Closes ticket 20956. + - The GETCONF command can now query options that may only be + meaningful in context-sensitive lists. This allows the controller + to query the mixed SocksPort/__SocksPort style options introduced + in feature 20956. Implements ticket 21300. + + o Minor features (portability, compilation): + - Autoconf now checks to determine if OpenSSL structures are opaque, + instead of explicitly checking for OpenSSL version numbers. Part + of ticket 21359. + - Support building with recent LibreSSL code that uses opaque + structures. Closes ticket 21359. + + o Minor features (relay): + - We now allow separation of exit and relay traffic to different + source IP addresses, using the OutboundBindAddressExit and + OutboundBindAddressOR options respectively. Closes ticket 17975. + Written by Michael Sonntag. + + o Minor bugfix (logging): + - Don't recommend the use of Tor2web in non-anonymous mode. + Recommending Tor2web is a bad idea because the client loses all + anonymity. Tor2web should only be used in specific cases by users + who *know* and understand the issues. Fixes bug 21294; bugfix + on 0.2.9.3-alpha. + + o Minor bugfixes (client): + - Always recover from failures in extend_info_from_node(), in an + attempt to prevent any recurrence of bug 21242. Fixes bug 21372; + bugfix on 0.2.3.1-alpha. + + o Minor bugfixes (client, entry guards): + - Fix a bug warning (with backtrace) when we fail a channel that + circuits to fallback directories on it. Fixes bug 21128; bugfix + on 0.3.0.1-alpha. + - Fix a spurious bug warning (with backtrace) when removing an + expired entry guard. Fixes bug 21129; bugfix on 0.3.0.1-alpha. + - Fix a bug of the new guard algorithm where tor could stall for up + to 10 minutes before retrying a guard after a long period of no + network. Fixes bug 21052; bugfix on 0.3.0.1-alpha. + - Do not try to build circuits until we have descriptors for our + primary entry guards. Related to fix for bug 21242. + + o Minor bugfixes (configure, autoconf): + - Rename the configure option --enable-expensive-hardening to + --enable-fragile-hardening. Expensive hardening makes the tor + daemon abort when some kinds of issues are detected. Thus, it + makes tor more at risk of remote crashes but safer against RCE or + heartbleed bug category. We now try to explain this issue in a + message from the configure script. Fixes bug 21290; bugfix + on 0.2.5.4-alpha. + + o Minor bugfixes (controller): + - Restore the (deprecated) DROPGUARDS controller command. Fixes bug + 20824; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (hidden service): + - Clean up the code for expiring intro points with no associated + circuits. It was causing, rarely, a service with some expiring + introduction points to not open enough additional introduction + points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha. + - Stop setting the torrc option HiddenServiceStatistics to "0" just + because we're not a bridge or relay. Instead, we preserve whatever + value the user set (or didn't set). Fixes bug 21150; bugfix + on 0.2.6.2-alpha. + - Resolve two possible underflows which could lead to creating and + closing a lot of introduction point circuits in a non-stop loop. + Fixes bug 21302; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (portability): + - Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__". + It is supported by OpenBSD itself, and also by most OpenBSD + variants (such as Bitrig). Fixes bug 20980; bugfix + on 0.1.2.1-alpha. + - When mapping a file of length greater than SIZE_MAX, do not + silently truncate its contents. This issue could occur on 32 bit + systems with large file support and files which are larger than 4 + GB. Fixes bug 21134; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (tor-resolve): + - The tor-resolve command line tool now rejects hostnames over 255 + characters in length. Previously, it would silently truncate them, + which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. + Patch by "junglefowl". + + o Minor bugfixes (Windows services): + - Be sure to initialize the monotonic time subsystem before using + it, even when running as an NT service. Fixes bug 21356; bugfix + on 0.2.9.1-alpha. + + +Changes in version 0.3.0.2-alpha - 2017-01-23 + Tor 0.3.0.2-alpha fixes a denial-of-service bug where an attacker could + cause relays and clients to crash, even if they were not built with + the --enable-expensive-hardening option. This bug affects all 0.2.9.x + versions, and also affects 0.3.0.1-alpha: all relays running an affected + version should upgrade. + + Tor 0.3.0.2-alpha also improves how exit relays and clients handle DNS + time-to-live values, makes directory authorities enforce the 1-to-1 + mapping of relay RSA identity keys to ED25519 identity keys, fixes a + client-side onion service reachability bug, does better at selecting + the set of fallback directories, and more. + + o Major bugfixes (security, also in 0.2.9.9): + - Downgrade the "-ftrapv" option from "always on" to "only on when + --enable-expensive-hardening is provided." This hardening option, like + others, can turn survivable bugs into crashes--and having it on by + default made a (relatively harmless) integer overflow bug into a + denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); bugfix on + 0.2.9.1-alpha. + + o Major features (security): + - Change the algorithm used to decide DNS TTLs on client and server + side, to better resist DNS-based correlation attacks like the + DefecTor attack of Greschbach, Pulls, Roberts, Winter, and + Feamster. Now relays only return one of two possible DNS TTL + values, and clients are willing to believe DNS TTL values up to 3 + hours long. Closes ticket 19769. + + o Major features (directory authority, security): + - The default for AuthDirPinKeys is now 1: directory authorities + will reject relays where the RSA identity key matches a previously + seen value, but the Ed25519 key has changed. Closes ticket 18319. + + o Major bugfixes (client, guard, crash): + - In circuit_get_global_origin_list(), return the actual list of + origin circuits. The previous version of this code returned the + list of all the circuits, and could have caused strange bugs, + including possible crashes. Fixes bug 21118; bugfix + on 0.3.0.1-alpha. + + o Major bugfixes (client, onion service, also in 0.2.9.9): + - Fix a client-side onion service reachability bug, where multiple + socks requests to an onion service (or a single slow request) + could cause us to mistakenly mark some of the service's + introduction points as failed, and we cache that failure so + eventually we run out and can't reach the service. Also resolves a + mysterious "Remote server sent bogus reason code 65021" log + warning. The bug was introduced in ticket 17218, where we tried to + remember the circuit end reason as a uint16_t, which mangled + negative values. Partially fixes bug 21056 and fixes bug 20307; + bugfix on 0.2.8.1-alpha. + + o Major bugfixes (DNS): + - Fix a bug that prevented exit nodes from caching DNS records for + more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha. + + o Minor features (controller): + - Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose + shared-random values to the controller. Closes ticket 19925. + + o Minor features (entry guards): + - Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not + break regression tests. + - Require UseEntryGuards when UseBridges is set, in order to make + sure bridges aren't bypassed. Resolves ticket 20502. + + o Minor features (fallback directories): + - Select 200 fallback directories for each release. Closes + ticket 20881. + - Allow 3 fallback relays per operator, which is safe now that we + are choosing 200 fallback relays. Closes ticket 20912. + - Exclude relays affected by bug 20499 from the fallback list. + Exclude relays from the fallback list if they are running versions + known to be affected by bug 20499, or if in our tests they deliver + a stale consensus (i.e. one that expired more than 24 hours ago). + Closes ticket 20539. + - Reduce the minimum fallback bandwidth to 1 MByte/s. Part of + ticket 18828. + - Require fallback directories to have the same address and port for + 7 days (now that we have enough relays with this stability). + Relays whose OnionOO stability timer is reset on restart by bug + 18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for + this issue. Closes ticket 20880; maintains short-term fix + in 0.2.8.2-alpha. + - Require fallbacks to have flags for 90% of the time (weighted + decaying average), rather than 95%. This allows at least 73% of + clients to bootstrap in the first 5 seconds without contacting an + authority. Part of ticket 18828. + - Annotate updateFallbackDirs.py with the bandwidth and consensus + weight for each candidate fallback. Closes ticket 20878. + - Make it easier to change the output sort order of fallbacks. + Closes ticket 20822. + - Display the relay fingerprint when downloading consensuses from + fallbacks. Closes ticket 20908. + + o Minor features (geoip, also in 0.2.9.9): + - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 + Country database. + + o Minor features (next-gen onion service directories): + - Remove the "EnableOnionServicesV3" consensus parameter that we + introduced in 0.3.0.1-alpha: relays are now always willing to act + as v3 onion service directories. Resolves ticket 19899. + + o Minor features (linting): + - Enhance the changes file linter to warn on Tor versions that are + prefixed with "tor-". Closes ticket 21096. + + o Minor features (logging): + - In several places, describe unset ed25519 keys as "", + rather than the scary "AAAAAAAA...AAA". Closes ticket 21037. + + o Minor bugfix (control protocol): + - The reply to a "GETINFO config/names" request via the control + protocol now spells the type "Dependent" correctly. This is a + breaking change in the control protocol. (The field seems to be + ignored by the most common known controllers.) Fixes bug 18146; + bugfix on 0.1.1.4-alpha. + + o Minor bugfixes (bug resilience): + - Fix an unreachable size_t overflow in base64_decode(). Fixes bug + 19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by + Hans Jerry Illikainen. + + o Minor bugfixes (build): + - Replace obsolete Autoconf macros with their modern equivalent and + prevent similar issues in the future. Fixes bug 20990; bugfix + on 0.1.0.1-rc. + + o Minor bugfixes (client, guards): + - Fix bug where Tor would think that there are circuits waiting for + better guards even though those circuits have been freed. Fixes + bug 21142; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (config): + - Don't assert on startup when trying to get the options list and + LearnCircuitBuildTimeout is set to 0: we are currently parsing the + options so of course they aren't ready yet. Fixes bug 21062; + bugfix on 0.2.9.3-alpha. + + o Minor bugfixes (controller): + - Make the GETINFO interface for inquiring about entry guards + support the new guards backend. Fixes bug 20823; bugfix + on 0.3.0.1-alpha. + + o Minor bugfixes (dead code): + - Remove a redundant check for PidFile changes at runtime in + options_transition_allowed(): this check is already performed + regardless of whether the sandbox is active. Fixes bug 21123; + bugfix on 0.2.5.4-alpha. + + o Minor bugfixes (documentation): + - Update the tor manual page to document every option that can not + be changed while tor is running. Fixes bug 21122. + + o Minor bugfixes (fallback directories): + - Stop failing when a relay has no uptime data in + updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha. + - Avoid checking fallback candidates' DirPorts if they are down in + OnionOO. When a relay operator has multiple relays, this + prioritizes relays that are up over relays that are down. Fixes + bug 20926; bugfix on 0.2.8.3-alpha. + - Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py. + Fixes bug 20877; bugfix on 0.2.8.3-alpha. + + o Minor bugfixes (guards, bootstrapping): + - When connecting to a directory guard during bootstrap, do not mark + the guard as successful until we receive a good-looking directory + response from it. Fixes bug 20974; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (onion services): + - Fix the config reload pruning of old vs new services so it + actually works when both ephemeral and non-ephemeral services are + configured. Fixes bug 21054; bugfix on 0.3.0.1-alpha. + - Allow the number of introduction points to be as low as 0, rather + than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha. + + o Minor bugfixes (IPv6): + - Make IPv6-using clients try harder to find an IPv6 directory + server. Fixes bug 20999; bugfix on 0.2.8.2-alpha. + - When IPv6 addresses have not been downloaded yet (microdesc + consensus documents don't list relay IPv6 addresses), use hard- + coded addresses for authorities, fallbacks, and configured + bridges. Now IPv6-only clients can use microdescriptors. Fixes bug + 20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha. + + o Minor bugfixes (memory leaks): + - Fix a memory leak when configuring hidden services. Fixes bug + 20987; bugfix on 0.3.0.1-alpha. + + o Minor bugfixes (portability, also in 0.2.9.9): + - Avoid crashing when Tor is built using headers that contain + CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel + without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix + on 0.2.9.1-alpha. + - Fix Libevent detection on platforms without Libevent 1 headers + installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. + + o Minor bugfixes (relay): + - Honor DataDirectoryGroupReadable when tor is a relay. Previously, + initializing the keys would reset the DataDirectory to 0700 + instead of 0750 even if DataDirectoryGroupReadable was set to 1. + Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish". + + o Minor bugfixes (testing): + - Remove undefined behavior from the backtrace generator by removing + its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha. + + o Minor bugfixes (unit tests): + - Allow the unit tests to pass even when DNS lookups of bogus + addresses do not fail as expected. Fixes bug 20862 and 20863; + bugfix on unit tests introduced in 0.2.8.1-alpha + through 0.2.9.4-alpha. + + o Code simplification and refactoring: + - Refactor code to manipulate global_origin_circuit_list into + separate functions. Closes ticket 20921. + + o Documentation (formatting): + - Clean up formatting of tor.1 man page and HTML doc, where 
+      blocks were incorrectly appearing. Closes ticket 20885.
+
+  o Documentation (man page):
+    - Clarify many options in tor.1 and add some min/max values for
+      HiddenService options. Closes ticket 21058.
+
+
+Changes in version 0.2.9.9 - 2017-01-23
+  Tor 0.2.9.9 fixes a denial-of-service bug where an attacker could
+  cause relays and clients to crash, even if they were not built with
+  the --enable-expensive-hardening option. This bug affects all 0.2.9.x
+  versions, and also affects 0.3.0.1-alpha: all relays running an affected
+  version should upgrade.
+
+  This release also resolves a client-side onion service reachability
+  bug, and resolves a pair of small portability issues.
+
+  o Major bugfixes (security):
+    - Downgrade the "-ftrapv" option from "always on" to "only on when
+      --enable-expensive-hardening is provided." This hardening option,
+      like others, can turn survivable bugs into crashes -- and having
+      it on by default made a (relatively harmless) integer overflow bug
+      into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001);
+      bugfix on 0.2.9.1-alpha.
+
+  o Major bugfixes (client, onion service):
+    - Fix a client-side onion service reachability bug, where multiple
+      socks requests to an onion service (or a single slow request)
+      could cause us to mistakenly mark some of the service's
+      introduction points as failed, and we cache that failure so
+      eventually we run out and can't reach the service. Also resolves a
+      mysterious "Remote server sent bogus reason code 65021" log
+      warning. The bug was introduced in ticket 17218, where we tried to
+      remember the circuit end reason as a uint16_t, which mangled
+      negative values. Partially fixes bug 21056 and fixes bug 20307;
+      bugfix on 0.2.8.1-alpha.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (portability):
+    - Avoid crashing when Tor is built using headers that contain
+      CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel
+      without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix
+      on 0.2.9.1-alpha.
+    - Fix Libevent detection on platforms without Libevent 1 headers
+      installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha.
+
+
+Changes in version 0.3.0.1-alpha - 2016-12-19
+  Tor 0.3.0.1-alpha is the first alpha release in the 0.3.0 development
+  series. It strengthens Tor's link and circuit handshakes by
+  identifying relays by their Ed25519 keys, improves the algorithm that
+  clients use to choose and maintain their list of guards, and includes
+  additional backend support for the next-generation hidden service
+  design. It also contains numerous other small features and
+  improvements to security, correctness, and performance.
+
+  Below are the changes since 0.2.9.8.
+
+  o Major features (guard selection algorithm):
+    - Tor's guard selection algorithm has been redesigned from the
+      ground up, to better support unreliable networks and restrictive
+      sets of entry nodes, and to better resist guard-capture attacks by
+      hostile local networks. Implements proposal 271; closes
+      ticket 19877.
+
+  o Major features (next-generation hidden services):
+    - Relays can now handle v3 ESTABLISH_INTRO cells as specified by
+      prop224 aka "Next Generation Hidden Services". Service and clients
+      don't use this functionality yet. Closes ticket 19043. Based on
+      initial code by Alec Heifetz.
+    - Relays now support the HSDir version 3 protocol, so that they can
+      can store and serve v3 descriptors. This is part of the next-
+      generation onion service work detailed in proposal 224. Closes
+      ticket 17238.
+
+  o Major features (protocol, ed25519 identity keys):
+    - Relays now use Ed25519 to prove their Ed25519 identities and to
+      one another, and to clients. This algorithm is faster and more
+      secure than the RSA-based handshake we've been doing until now.
+      Implements the second big part of proposal 220; Closes
+      ticket 15055.
+    - Clients now support including Ed25519 identity keys in the EXTEND2
+      cells they generate. By default, this is controlled by a consensus
+      parameter, currently disabled. You can turn this feature on for
+      testing by setting ExtendByEd25519ID in your configuration. This
+      might make your traffic appear different than the traffic
+      generated by other users, however. Implements part of ticket
+      15056; part of proposal 220.
+    - Relays now understand requests to extend to other relays by their
+      Ed25519 identity keys. When an Ed25519 identity key is included in
+      an EXTEND2 cell, the relay will only extend the circuit if the
+      other relay can prove ownership of that identity. Implements part
+      of ticket 15056; part of proposal 220.
+
+  o Major bugfixes (scheduler):
+    - Actually compare circuit policies in ewma_cmp_cmux(). This bug
+      caused the channel scheduler to behave more or less randomly,
+      rather than preferring channels with higher-priority circuits.
+      Fixes bug 20459; bugfix on 0.2.6.2-alpha.
+
+  o Minor features (controller):
+    - When HSFETCH arguments cannot be parsed, say "Invalid argument"
+      rather than "unrecognized." Closes ticket 20389; patch from
+      Ivan Markin.
+
+  o Minor features (diagnostic, directory client):
+    - Warn when we find an unexpected inconsistency in directory
+      download status objects. Prevents some negative consequences of
+      bug 20593.
+
+  o Minor features (directory authority):
+    - Add a new authority-only AuthDirTestEd25519LinkKeys option (on by
+      default) to control whether authorities should try to probe relays
+      by their Ed25519 link keys. This option will go away in a few
+      releases--unless we encounter major trouble in our ed25519 link
+      protocol rollout, in which case it will serve as a safety option.
+
+  o Minor features (directory cache):
+    - Relays and bridges will now refuse to serve the consensus they
+      have if they know it is too old for a client to use. Closes
+      ticket 20511.
+
+  o Minor features (ed25519 link handshake):
+    - Advertise support for the ed25519 link handshake using the
+      subprotocol-versions mechanism, so that clients can tell which
+      relays can identity themselves by Ed25519 ID. Closes ticket 20552.
+
+  o Minor features (fingerprinting resistance, authentication):
+    - Extend the length of RSA keys used for TLS link authentication to
+      2048 bits. (These weren't used for forward secrecy; for forward
+      secrecy, we used P256.) Closes ticket 13752.
+
+  o Minor features (infrastructure):
+    - Implement smartlist_add_strdup() function. Replaces the use of
+      smartlist_add(sl, tor_strdup(str)). Closes ticket 20048.
+
+  o Minor bugfixes (client):
+    - When clients that use bridges start up with a cached consensus on
+      disk, they were ignoring it and downloading a new one. Now they
+      use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha.
+
+  o Minor bugfixes (configuration):
+    - Accept non-space whitespace characters after the severity level in
+      the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha.
+    - Support "TByte" and "TBytes" units in options given in bytes.
+      "TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already
+      supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha.
+
+  o Minor bugfixes (consensus weight):
+    - Add new consensus method that initializes bw weights to 1 instead
+      of 0. This prevents a zero weight from making it all the way to
+      the end (happens in small testing networks) and causing an error.
+      Fixes bug 14881; bugfix on 0.2.2.17-alpha.
+
+  o Minor bugfixes (descriptors):
+    - Correctly recognise downloaded full descriptors as valid, even
+      when using microdescriptors as circuits. This affects clients with
+      FetchUselessDescriptors set, and may affect directory authorities.
+      Fixes bug 20839; bugfix on 0.2.3.2-alpha.
+
+  o Minor bugfixes (directory system):
+    - Download all consensus flavors, descriptors, and authority
+      certificates when FetchUselessDescriptors is set, regardless of
+      whether tor is a directory cache or not. Fixes bug 20667; bugfix
+      on all recent tor versions.
+    - Bridges and relays now use microdescriptors (like clients do)
+      rather than old-style router descriptors. Now bridges will blend
+      in with clients in terms of the circuits they build. Fixes bug
+      6769; bugfix on 0.2.3.2-alpha.
+
+  o Minor bugfixes (ed25519 certificates):
+    - Correctly interpret ed25519 certificates that would expire some
+      time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Stop ignoring misconfigured hidden services. Instead, refuse to
+      start tor until the misconfigurations have been corrected. Fixes
+      bug 20559; bugfix on multiple commits in 0.2.7.1-alpha
+      and earlier.
+
+  o Minor bugfixes (memory leak at exit):
+    - Fix a small harmless memory leak at exit of the previously unused
+      RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix
+      on 0.2.7.2-alpha.
+
+  o Minor bugfixes (util):
+    - When finishing writing a file to disk, if we were about to replace
+      the file with the temporary file created before and we fail to
+      replace it, remove the temporary file so it doesn't stay on disk.
+      Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk.
+
+  o Minor bugfixes (Windows):
+    - Check for getpagesize before using it to mmap files. This fixes
+      compilation in some MinGW environments. Fixes bug 20530; bugfix on
+      0.1.2.1-alpha. Reported by "ice".
+
+  o Code simplification and refactoring:
+    - Abolish all global guard context in entrynodes.c; replace with new
+      guard_selection_t structure as preparation for proposal 271.
+      Closes ticket 19858.
+    - Introduce rend_service_is_ephemeral() that tells if given onion
+      service is ephemeral. Replace unclear NULL-checkings for service
+      directory with this function. Closes ticket 20526.
+    - Extract magic numbers in circuituse.c into defined variables.
+    - Refactor circuit_is_available_for_use to remove unnecessary check.
+    - Refactor circuit_predict_and_launch_new for readability and
+      testability. Closes ticket 18873.
+    - Refactor large if statement in purpose_needs_anonymity to use
+      switch statement instead. Closes part of ticket 20077.
+    - Refactor the hashing API to return negative values for errors, as
+      is done as throughout the codebase. Closes ticket 20717.
+    - Remove data structures that were used to index or_connection
+      objects by their RSA identity digests. These structures are fully
+      redundant with the similar structures used in the
+      channel abstraction.
+    - Remove duplicate code in the channel_write_*cell() functions.
+      Closes ticket 13827; patch from Pingl.
+    - Remove redundant behavior of is_sensitive_dir_purpose, refactor to
+      use only purpose_needs_anonymity. Closes part of ticket 20077.
+    - The code to generate and parse EXTEND and EXTEND2 cells has been
+      replaced with code automatically generated by the
+      "trunnel" utility.
+
+  o Documentation:
+    - Include the "TBits" unit in Tor's man page. Fixes part of bug
+      20622; bugfix on 0.2.5.1-alpha.
+    - Change '1' to 'weight_scale' in consensus bw weights calculation
+      comments, as that is reality. Closes ticket 20273. Patch
+      from pastly.
+    - Correct the value for AuthDirGuardBWGuarantee in the manpage, from
+      250 KBytes to 2 MBytes. Fixes bug 20435; bugfix
+      on 0.2.5.6-alpha.
+    - Stop the man page from incorrectly stating that HiddenServiceDir
+      must already exist. Fixes 20486.
+    - Clarify that when ClientRejectInternalAddresses is enabled (which
+      is the default), multicast DNS hostnames for machines on the local
+      network (of the form *.local) are also rejected. Closes
+      ticket 17070.
+
+  o Removed features:
+    - The AuthDirMaxServersPerAuthAddr option no longer exists: The same
+      limit for relays running on a single IP applies to authority IP
+      addresses as well as to non-authority IP addresses. Closes
+      ticket 20960.
+    - The UseDirectoryGuards torrc option no longer exists: all users
+      that use entry guards will also use directory guards. Related to
+      proposal 271; implements part of ticket 20831.
+
+  o Testing:
+    - New unit tests for tor_htonll(). Closes ticket 19563. Patch
+      from "overcaffeinated".
+    - Perform the coding style checks when running the tests and fail
+      when coding style violations are found. Closes ticket 5500.
+    - Add tests for networkstatus_compute_bw_weights_v10.
+    - Add unit tests circuit_predict_and_launch_new.
+    - Extract dummy_origin_circuit_new so it can be used by other
+      test functions.
+
+
+Changes in version 0.2.8.12 - 2016-12-19
+  Tor 0.2.8.12 backports a fix for a medium-severity issue (bug 21018
+  below) where Tor clients could crash when attempting to visit a
+  hostile hidden service. Clients are recommended to upgrade as packages
+  become available for their systems.
+
+  It also includes an updated list of fallback directories, backported
+  from 0.2.9.
+
+  Now that the Tor 0.2.9 series is stable, only major bugfixes will be
+  backported to 0.2.8 in the future.
+
+  o Major bugfixes (parsing, security, backported from 0.2.9.8):
+    - Fix a bug in parsing that could cause clients to read a single
+      byte past the end of an allocated region. This bug could be used
+      to cause hardened clients (built with --enable-expensive-hardening)
+      to crash if they tried to visit a hostile hidden service. Non-
+      hardened clients are only affected depending on the details of
+      their platform's memory allocator. Fixes bug 21018; bugfix on
+      0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
+      2016-12-002 and as CVE-2016-1254.
+
+  o Minor features (fallback directory list, backported from 0.2.9.8):
+    - Replace the 81 remaining fallbacks of the 100 originally
+      introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
+      fallbacks (123 new, 54 existing, 27 removed) generated in December
+      2016. Resolves ticket 20170.
+
+  o Minor features (geoip, backported from 0.2.9.7-rc):
+    - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.9.8 - 2016-12-19
+  Tor 0.2.9.8 is the first stable release of the Tor 0.2.9 series.
+
+  The Tor 0.2.9 series makes mandatory a number of security features
+  that were formerly optional. It includes support for a new shared-
+  randomness protocol that will form the basis for next generation
+  hidden services, includes a single-hop hidden service mode for
+  optimizing .onion services that don't actually want to be hidden,
+  tries harder not to overload the directory authorities with excessive
+  downloads, and supports a better protocol versioning scheme for
+  improved compatibility with other implementations of the Tor protocol.
+
+  And of course, there are numerous other bugfixes and improvements.
+
+  This release also includes a fix for a medium-severity issue (bug
+  21018 below) where Tor clients could crash when attempting to visit a
+  hostile hidden service. Clients are recommended to upgrade as packages
+  become available for their systems.
+
+  Below are the changes since 0.2.9.7-rc. For a list of all changes
+  since 0.2.8, see the ReleaseNotes file.
+
+  o Major bugfixes (parsing, security):
+    - Fix a bug in parsing that could cause clients to read a single
+      byte past the end of an allocated region. This bug could be used
+      to cause hardened clients (built with --enable-expensive-hardening)
+      to crash if they tried to visit a hostile hidden service. Non-
+      hardened clients are only affected depending on the details of
+      their platform's memory allocator. Fixes bug 21018; bugfix on
+      0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
+      2016-12-002 and as CVE-2016-1254.
+
+  o Minor features (fallback directory list):
+    - Replace the 81 remaining fallbacks of the 100 originally
+      introduced in Tor 0.2.8.3-alpha in March 2016, with a list of 177
+      fallbacks (123 new, 54 existing, 27 removed) generated in December
+      2016. Resolves ticket 20170.
+
+
+Changes in version 0.2.9.7-rc - 2016-12-12
+  Tor 0.2.9.7-rc fixes a few small bugs remaining in Tor 0.2.9.6-rc,
+  including a few that had prevented tests from passing on
+  some platforms.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfix (build):
+    - The current Git revision when building from a local repository is
+      now detected correctly when using git worktrees. Fixes bug 20492;
+      bugfix on 0.2.3.9-alpha.
+
+  o Minor bugfixes (directory authority):
+    - When computing old Tor protocol line version in protover, we were
+      looking at 0.2.7.5 twice instead of a specific case for
+      0.2.9.1-alpha. Fixes bug 20810; bugfix on 0.2.9.4-alpha.
+
+  o Minor bugfixes (download scheduling):
+    - Resolve a "bug" warning when considering a download schedule whose
+      delay had approached INT_MAX. Fixes 20875; bugfix on 0.2.9.5-alpha.
+
+  o Minor bugfixes (logging):
+    - Downgrade a harmless log message about the
+      pending_entry_connections list from "warn" to "info". Mitigates
+      bug 19926.
+
+  o Minor bugfixes (memory leak):
+    - Fix a small memory leak when receiving AF_UNIX connections on a
+      SocksPort. Fixes bug 20716; bugfix on 0.2.6.3-alpha.
+    - When moving a signed descriptor object from a source to an
+      existing destination, free the allocated memory inside that
+      destination object. Fixes bug 20715; bugfix on 0.2.8.3-alpha.
+
+  o Minor bugfixes (memory leak, use-after-free, linux seccomp2 sandbox):
+    - Fix a memory leak and use-after-free error when removing entries
+      from the sandbox's getaddrinfo() cache. Fixes bug 20710; bugfix on
+      0.2.5.5-alpha. Patch from "cypherpunks".
+
+  o Minor bugfixes (portability):
+    - Use the correct spelling of MAC_OS_X_VERSION_10_12 on configure.ac
+      Fixes bug 20935; bugfix on 0.2.9.6-rc.
+
+  o Minor bugfixes (unit tests):
+    - Stop expecting NetBSD unit tests to report success for ipfw. Part
+      of a fix for bug 19960; bugfix on 0.2.9.5-alpha.
+    - Fix tolerances in unit tests for monotonic time comparisons
+      between nanoseconds and microseconds. Previously, we accepted a 10
+      us difference only, which is not realistic on every platform's
+      clock_gettime(). Fixes bug 19974; bugfix on 0.2.9.1-alpha.
+    - Remove a double-free in the single onion service unit test. Stop
+      ignoring a return value. Make future changes less error-prone.
+      Fixes bug 20864; bugfix on 0.2.9.6-rc.
+
+
+Changes in version 0.2.8.11 - 2016-12-08
+  Tor 0.2.8.11 backports fixes for additional portability issues that
+  could prevent Tor from building correctly on OSX Sierra, or with
+  OpenSSL 1.1. Affected users should upgrade; others can safely stay
+  with 0.2.8.10.
+
+  o Minor bugfixes (portability):
+    - Avoid compilation errors when building on OSX Sierra. Sierra began
+      to support the getentropy() and clock_gettime() APIs, but created
+      a few problems in doing so. Tor 0.2.9 has a more thorough set of
+      workarounds; in 0.2.8, we are just using the /dev/urandom and mach
+      monotonic time interfaces. Fixes bug 20865. Bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (portability, backport from 0.2.9.5-alpha):
+    - Fix compilation with OpenSSL 1.1 and less commonly-used CPU
+      architectures. Closes ticket 20588.
+
+
+Changes in version 0.2.8.10 - 2016-12-02
+  Tor 0.2.8.10 backports a fix for a bug that would sometimes make clients
+  unusable after they left standby mode. It also backports fixes for
+  a few portability issues and a small but problematic memory leak.
+
+  o Major bugfixes (client reliability, backport from 0.2.9.5-alpha):
+    - When Tor leaves standby because of a new application request, open
+      circuits as needed to serve that request. Previously, we would
+      potentially wait a very long time. Fixes part of bug 19969; bugfix
+      on 0.2.8.1-alpha.
+
+  o Major bugfixes (client performance, backport from 0.2.9.5-alpha):
+    - Clients now respond to new application stream requests immediately
+      when they arrive, rather than waiting up to one second before
+      starting to handle them. Fixes part of bug 19969; bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (portability, backport from 0.2.9.6-rc):
+    - Work around a bug in the OSX 10.12 SDK that would prevent us from
+      successfully targeting earlier versions of OSX. Resolves
+      ticket 20235.
+
+  o Minor bugfixes (portability, backport from 0.2.9.5-alpha):
+    - Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug
+      20551; bugfix on 0.2.1.1-alpha.
+
+  o Minor bugfixes (relay, backport from 0.2.9.5-alpha):
+    - Work around a memory leak in OpenSSL 1.1 when encoding public
+      keys. Fixes bug 20553; bugfix on 0.0.2pre8.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
+      Country database.
+
+Changes in version 0.2.9.6-rc - 2016-12-02
+  Tor 0.2.9.6-rc fixes a few remaining bugs found in the previous alpha
+  version. We hope that it will be ready to become stable soon, and we
+  encourage everyone to test this release. If no showstopper bugs are
+  found here, the next 0.2.9 release will be stable.
+
+  o Major bugfixes (relay, resolver, logging):
+    - For relays that don't know their own address, avoid attempting a
+      local hostname resolve for each descriptor we download. This
+      will cut down on the number of "Success: chose address 'x.x.x.x'"
+      log lines, and also avoid confusing clock jumps if the resolver
+      is slow. Fixes bugs 20423 and 20610; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (client, fascistfirewall):
+    - Avoid spurious warnings when ReachableAddresses or FascistFirewall
+      is set. Fixes bug 20306; bugfix on 0.2.8.2-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Stop ignoring the anonymity status of saved keys for hidden
+      services and single onion services when first starting tor.
+      Instead, refuse to start tor if any hidden service key has been
+      used in a different hidden service anonymity mode. Fixes bug
+      20638; bugfix on 17178 in 0.2.9.3-alpha; reported by ahf.
+
+  o Minor bugfixes (portability):
+    - Work around a bug in the OSX 10.12 SDK that would prevent us from
+      successfully targeting earlier versions of OSX. Resolves
+      ticket 20235.
+    - Run correctly when built on Windows build environments that
+      require _vcsprintf(). Fixes bug 20560; bugfix on 0.2.2.11-alpha.
+
+  o Minor bugfixes (single onion services, Tor2web):
+    - Stop complaining about long-term one-hop circuits deliberately
+      created by single onion services and Tor2web. These log messages
+      are intended to diagnose issue 8387, which relates to circuits
+      hanging around forever for no reason. Fixes bug 20613; bugfix on
+      0.2.9.1-alpha. Reported by "pastly".
+
+  o Minor bugfixes (unit tests):
+    - Stop spurious failures in the local interface address discovery
+      unit tests. Fixes bug 20634; bugfix on 0.2.8.1-alpha; patch by
+      Neel Chauhan.
+
+  o Documentation:
+    - Correct the minimum bandwidth value in torrc.sample, and queue a
+      corresponding change for torrc.minimal. Closes ticket 20085.
+
+
+Changes in version 0.2.9.5-alpha - 2016-11-08
+  Tor 0.2.9.5-alpha fixes numerous bugs discovered in the previous alpha
+  version. We believe one or two probably remain, and we encourage
+  everyone to test this release.
+
+  o Major bugfixes (client performance):
+    - Clients now respond to new application stream requests immediately
+      when they arrive, rather than waiting up to one second before
+      starting to handle them. Fixes part of bug 19969; bugfix
+      on 0.2.8.1-alpha.
+
+  o Major bugfixes (client reliability):
+    - When Tor leaves standby because of a new application request, open
+      circuits as needed to serve that request. Previously, we would
+      potentially wait a very long time. Fixes part of bug 19969; bugfix
+      on 0.2.8.1-alpha.
+
+  o Major bugfixes (download scheduling):
+    - When using an exponential backoff schedule, do not give up on
+      downloading just because we have failed a bunch of times. Since
+      each delay is longer than the last, retrying indefinitely won't
+      hurt. Fixes bug 20536; bugfix on 0.2.9.1-alpha.
+    - If a consensus expires while we are waiting for certificates to
+      download, stop waiting for certificates.
+    - If we stop waiting for certificates less than a minute after we
+      started downloading them, do not consider the certificate download
+      failure a separate failure. Fixes bug 20533; bugfix
+      on 0.2.0.9-alpha.
+    - Remove the maximum delay on exponential-backoff scheduling. Since
+      we now allow an infinite number of failures (see ticket 20536), we
+      must now allow the time to grow longer on each failure. Fixes part
+      of bug 20534; bugfix on 0.2.9.1-alpha.
+    - Make our initial download delays closer to those from 0.2.8. Fixes
+      another part of bug 20534; bugfix on 0.2.9.1-alpha.
+    - When determining when to download a directory object, handle times
+      after 2038 if the operating system supports them. (Someday this
+      will be important!) Fixes bug 20587; bugfix on 0.2.8.1-alpha.
+    - When using exponential backoff in test networks, use a lower
+      exponent, so the delays do not vary as much. This helps test
+      networks bootstrap consistently. Fixes bug 20597; bugfix on 20499.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (client directory scheduling):
+    - Treat "relay too busy to answer request" as a failed request and a
+      reason to back off on our retry frequency. This is safe now that
+      exponential backoffs retry indefinitely, and avoids a bug where we
+      would reset our download schedule erroneously. Fixes bug 20593;
+      bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (client, logging):
+    - Remove a BUG warning in circuit_pick_extend_handshake(). Instead,
+      assume all nodes support EXTEND2. Use ntor whenever a key is
+      available. Fixes bug 20472; bugfix on 0.2.9.3-alpha.
+    - On DNSPort, stop logging a BUG warning on a failed hostname
+      lookup. Fixes bug 19869; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (hidden services):
+    - When configuring hidden services, check every hidden service
+      directory's permissions. Previously, we only checked the last
+      hidden service. Fixes bug 20529; bugfix the work to fix 13942
+      in 0.2.6.2-alpha.
+
+  o Minor bugfixes (portability):
+    - Fix compilation with OpenSSL 1.1 and less commonly-used CPU
+      architectures. Closes ticket 20588.
+    - Use ECDHE ciphers instead of ECDH in tortls tests. LibreSSL has
+      removed the ECDH ciphers which caused the tests to fail on
+      platforms which use it. Fixes bug 20460; bugfix on 0.2.8.1-alpha.
+    - Fix implicit conversion warnings under OpenSSL 1.1. Fixes bug
+      20551; bugfix on 0.2.1.1-alpha.
+
+  o Minor bugfixes (relay bootstrap):
+    - Ensure relays don't make multiple connections during bootstrap.
+      Fixes bug 20591; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Work around a memory leak in OpenSSL 1.1 when encoding public
+      keys. Fixes bug 20553; bugfix on 0.0.2pre8.
+    - Avoid a small memory leak when informing worker threads about
+      rotated onion keys. Fixes bug 20401; bugfix on 0.2.6.3-alpha.
+    - Do not try to parallelize workers more than 16x without the user
+      explicitly configuring us to do so, even if we do detect more than
+      16 CPU cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (single onion services):
+    - Start correctly when creating a single onion service in a
+      directory that did not previously exist. Fixes bug 20484; bugfix
+      on 0.2.9.3-alpha.
+
+  o Minor bugfixes (testing):
+    - Avoid a unit test failure on systems with over 16 detectable CPU
+      cores. Fixes bug 19968; bugfix on 0.2.3.1-alpha.
+
+  o Documentation:
+    - Clarify that setting HiddenServiceNonAnonymousMode requires you to
+      also set "SOCKSPort 0". Fixes bug 20487; bugfix on 0.2.9.3-alpha.
+    - Module-level documentation for several more modules. Closes
+      tickets 19287 and 19290.
+
+
+Changes in version 0.2.8.9 - 2016-10-17
+  Tor 0.2.8.9 backports a fix for a security hole in previous versions
+  of Tor that would allow a remote attacker to crash a Tor client,
+  hidden service, relay, or authority. All Tor users should upgrade to
+  this version, or to 0.2.9.4-alpha. Patches will be released for older
+  versions of Tor.
+
+  o Major features (security fixes, also in 0.2.9.4-alpha):
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.9.4-alpha - 2016-10-17
+  Tor 0.2.9.4-alpha fixes a security hole in previous versions of Tor
+  that would allow a remote attacker to crash a Tor client, hidden
+  service, relay, or authority. All Tor users should upgrade to this
+  version, or to 0.2.8.9. Patches will be released for older versions
+  of Tor.
+
+  Tor 0.2.9.4-alpha also adds numerous small features and fix-ups to
+  previous versions of Tor, including the implementation of a feature to
+  future- proof the Tor ecosystem against protocol changes, some bug
+  fixes necessary for Tor Browser to use unix domain sockets correctly,
+  and several portability improvements. We anticipate that this will be
+  the last alpha in the Tor 0.2.9 series, and that the next release will
+  be a release candidate.
+
+  o Major features (security fixes):
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+
+  o Major features (subprotocol versions):
+    - Tor directory authorities now vote on a set of recommended
+      subprotocol versions, and on a set of required subprotocol
+      versions. Clients and relays that lack support for a _required_
+      subprotocol version will not start; those that lack support for a
+      _recommended_ subprotocol version will warn the user to upgrade.
+      Closes ticket 19958; implements part of proposal 264.
+    - Tor now uses "subprotocol versions" to indicate compatibility.
+      Previously, versions of Tor looked at the declared Tor version of
+      a relay to tell whether they could use a given feature. Now, they
+      should be able to rely on its declared subprotocol versions. This
+      change allows compatible implementations of the Tor protocol(s) to
+      exist without pretending to be 100% bug-compatible with particular
+      releases of Tor itself. Closes ticket 19958; implements part of
+      proposal 264.
+
+  o Minor feature (fallback directories):
+    - Remove broken fallbacks from the hard-coded fallback directory
+      list. Closes ticket 20190; patch by teor.
+
+  o Minor features (client, directory):
+    - Since authorities now omit all routers that lack the Running and
+      Valid flags, we assume that any relay listed in the consensus must
+      have those flags. Closes ticket 20001; implements part of
+      proposal 272.
+
+  o Minor features (compilation, portability):
+    - Compile correctly on MacOS 10.12 (aka "Sierra"). Closes
+      ticket 20241.
+
+  o Minor features (development tools, etags):
+    - Teach the "make tags" Makefile target how to correctly find
+      "MOCK_IMPL" function definitions. Patch from nherring; closes
+      ticket 16869.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (unix domain sockets):
+    - When configuring a unix domain socket for a SocksPort,
+      ControlPort, or Hidden service, you can now wrap the address in
+      quotes, using C-style escapes inside the quotes. This allows unix
+      domain socket paths to contain spaces.
+
+  o Minor features (virtual addresses):
+    - Increase the maximum number of bits for the IPv6 virtual network
+      prefix from 16 to 104. In this way, the condition for address
+      allocation is less restrictive. Closes ticket 20151; feature
+      on 0.2.4.7-alpha.
+
+  o Minor bugfixes (address discovery):
+    - Stop reordering IP addresses returned by the OS. This makes it
+      more likely that Tor will guess the same relay IP address every
+      time. Fixes issue 20163; bugfix on 0.2.7.1-alpha, ticket 17027.
+      Reported by René Mayrhofer, patch by "cypherpunks".
+
+  o Minor bugfixes (client, unix domain sockets):
+    - Disable IsolateClientAddr when using AF_UNIX backed SocksPorts as
+      the client address is meaningless. Fixes bug 20261; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor bugfixes (compilation, OpenBSD):
+    - Detect Libevent2 functions correctly on systems that provide
+      libevent2, but where libevent1 is linked with -levent. Fixes bug
+      19904; bugfix on 0.2.2.24-alpha. Patch from Rubiate.
+
+  o Minor bugfixes (configuration):
+    - When parsing quoted configuration values from the torrc file,
+      handle windows line endings correctly. Fixes bug 19167; bugfix on
+      0.2.0.16-alpha. Patch from "Pingl".
+
+  o Minor bugfixes (getpass):
+    - Defensively fix a non-triggerable heap corruption at do_getpass()
+      to protect ourselves from mistakes in the future. Fixes bug
+      19223; bugfix on 0.2.7.3-rc. Bug found by Guido Vranken, patch
+      by nherring.
+
+  o Minor bugfixes (hidden service):
+    - Allow hidden services to run on IPv6 addresses even when the
+      IPv6Exit option is not set. Fixes bug 18357; bugfix
+      on 0.2.4.7-alpha.
+
+  o Documentation:
+    - Add module-level internal documentation for 36 C files that
+      previously didn't have a high-level overview. Closes ticket #20385.
+
+  o Required libraries:
+    - When building with OpenSSL, Tor now requires version 1.0.1 or
+      later. OpenSSL 1.0.0 and earlier are no longer supported by the
+      OpenSSL team, and should not be used. Closes ticket 20303.
+
+
+Changes in version 0.2.9.3-alpha - 2016-09-23
+  Tor 0.2.9.3-alpha adds improved support for entities that want to make
+  high-performance services available through the Tor .onion mechanism
+  without themselves receiving anonymity as they host those services. It
+  also tries harder to ensure that all steps on a circuit are using the
+  strongest crypto possible, strengthens some TLS properties, and
+  resolves several bugs -- including a pair of crash bugs from the 0.2.8
+  series. Anybody running an earlier version of 0.2.9.x should upgrade.
+
+  o Major bugfixes (crash, also in 0.2.8.8):
+    - Fix a complicated crash bug that could affect Tor clients
+      configured to use bridges when replacing a networkstatus consensus
+      in which one of their bridges was mentioned. OpenBSD users saw
+      more crashes here, but all platforms were potentially affected.
+      Fixes bug 20103; bugfix on 0.2.8.2-alpha.
+
+  o Major bugfixes (relay, OOM handler, also in 0.2.8.8):
+    - Fix a timing-dependent assertion failure that could occur when we
+      tried to flush from a circuit after having freed its cells because
+      of an out-of-memory condition. Fixes bug 20203; bugfix on
+      0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing
+      this one.
+
+  o Major features (circuit building, security):
+    - Authorities, relays and clients now require ntor keys in all
+      descriptors, for all hops (except for rare hidden service protocol
+      cases), for all circuits, and for all other roles. Part of
+      ticket 19163.
+    - Tor authorities, relays, and clients only use ntor, except for
+      rare cases in the hidden service protocol. Part of ticket 19163.
+
+  o Major features (single-hop "hidden" services):
+    - Add experimental HiddenServiceSingleHopMode and
+      HiddenServiceNonAnonymousMode options. When both are set to 1,
+      every hidden service on a Tor instance becomes a non-anonymous
+      Single Onion Service. Single Onions make one-hop (direct)
+      connections to their introduction and rendezvous points. One-hop
+      circuits make Single Onion servers easily locatable, but clients
+      remain location-anonymous. This is compatible with the existing
+      hidden service implementation, and works on the current tor
+      network without any changes to older relays or clients. Implements
+      proposal 260, completes ticket 17178. Patch by teor and asn.
+
+  o Major features (resource management):
+    - Tor can now notice it is about to run out of sockets, and
+      preemptively close connections of lower priority. (This feature is
+      off by default for now, since the current prioritizing method is
+      yet not mature enough. You can enable it by setting
+      "DisableOOSCheck 0", but watch out: it might close some sockets
+      you would rather have it keep.) Closes ticket 18640.
+
+  o Major bugfixes (circuit building):
+    - Hidden service client-to-intro-point and service-to-rendezvous-
+      point circuits use the TAP key supplied by the protocol, to avoid
+      epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.
+
+  o Major bugfixes (compilation, OpenBSD):
+    - Fix a Libevent-detection bug in our autoconf script that would
+      prevent Tor from linking successfully on OpenBSD. Patch from
+      rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha.
+
+  o Major bugfixes (hidden services):
+    - Clients now require hidden services to include the TAP keys for
+      their intro points in the hidden service descriptor. This prevents
+      an inadvertent upgrade to ntor, which a malicious hidden service
+      could use to distinguish clients by consensus version. Fixes bug
+      20012; bugfix on 0.2.4.8-alpha. Patch by teor.
+
+  o Minor features (security, TLS):
+    - Servers no longer support clients that without AES ciphersuites.
+      (3DES is no longer considered an acceptable cipher.) We believe
+      that no such Tor clients currently exist, since Tor has required
+      OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
+
+  o Minor feature (fallback directories):
+    - Remove 8 fallbacks that are no longer suitable, leaving 81 of the
+      100 fallbacks originally introduced in Tor 0.2.8.2-alpha in March
+      2016. Closes ticket 20190; patch by teor.
+
+  o Minor features (geoip, also in 0.2.8.8):
+    - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor feature (port flags):
+    - Add new flags to the *Port options to finer control over which
+      requests are allowed. The flags are NoDNSRequest, NoOnionTraffic,
+      and the synthetic flag OnionTrafficOnly, which is equivalent to
+      NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement
+      18693; patch by "teor".
+
+  o Minor features (directory authority):
+    - After voting, if the authorities decide that a relay is not
+      "Valid", they no longer include it in the consensus at all. Closes
+      ticket 20002; implements part of proposal 272.
+
+  o Minor features (testing):
+    - Disable memory protections on OpenBSD when performing our unit
+      tests for memwipe(). The test deliberately invokes undefined
+      behavior, and the OpenBSD protections interfere with this. Patch
+      from "rubiate". Closes ticket 20066.
+
+  o Minor features (testing, ipv6):
+    - Add the single-onion and single-onion-ipv6 chutney targets to
+      "make test-network-all". This requires a recent chutney version
+      with the single onion network flavours (git c72a652 or later).
+      Closes ticket 20072; patch by teor.
+    - Add the hs-ipv6 chutney target to make test-network-all's IPv6
+      tests. Remove bridges+hs, as it's somewhat redundant. This
+      requires a recent chutney version that supports IPv6 clients,
+      relays, and authorities. Closes ticket 20069; patch by teor.
+
+  o Minor features (Tor2web):
+    - Make Tor2web clients respect ReachableAddresses. This feature was
+      inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on
+      0.2.8.7. Implements feature 20034. Patch by teor.
+
+  o Minor features (unit tests):
+    - We've done significant work to make the unit tests run faster.
+    - Our link-handshake unit tests now check that when invalid
+      handshakes fail, they fail with the error messages we expected.
+    - Our unit testing code that captures log messages no longer
+      prevents them from being written out if the user asked for them
+      (by passing --debug or --info or or --notice --warn to the "test"
+      binary). This change prevents us from missing unexpected log
+      messages simply because we were looking for others. Related to
+      ticket 19999.
+    - The unit tests now log all warning messages with the "BUG" flag.
+      Previously, they only logged errors by default. This change will
+      help us make our testing code more correct, and make sure that we
+      only hit this code when we mean to. In the meantime, however,
+      there will be more warnings in the unit test logs than before.
+      This is preparatory work for ticket 19999.
+    - The unit tests now treat any failure of a "tor_assert_nonfatal()"
+      assertion as a test failure.
+
+  o Minor bug fixes (circuits):
+    - Use the CircuitBuildTimeout option whenever
+      LearnCircuitBuildTimeout is disabled. Previously, we would respect
+      the option when a user disabled it, but not when it was disabled
+      because some other option was set. Fixes bug 20073; bugfix on
+      0.2.4.12-alpha. Patch by teor.
+
+  o Minor bugfixes (allocation):
+    - Change how we allocate memory for large chunks on buffers, to
+      avoid a (currently impossible) integer overflow, and to waste less
+      space when allocating unusually large chunks. Fixes bug 20081;
+      bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken.
+    - Always include orconfig.h before including any other C headers.
+      Sometimes, it includes macros that affect the behavior of the
+      standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the
+      first version to use AC_USE_SYSTEM_EXTENSIONS).
+    - Fix a syntax error in the IF_BUG_ONCE__() macro in non-GCC-
+      compatible compilers. Fixes bug 20141; bugfix on 0.2.9.1-alpha.
+      Patch from Gisle Vanem.
+    - Stop trying to build with Clang 4.0's -Wthread-safety warnings.
+      They apparently require a set of annotations that we aren't
+      currently using, and they create false positives in our pthreads
+      wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (directory authority):
+    - Die with a more useful error when the operator forgets to place
+      the authority_signing_key file into the keys directory. This
+      avoids an uninformative assert & traceback about having an invalid
+      key. Fixes bug 20065; bugfix on 0.2.0.1-alpha.
+    - When allowing private addresses, mark Exits that only exit to
+      private locations as such. Fixes bug 20064; bugfix
+      on 0.2.2.9-alpha.
+
+  o Minor bugfixes (documentation):
+    - Document the default PathsNeededToBuildCircuits value that's used
+      by clients when the directory authorities don't set
+      min_paths_for_circs_pct. Fixes bug 20117; bugfix on 02c320916e02
+      in 0.2.4.10-alpha. Patch by teor, reported by Jesse V.
+    - Fix manual for the User option: it takes a username, not a UID.
+      Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have
+      a manpage!).
+
+  o Minor bugfixes (hidden services):
+    - Stop logging intro point details to the client log on certain
+      error conditions. Fixed as part of bug 20012; bugfix on
+      0.2.4.8-alpha. Patch by teor.
+
+  o Minor bugfixes (IPv6, testing):
+    - Check for IPv6 correctly on Linux when running test networks.
+      Fixes bug 19905; bugfix on 0.2.7.3-rc; patch by teor.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Add permission to run the sched_yield() and sigaltstack() system
+      calls, in order to support versions of Tor compiled with asan or
+      ubsan code that use these calls. Now "sandbox 1" and
+      "--enable-expensive-hardening" should be compatible on more
+      systems. Fixes bug 20063; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (logging):
+    - When logging a message from the BUG() macro, be explicit about
+      what we were asserting. Previously we were confusing what we were
+      asserting with what the bug was. Fixes bug 20093; bugfix
+      on 0.2.9.1-alpha.
+    - When we are unable to remove the bw_accounting file, do not warn
+      if the reason we couldn't remove it was that it didn't exist.
+      Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from 'pastly'.
+
+  o Minor bugfixes (option parsing):
+    - Count unix sockets when counting client listeners (SOCKS, Trans,
+      NATD, and DNS). This has no user-visible behaviour changes: these
+      options are set once, and never read. Required for correct
+      behaviour in ticket 17178. Fixes bug 19677; bugfix on
+      0.2.6.3-alpha. Patch by teor.
+
+  o Minor bugfixes (options):
+    - Check the consistency of UseEntryGuards and EntryNodes more
+      reliably. Fixes bug 20074; bugfix on 0.2.4.12-alpha. Patch
+      by teor.
+    - Stop changing the configured value of UseEntryGuards on
+      authorities and Tor2web clients. Fixes bug 20074; bugfix on
+      commits 51fc6799 in 0.1.1.16-rc and acda1735 in 0.2.4.3-alpha.
+      Patch by teor.
+
+  o Minor bugfixes (Tor2web):
+    - Prevent Tor2web clients running hidden services, these services
+      are not anonymous due to the one-hop client paths. Fixes bug
+      19678. Patch by teor.
+
+  o Minor bugfixes (unit tests):
+    - Fix a shared-random unit test that was failing on big endian
+      architectures due to internal representation of a integer copied
+      to a buffer. The test is changed to take a full 32 bytes of data
+      and use the output of a python script that make the COMMIT and
+      REVEAL calculation according to the spec. Fixes bug 19977; bugfix
+      on 0.2.9.1-alpha.
+    - The tor_tls_server_info_callback unit test no longer crashes when
+      debug-level logging is turned on. Fixes bug 20041; bugfix
+      on 0.2.8.1-alpha.
+
+
+Changes in version 0.2.8.8 - 2016-09-23
+  Tor 0.2.8.8 fixes two crash bugs present in previous versions of the
+  0.2.8.x series. Relays running 0.2.8.x should upgrade, as should users
+  who select public relays as their bridges.
+
+  o Major bugfixes (crash):
+    - Fix a complicated crash bug that could affect Tor clients
+      configured to use bridges when replacing a networkstatus consensus
+      in which one of their bridges was mentioned. OpenBSD users saw
+      more crashes here, but all platforms were potentially affected.
+      Fixes bug 20103; bugfix on 0.2.8.2-alpha.
+
+  o Major bugfixes (relay, OOM handler):
+    - Fix a timing-dependent assertion failure that could occur when we
+      tried to flush from a circuit after having freed its cells because
+      of an out-of-memory condition. Fixes bug 20203; bugfix on
+      0.2.8.1-alpha. Thanks to "cypherpunks" for help diagnosing
+      this one.
+
+  o Minor feature (fallback directories):
+    - Remove 8 fallbacks that are no longer suitable, leaving 81 of the
+      100 fallbacks originally introduced in Tor 0.2.8.2-alpha in March
+      2016. Closes ticket 20190; patch by teor.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the September 6 2016 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.9.2-alpha - 2016-08-24
+  Tor 0.2.9.2-alpha continues development of the 0.2.9 series with
+  several new features and bugfixes. It also includes an important
+  authority update and an important bugfix from 0.2.8.7. Everyone who
+  sets the ReachableAddresses option, and all bridges, are strongly
+  encouraged to upgrade to 0.2.8.7, or to 0.2.9.2-alpha.
+
+  o Directory authority changes (also in 0.2.8.7):
+    - The "Tonga" bridge authority has been retired; the new bridge
+      authority is "Bifroest". Closes tickets 19728 and 19690.
+
+  o Major bugfixes (client, security, also in 0.2.8.7):
+    - Only use the ReachableAddresses option to restrict the first hop
+      in a path. In earlier versions of 0.2.8.x, it would apply to
+      every hop in the path, with a possible degradation in anonymity
+      for anyone using an uncommon ReachableAddress setting. Fixes bug
+      19973; bugfix on 0.2.8.2-alpha.
+
+  o Major features (user interface):
+    - Tor now supports the ability to declare options deprecated, so
+      that we can recommend that people stop using them. Previously,
+      this was done in an ad-hoc way. Closes ticket 19820.
+
+  o Major bugfixes (directory downloads):
+    - Avoid resetting download status for consensuses hourly, since we
+      already have another, smarter retry mechanism. Fixes bug 8625;
+      bugfix on 0.2.0.9-alpha.
+
+  o Minor features (config):
+    - Warn users when descriptor and port addresses are inconsistent.
+      Mitigates bug 13953; patch by teor.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (user interface):
+    - There is a new --list-deprecated-options command-line option to
+      list all of the deprecated options. Implemented as part of
+      ticket 19820.
+
+  o Minor bugfixes (code style):
+    - Fix an integer signedness conversion issue in the case conversion
+      tables. Fixes bug 19168; bugfix on 0.2.1.11-alpha.
+
+  o Minor bugfixes (compilation):
+    - Build correctly on versions of libevent2 without support for
+      evutil_secure_rng_add_bytes(). Fixes bug 19904; bugfix
+      on 0.2.5.4-alpha.
+    - Fix a compilation warning on GCC versions before 4.6. Our
+      ENABLE_GCC_WARNING macro used the word "warning" as an argument,
+      when it is also required as an argument to the compiler pragma.
+      Fixes bug 19901; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (compilation, also in 0.2.8.7):
+    - Remove an inappropriate "inline" in tortls.c that was causing
+      warnings on older versions of GCC. Fixes bug 19903; bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (fallback directories, also in 0.2.8.7):
+    - Avoid logging a NULL string pointer when loading fallback
+      directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha
+      and 0.2.8.1-alpha. Report and patch by "rubiate".
+
+  o Minor bugfixes (logging):
+    - Log a more accurate message when we fail to dump a microdescriptor.
+      Fixes bug 17758; bugfix on 0.2.2.8-alpha. Patch from Daniel Pinto.
+
+  o Minor bugfixes (memory leak):
+    - Fix a series of slow memory leaks related to parsing torrc files
+      and options. Fixes bug 19466; bugfix on 0.2.1.6-alpha.
+
+  o Deprecated features:
+    - A number of DNS-cache-related sub-options for client ports are now
+      deprecated for security reasons, and may be removed in a future
+      version of Tor. (We believe that client-side DNS caching is a bad
+      idea for anonymity, and you should not turn it on.) The options
+      are: CacheDNS, CacheIPv4DNS, CacheIPv6DNS, UseDNSCache,
+      UseIPv4Cache, and UseIPv6Cache.
+    - A number of options are deprecated for security reasons, and may
+      be removed in a future version of Tor. The options are:
+      AllowDotExit, AllowInvalidNodes, AllowSingleHopCircuits,
+      AllowSingleHopExits, ClientDNSRejectInternalAddresses,
+      CloseHSClientCircuitsImmediatelyOnTimeout,
+      CloseHSServiceRendCircuitsImmediatelyOnTimeout,
+      ExcludeSingleHopRelays, FastFirstHopPK, TLSECGroup,
+      UseNTorHandshake, and WarnUnsafeSocks.
+    - The *ListenAddress options are now deprecated as unnecessary: the
+      corresponding *Port options should be used instead. These options
+      may someday be removed. The affected options are:
+      ControlListenAddress, DNSListenAddress, DirListenAddress,
+      NATDListenAddress, ORListenAddress, SocksListenAddress,
+      and TransListenAddress.
+
+  o Documentation:
+    - Correct the IPv6 syntax in our documentation for the
+      VirtualAddrNetworkIPv6 torrc option. Closes ticket 19743.
+
+  o Removed code:
+    - We no longer include the (dead, deprecated) bufferevent code in
+      Tor. Closes ticket 19450. Based on a patch from U+039b.
+
+
+Changes in version 0.2.8.7 - 2016-08-24
+  Tor 0.2.8.7 fixes an important bug related to the ReachableAddresses
+  option in 0.2.8.6, and replaces a retiring bridge authority. Everyone
+  who sets the ReachableAddresses option, and all bridges, are strongly
+  encouraged to upgrade.
+
+  o Directory authority changes:
+    - The "Tonga" bridge authority has been retired; the new bridge
+      authority is "Bifroest". Closes tickets 19728 and 19690.
+
+  o Major bugfixes (client, security):
+    - Only use the ReachableAddresses option to restrict the first hop
+      in a path. In earlier versions of 0.2.8.x, it would apply to
+      every hop in the path, with a possible degradation in anonymity
+      for anyone using an uncommon ReachableAddress setting. Fixes bug
+      19973; bugfix on 0.2.8.2-alpha.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - Remove an inappropriate "inline" in tortls.c that was causing
+      warnings on older versions of GCC. Fixes bug 19903; bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (fallback directories):
+    - Avoid logging a NULL string pointer when loading fallback
+      directory information. Fixes bug 19947; bugfix on 0.2.4.7-alpha
+      and 0.2.8.1-alpha. Report and patch by "rubiate".
+
+
+Changes in version 0.2.9.1-alpha - 2016-08-08
+  Tor 0.2.9.1-alpha is the first alpha release in the 0.2.9 development
+  series. It improves our support for hardened builds and compiler
+  warnings, deploys some critical infrastructure for improvements to
+  hidden services, includes a new timing backend that we hope to use for
+  better support for traffic padding, makes it easier for programmers to
+  log unexpected events, and contains other small improvements to
+  security, correctness, and performance.
+
+  Below are the changes since 0.2.8.6.
+
+  o New system requirements:
+    - Tor now requires Libevent version 2.0.10-stable or later. Older
+      versions of Libevent have less efficient backends for several
+      platforms, and lack the DNS code that we use for our server-side
+      DNS support. This implements ticket 19554.
+    - Tor now requires zlib version 1.2 or later, for security,
+      efficiency, and (eventually) gzip support. (Back when we started,
+      zlib 1.1 and zlib 1.0 were still found in the wild. 1.2 was
+      released in 2003. We recommend the latest version.)
+
+  o Major features (build, hardening):
+    - Tor now builds with -ftrapv by default on compilers that support
+      it. This option detects signed integer overflow (which C forbids),
+      and turns it into a hard-failure. We do not apply this option to
+      code that needs to run in constant time to avoid side-channels;
+      instead, we use -fwrapv in that code. Closes ticket 17983.
+    - When --enable-expensive-hardening is selected, stop applying the
+      clang/gcc sanitizers to code that needs to run in constant time.
+      Although we are aware of no introduced side-channels, we are not
+      able to prove that there are none. Related to ticket 17983.
+
+  o Major features (compilation):
+    - Our big list of extra GCC warnings is now enabled by default when
+      building with GCC (or with anything like Clang that claims to be
+      GCC-compatible). To make all warnings into fatal compilation
+      errors, pass --enable-fatal-warnings to configure. Closes
+      ticket 19044.
+    - Use the Autoconf macro AC_USE_SYSTEM_EXTENSIONS to automatically
+      turn on C and POSIX extensions. (Previously, we attempted to do
+      this on an ad hoc basis.) Closes ticket 19139.
+
+  o Major features (directory authorities, hidden services):
+    - Directory authorities can now perform the shared randomness
+      protocol specified by proposal 250. Using this protocol, directory
+      authorities generate a global fresh random value every day. In the
+      future, this value will be used by hidden services to select
+      HSDirs. This release implements the directory authority feature;
+      the hidden service side will be implemented in the future as part
+      of proposal 224. Resolves ticket 16943; implements proposal 250.
+
+  o Major features (downloading, random exponential backoff):
+    - When we fail to download an object from a directory service, wait
+      for an (exponentially increasing) randomized amount of time before
+      retrying, rather than a fixed interval as we did before. This
+      prevents a group of Tor instances from becoming too synchronized,
+      or a single Tor instance from becoming too predictable, in its
+      download schedule. Closes ticket 15942.
+
+  o Major bugfixes (exit policies):
+    - Avoid disclosing exit outbound bind addresses, configured port
+      bind addresses, and local interface addresses in relay descriptors
+      by default under ExitPolicyRejectPrivate. Instead, only reject
+      these (otherwise unlisted) addresses if
+      ExitPolicyRejectLocalInterfaces is set. Fixes bug 18456; bugfix on
+      0.2.7.2-alpha. Patch by teor.
+
+  o Major bugfixes (hidden service client):
+    - Allow Tor clients with appropriate controllers to work with
+      FetchHidServDescriptors set to 0. Previously, this option also
+      disabled descriptor cache lookup, thus breaking hidden services
+      entirely. Fixes bug 18704; bugfix on 0.2.0.20-rc. Patch by "twim".
+
+  o Minor features (build, hardening):
+    - Detect and work around a libclang_rt problem that would prevent
+      clang from finding __mulodi4() on some 32-bit platforms, and thus
+      keep -ftrapv from linking on those systems. Closes ticket 19079.
+    - When building on a system without runtime support for the runtime
+      hardening options, try to log a useful warning at configuration
+      time, rather than an incomprehensible warning at link time. If
+      expensive hardening was requested, this warning becomes an error.
+      Closes ticket 18895.
+
+  o Minor features (code safety):
+    - In our integer-parsing functions, ensure that maxiumum value we
+      give is no smaller than the minimum value. Closes ticket 19063;
+      patch from U+039b.
+
+  o Minor features (controller):
+    - Implement new GETINFO queries for all downloads that use
+      download_status_t to schedule retries. This allows controllers to
+      examine the schedule for pending downloads. Closes ticket 19323.
+    - Allow controllers to configure basic client authorization on
+      hidden services when they create them with the ADD_ONION control
+      command. Implements ticket 15588. Patch by "special".
+    - Fire a STATUS_SERVER controller event whenever the hibernation
+      status changes between "awake"/"soft"/"hard". Closes ticket 18685.
+
+  o Minor features (directory authority):
+    - Directory authorities now only give the Guard flag to a relay if
+      they are also giving it the Stable flag. This change allows us to
+      simplify path selection for clients. It should have minimal effect
+      in practice, since >99% of Guards already have the Stable flag.
+      Implements ticket 18624.
+    - Directory authorities now write their v3-status-votes file out to
+      disk earlier in the consensus process, so we have a record of the
+      votes even if we abort the consensus process. Resolves
+      ticket 19036.
+
+  o Minor features (hidden service):
+    - Stop being so strict about the payload length of "rendezvous1"
+      cells. We used to be locked in to the "TAP" handshake length, and
+      now we can handle better handshakes like "ntor". Resolves
+      ticket 18998.
+
+  o Minor features (infrastructure, time):
+    - Tor now uses the operating system's monotonic timers (where
+      available) for internal fine-grained timing. Previously we would
+      look at the system clock, and then attempt to compensate for the
+      clock running backwards. Closes ticket 18908.
+    - Tor now includes an improved timer backend, so that we can
+      efficiently support tens or hundreds of thousands of concurrent
+      timers, as will be needed for some of our planned anti-traffic-
+      analysis work. This code is based on William Ahern's "timeout.c"
+      project, which implements a "tickless hierarchical timing wheel".
+      Closes ticket 18365.
+
+  o Minor features (logging):
+    - Provide a more useful warning message when configured with an
+      invalid Nickname. Closes ticket 18300; patch from "icanhasaccount".
+    - When dumping unparseable router descriptors, optionally store them
+      in separate files, named by digest, up to a configurable size
+      limit. You can change the size limit by setting the
+      MaxUnparseableDescSizeToLog option, and disable this feature by
+      setting that option to 0. Closes ticket 18322.
+    - Add a set of macros to check nonfatal assertions, for internal
+      use. Migrating more of our checks to these should help us avoid
+      needless crash bugs. Closes ticket 18613.
+
+  o Minor features (performance):
+    - Change the "optimistic data" extension from "off by default" to
+      "on by default". The default was ordinarily overridden by a
+      consensus option, but when clients were bootstrapping for the
+      first time, they would not have a consensus to get the option
+      from. Changing this default saves a round-trip during startup.
+      Closes ticket 18815.
+
+  o Minor features (relay, usability):
+    - When the directory authorities refuse a bad relay's descriptor,
+      encourage the relay operator to contact us. Many relay operators
+      won't notice this line in their logs, but it's a win if even a few
+      learn why we don't like what their relay was doing. Resolves
+      ticket 18760.
+
+  o Minor features (testing):
+    - Let backtrace tests work correctly under AddressSanitizer. Fixes
+      part of bug 18934; bugfix on 0.2.5.2-alpha.
+    - Move the test-network.sh script to chutney, and modify tor's test-
+      network.sh to call the (newer) chutney version when available.
+      Resolves ticket 19116. Patch by teor.
+    - Use the lcov convention for marking lines as unreachable, so that
+      we don't count them when we're generating test coverage data.
+      Update our coverage tools to understand this convention. Closes
+      ticket 16792.
+
+  o Minor bugfixes (bootstrap):
+    - Remember the directory we fetched the consensus or previous
+      certificates from, and use it to fetch future authority
+      certificates. This change improves bootstrapping performance.
+      Fixes bug 18963; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (build):
+    - The test-stem and test-network makefile targets now depend only on
+      the tor binary that they are testing. Previously, they depended on
+      "make all". Fixes bug 18240; bugfix on 0.2.8.2-alpha. Based on a
+      patch from "cypherpunks".
+
+  o Minor bugfixes (circuits):
+    - Make sure extend_info_from_router() is only called on servers.
+      Fixes bug 19639; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (compilation):
+    - When building with Clang, use a full set of GCC warnings.
+      (Previously, we included only a subset, because of the way we
+      detected them.) Fixes bug 19216; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (directory authority):
+    - Authorities now sort the "package" lines in their votes, for ease
+      of debugging. (They are already sorted in consensus documents.)
+      Fixes bug 18840; bugfix on 0.2.6.3-alpha.
+    - When parsing a detached signature, make sure we use the length of
+      the digest algorithm instead of an hardcoded DIGEST256_LEN in
+      order to avoid comparing bytes out-of-bounds with a smaller digest
+      length such as SHA1. Fixes bug 19066; bugfix on 0.2.2.6-alpha.
+
+  o Minor bugfixes (documentation):
+    - Document the --passphrase-fd option in the tor manpage. Fixes bug
+      19504; bugfix on 0.2.7.3-rc.
+    - Fix the description of the --passphrase-fd option in the
+      tor-gencert manpage. The option is used to pass the number of a
+      file descriptor to read the passphrase from, not to read the file
+      descriptor from. Fixes bug 19505; bugfix on 0.2.0.20-alpha.
+
+  o Minor bugfixes (ephemeral hidden service):
+    - When deleting an ephemeral hidden service, close its intro points
+      even if they are not completely open. Fixes bug 18604; bugfix
+      on 0.2.7.1-alpha.
+
+  o Minor bugfixes (guard selection):
+    - Use a single entry guard even if the NumEntryGuards consensus
+      parameter is not provided. Fixes bug 17688; bugfix
+      on 0.2.5.6-alpha.
+    - Don't mark guards as unreachable if connection_connect() fails.
+      That function fails for local reasons, so it shouldn't reveal
+      anything about the status of the guard. Fixes bug 14334; bugfix
+      on 0.2.3.10-alpha.
+
+  o Minor bugfixes (hidden service client):
+    - Increase the minimum number of internal circuits we preemptively
+      build from 2 to 3, so a circuit is available when a client
+      connects to another onion service. Fixes bug 13239; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor bugfixes (logging):
+    - When logging a directory ownership mismatch, log the owning
+      username correctly. Fixes bug 19578; bugfix on 0.2.2.29-beta.
+
+  o Minor bugfixes (memory leaks):
+    - Fix a small, uncommon memory leak that could occur when reading a
+      truncated ed25519 key file. Fixes bug 18956; bugfix
+      on 0.2.6.1-alpha.
+
+  o Minor bugfixes (testing):
+    - Allow clients to retry HSDirs much faster in test networks. Fixes
+      bug 19702; bugfix on 0.2.7.1-alpha. Patch by teor.
+    - Disable ASAN's detection of segmentation faults while running
+      test_bt.sh, so that we can make sure that our own backtrace
+      generation code works. Fixes another aspect of bug 18934; bugfix
+      on 0.2.5.2-alpha. Patch from "cypherpunks".
+    - Fix the test-network-all target on out-of-tree builds by using the
+      correct path to the test driver script. Fixes bug 19421; bugfix
+      on 0.2.7.3-rc.
+
+  o Minor bugfixes (time):
+    - Improve overflow checks in tv_udiff and tv_mdiff. Fixes bug 19483;
+      bugfix on all released tor versions.
+    - When computing the difference between two times in milliseconds,
+      we now round to the nearest millisecond correctly. Previously, we
+      could sometimes round in the wrong direction. Fixes bug 19428;
+      bugfix on 0.2.2.2-alpha.
+
+  o Minor bugfixes (user interface):
+    - Display a more accurate number of suppressed messages in the log
+      rate-limiter. Previously, there was a potential integer overflow
+      in the counter. Now, if the number of messages hits a maximum, the
+      rate-limiter doesn't count any further. Fixes bug 19435; bugfix
+      on 0.2.4.11-alpha.
+    - Fix a typo in the passphrase prompt for the ed25519 identity key.
+      Fixes bug 19503; bugfix on 0.2.7.2-alpha.
+
+  o Code simplification and refactoring:
+    - Remove redundant declarations of the MIN macro. Closes
+      ticket 18889.
+    - Rename tor_dup_addr() to tor_addr_to_str_dup() to avoid confusion.
+      Closes ticket 18462; patch from "icanhasaccount".
+    - Split the 600-line directory_handle_command_get function into
+      separate functions for different URL types. Closes ticket 16698.
+
+  o Documentation:
+    - Fix spelling of "--enable-tor2web-mode" in the manpage. Closes
+      ticket 19153. Patch from "U+039b".
+
+  o Removed features:
+    - Remove support for "GET /tor/bytes.txt" DirPort request, and
+      "GETINFO dir-usage" controller request, which were only available
+      via a compile-time option in Tor anyway. Feature was added in
+      0.2.2.1-alpha. Resolves ticket 19035.
+    - There is no longer a compile-time option to disable support for
+      TransPort. (If you don't want TransPort; just don't use it.) Patch
+      from "U+039b". Closes ticket 19449.
+
+  o Testing:
+    - Run more workqueue tests as part of "make check". These had
+      previously been implemented, but you needed to know special
+      command-line options to enable them.
+    - We now have unit tests for our code to reject zlib "compression
+      bombs". (Fortunately, the code works fine.)
+
+
+Changes in version 0.2.8.6 - 2016-08-02
+
+  Tor 0.2.8.6 is the first stable version of the Tor 0.2.8 series.
+
+  The Tor 0.2.8 series improves client bootstrapping performance,
+  completes the authority-side implementation of improved identity
+  keys for relays, and includes numerous bugfixes and performance
+  improvements throughout the program. This release continues to
+  improve the coverage of Tor's test suite.  For a full list of
+  changes since Tor 0.2.7, see the ReleaseNotes file.
+
+  Changes since 0.2.8.5-rc:
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - Fix a compilation warning in the unit tests on systems where char
+      is signed. Fixes bug 19682; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (fallback directories):
+    - Remove 1 fallback that was on the hardcoded list, then opted-out,
+      leaving 89 of the 100 fallbacks originally introduced in Tor
+      0.2.8.2-alpha in March 2016. Closes ticket 19782; patch by teor.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Allow more syscalls when running with "Sandbox 1" enabled:
+      sysinfo, getsockopt(SO_SNDBUF), and setsockopt(SO_SNDBUFFORCE). On
+      some systems, these are required for Tor to start. Fixes bug
+      18397; bugfix on 0.2.5.1-alpha. Patch from Daniel Pinto.
+    - Allow IPPROTO_UDP datagram sockets when running with "Sandbox 1",
+      so that get_interface_address6_via_udp_socket_hack() can work.
+      Fixes bug 19660; bugfix on 0.2.5.1-alpha.
+
+
+Changes in version 0.2.8.5-rc - 2016-07-07
+  Tor 0.2.8.5-rc is the second release candidate in the Tor 0.2.8
+  series. If we find no new bugs or regressions here, the first stable
+  0.2.8 release will be identical to it. It has a few small bugfixes
+  against previous versions.
+
+  o Directory authority changes:
+    - Urras is no longer a directory authority. Closes ticket 19271.
+
+  o Major bugfixes (heartbeat):
+    - Fix a regression that would crash Tor when the periodic
+      "heartbeat" log messages were disabled. Fixes bug 19454; bugfix on
+      0.2.8.1-alpha. Reported by "kubaku".
+
+  o Minor features (build):
+    - Tor now again builds with the recent OpenSSL 1.1 development
+      branch (tested against 1.1.0-pre6-dev). Closes ticket 19499.
+    - When building manual pages, set the timezone to "UTC", so that the
+      output is reproducible. Fixes bug 19558; bugfix on 0.2.2.9-alpha.
+      Patch from intrigeri.
+
+  o Minor bugfixes (fallback directory selection):
+    - Avoid errors during fallback selection if there are no eligible
+      fallbacks. Fixes bug 19480; bugfix on 0.2.8.3-alpha. Patch
+      by teor.
+
+  o Minor bugfixes (IPv6, microdescriptors):
+    - Don't check node addresses when we only have a routerstatus. This
+      allows IPv6-only clients to bootstrap by fetching microdescriptors
+      from fallback directory mirrors. (The microdescriptor consensus
+      has no IPv6 addresses in it.) Fixes bug 19608; bugfix
+      on 0.2.8.2-alpha.
+
+  o Minor bugfixes (logging):
+    - Reduce pointlessly verbose log messages when directory servers
+      can't be found. Fixes bug 18849; bugfix on 0.2.8.3-alpha and
+      0.2.8.1-alpha. Patch by teor.
+    - When a fallback directory changes its fingerprint from the hard-
+      coded fingerprint, log a less severe, more explanatory log
+      message. Fixes bug 18812; bugfix on 0.2.8.1-alpha. Patch by teor.
+
+  o Minor bugfixes (Linux seccomp2 sandboxing):
+    - Allow statistics to be written to disk when "Sandbox 1" is
+      enabled. Fixes bugs 19556 and 19957; bugfix on 0.2.5.1-alpha and
+      0.2.6.1-alpha respectively.
+
+  o Minor bugfixes (user interface):
+    - Remove a warning message "Service [scrubbed] not found after
+      descriptor upload". This message appears when one uses HSPOST
+      control command to upload a service descriptor. Since there is
+      only a descriptor and no service, showing this message is
+      pointless and confusing. Fixes bug 19464; bugfix on 0.2.7.2-alpha.
+
+  o Fallback directory list:
+    - Add a comment to the generated fallback directory list that
+      explains how to comment out unsuitable fallbacks in a way that's
+      compatible with the stem fallback parser.
+    - Update fallback whitelist and blacklist based on relay operator
+      emails. Blacklist unsuitable (non-working, over-volatile)
+      fallbacks. Resolves ticket 19071. Patch by teor.
+    - Remove 10 unsuitable fallbacks, leaving 90 of the 100 fallbacks
+      originally introduced in Tor 0.2.8.2-alpha in March 2016. Closes
+      ticket 19071; patch by teor.
+
+
+Changes in version 0.2.8.4-rc - 2016-06-15
+  Tor 0.2.8.4-rc is the first release candidate in the Tor 0.2.8 series.
+  If we find no new bugs or regressions here, the first stable 0.2.8
+  release will be identical to it. It has a few small bugfixes against
+  previous versions.
+
+  o Major bugfixes (user interface):
+    - Correctly give a warning in the cases where a relay is specified
+      by nickname, and one such relay is found, but it is not officially
+      Named. Fixes bug 19203; bugfix on 0.2.3.1-alpha.
+
+  o Minor features (build):
+    - Tor now builds once again with the recent OpenSSL 1.1 development
+      branch (tested against 1.1.0-pre5 and 1.1.0-pre6-dev).
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - Cause the unit tests to compile correctly on mingw64 versions that
+      lack sscanf. Fixes bug 19213; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (downloading):
+    - Predict more correctly whether we'll be downloading over HTTP when
+      we determine the maximum length of a URL. This should avoid a
+      "BUG" warning about the Squid HTTP proxy and its URL limits. Fixes
+      bug 19191.
+
+
+Changes in version 0.2.8.3-alpha - 2016-05-26
+  Tor 0.2.8.3-alpha resolves several bugs, most of them introduced over
+  the course of the 0.2.8 development cycle. It improves the behavior of
+  directory clients, fixes several crash bugs, fixes a gap in compiler
+  hardening, and allows the full integration test suite to run on
+  more platforms.
+
+  o Major bugfixes (security, client, DNS proxy):
+    - Stop a crash that could occur when a client running with DNSPort
+      received a query with multiple address types, and the first
+      address type was not supported. Found and fixed by Scott Dial.
+      Fixes bug 18710; bugfix on 0.2.5.4-alpha.
+
+  o Major bugfixes (security, compilation):
+    - Correctly detect compiler flags on systems where _FORTIFY_SOURCE
+      is predefined. Previously, our use of -D_FORTIFY_SOURCE would
+      cause a compiler warning, thereby making other checks fail, and
+      needlessly disabling compiler-hardening support. Fixes one case of
+      bug 18841; bugfix on 0.2.3.17-beta. Patch from "trudokal".
+
+  o Major bugfixes (security, directory authorities):
+    - Fix a crash and out-of-bounds write during authority voting, when
+      the list of relays includes duplicate ed25519 identity keys. Fixes
+      bug 19032; bugfix on 0.2.8.2-alpha.
+
+  o Major bugfixes (client, bootstrapping):
+    - Check if bootstrap consensus downloads are still needed when the
+      linked connection attaches. This prevents tor making unnecessary
+      begindir-style connections, which are the only directory
+      connections tor clients make since the fix for 18483 was merged.
+    - Fix some edge cases where consensus download connections may not
+      have been closed, even though they were not needed. Related to fix
+      for 18809.
+    - Make relays retry consensus downloads the correct number of times,
+      rather than the more aggressive client retry count. Fixes part of
+      ticket 18809.
+    - Stop downloading consensuses when we have a consensus, even if we
+      don't have all the certificates for it yet. Fixes bug 18809;
+      bugfix on 0.2.8.1-alpha. Patches by arma and teor.
+
+  o Major bugfixes (directory mirrors):
+    - Decide whether to advertise begindir support in the the same way
+      we decide whether to advertise our DirPort. Allowing these
+      decisions to become out-of-sync led to surprising behavior like
+      advertising begindir support when hibernation made us not
+      advertise a DirPort. Resolves bug 18616; bugfix on 0.2.8.1-alpha.
+      Patch by teor.
+
+  o Major bugfixes (IPv6 bridges, client):
+    - Actually use IPv6 addresses when selecting directory addresses for
+      IPv6 bridges. Fixes bug 18921; bugfix on 0.2.8.1-alpha. Patch
+      by "teor".
+
+  o Major bugfixes (key management):
+    - If OpenSSL fails to generate an RSA key, do not retain a dangling
+      pointer to the previous (uninitialized) key value. The impact here
+      should be limited to a difficult-to-trigger crash, if OpenSSL is
+      running an engine that makes key generation failures possible, or
+      if OpenSSL runs out of memory. Fixes bug 19152; bugfix on
+      0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
+      Baishakhi Ray.
+
+  o Major bugfixes (testing):
+    - Fix a bug that would block 'make test-network-all' on systems where
+      IPv6 packets were lost. Fixes bug 19008; bugfix on 0.2.7.3-rc.
+    - Avoid "WSANOTINITIALISED" warnings in the unit tests. Fixes bug 18668;
+      bugfix on 0.2.8.1-alpha.
+
+  o Minor features (clients):
+    - Make clients, onion services, and bridge relays always use an
+      encrypted begindir connection for directory requests. Resolves
+      ticket 18483. Patch by "teor".
+
+  o Minor features (fallback directory mirrors):
+    - Give each fallback the same weight for client selection; restrict
+      fallbacks to one per operator; report fallback directory detail
+      changes when rebuilding list; add new fallback directory mirrors
+      to the whitelist; and many other minor simplifications and fixes.
+      Closes tasks 17905, 18749, bug 18689, and fixes part of bug 18812 on
+      0.2.8.1-alpha; patch by "teor".
+    - Replace the 21 fallbacks generated in January 2016 and included in
+      Tor 0.2.8.1-alpha, with a list of 100 fallbacks generated in March
+      2016. Closes task 17158; patch by "teor".
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (assert, portability):
+    - Fix an assertion failure in memarea.c on systems where "long" is
+      shorter than the size of a pointer. Fixes bug 18716; bugfix
+      on 0.2.1.1-alpha.
+
+  o Minor bugfixes (bootstrap):
+    - Consistently use the consensus download schedule for authority
+      certificates. Fixes bug 18816; bugfix on 0.2.4.13-alpha.
+
+  o Minor bugfixes (build):
+    - Remove a pair of redundant AM_CONDITIONAL declarations from
+      configure.ac. Fixes one final case of bug 17744; bugfix
+      on 0.2.8.2-alpha.
+    - Resolve warnings when building on systems that are concerned with
+      signed char. Fixes bug 18728; bugfix on 0.2.7.2-alpha
+      and 0.2.6.1-alpha.
+    - When libscrypt.h is found, but no libscrypt library can be linked,
+      treat libscrypt as absent. Fixes bug 19161; bugfix
+      on 0.2.6.1-alpha.
+
+  o Minor bugfixes (client):
+    - Turn all TestingClientBootstrap* into non-testing torrc options.
+      This changes simply renames them by removing "Testing" in front of
+      them and they do not require TestingTorNetwork to be enabled
+      anymore. Fixes bug 18481; bugfix on 0.2.8.1-alpha.
+    - Make directory node selection more reliable, mainly for IPv6-only
+      clients and clients with few reachable addresses. Fixes bug 18929;
+      bugfix on 0.2.8.1-alpha. Patch by "teor".
+
+  o Minor bugfixes (controller, microdescriptors):
+    - Make GETINFO dir/status-vote/current/consensus conform to the
+      control specification by returning "551 Could not open cached
+      consensus..." when not caching consensuses. Fixes bug 18920;
+      bugfix on 0.2.2.6-alpha.
+
+  o Minor bugfixes (crypto, portability):
+    - The SHA3 and SHAKE routines now produce the correct output on Big
+      Endian systems. No code calls either algorithm yet, so this is
+      primarily a build fix. Fixes bug 18943; bugfix on 0.2.8.1-alpha.
+    - Tor now builds again with the recent OpenSSL 1.1 development
+      branch (tested against 1.1.0-pre4 and 1.1.0-pre5-dev). Closes
+      ticket 18286.
+
+  o Minor bugfixes (directories):
+    - When fetching extrainfo documents, compare their SHA256 digests
+      and Ed25519 signing key certificates with the routerinfo that led
+      us to fetch them, rather than with the most recent routerinfo.
+      Otherwise we generate many spurious warnings about mismatches.
+      Fixes bug 17150; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (logging):
+    - When we can't generate a signing key because OfflineMasterKey is
+      set, do not imply that we should have been able to load it. Fixes
+      bug 18133; bugfix on 0.2.7.2-alpha.
+    - Stop periodic_event_dispatch() from blasting twelve lines per
+      second at loglevel debug. Fixes bug 18729; fix on 0.2.8.1-alpha.
+    - When rejecting a misformed INTRODUCE2 cell, only log at
+      PROTOCOL_WARN severity. Fixes bug 18761; bugfix on 0.2.8.2-alpha.
+
+  o Minor bugfixes (pluggable transports):
+    - Avoid reporting a spurious error when we decide that we don't need
+      to terminate a pluggable transport because it has already exited.
+      Fixes bug 18686; bugfix on 0.2.5.5-alpha.
+
+  o Minor bugfixes (pointer arithmetic):
+    - Fix a bug in memarea_alloc() that could have resulted in remote
+      heap write access, if Tor had ever passed an unchecked size to
+      memarea_alloc(). Fortunately, all the sizes we pass to
+      memarea_alloc() are pre-checked to be less than 128 kilobytes.
+      Fixes bug 19150; bugfix on 0.2.1.1-alpha. Bug found by
+      Guido Vranken.
+
+  o Minor bugfixes (relays):
+    - Consider more config options when relays decide whether to
+      regenerate their descriptor. Fixes more of bug 12538; bugfix
+      on 0.2.8.1-alpha.
+    - Resolve some edge cases where we might launch an ORPort
+      reachability check even when DisableNetwork is set. Noticed while
+      fixing bug 18616; bugfix on 0.2.3.9-alpha.
+
+  o Minor bugfixes (statistics):
+    - We now include consensus downloads via IPv6 in our directory-
+      request statistics. Fixes bug 18460; bugfix on 0.2.3.14-alpha.
+
+  o Minor bugfixes (testing):
+    - Allow directories in small networks to bootstrap by skipping
+      DirPort checks when the consensus has no exits. Fixes bug 19003;
+      bugfix on 0.2.8.1-alpha. Patch by teor.
+    - Fix a small memory leak that would occur when the
+      TestingEnableCellStatsEvent option was turned on. Fixes bug 18673;
+      bugfix on 0.2.5.2-alpha.
+
+  o Minor bugfixes (time handling):
+    - When correcting a corrupt 'struct tm' value, fill in the tm_wday
+      field. Otherwise, our unit tests crash on Windows. Fixes bug
+      18977; bugfix on 0.2.2.25-alpha.
+
+  o Documentation:
+    - Document the contents of the 'datadir/keys' subdirectory in the
+      manual page. Closes ticket 17621.
+    - Stop recommending use of nicknames to identify relays in our
+      MapAddress documentation. Closes ticket 18312.
+
+
+Changes in version 0.2.8.2-alpha - 2016-03-28
+  Tor 0.2.8.2-alpha is the second alpha in its series. It fixes numerous
+  bugs in earlier versions of Tor, including some that prevented
+  authorities using Tor 0.2.7.x from running correctly. IPv6 and
+  directory support should also be much improved.
+
+  o New system requirements:
+    - Tor no longer supports versions of OpenSSL with a broken
+      implementation of counter mode. (This bug was present in OpenSSL
+      1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no
+      longer runs with, these versions.
+    - Tor no longer attempts to support platforms where the "time_t"
+      type is unsigned. (To the best of our knowledge, only OpenVMS does
+      this, and Tor has never actually built on OpenVMS.) Closes
+      ticket 18184.
+    - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or
+      later (released in 2008 and 2009 respectively). If you are
+      building Tor from the git repository instead of from the source
+      distribution, and your tools are older than this, you will need to
+      upgrade. Closes ticket 17732.
+
+  o Major bugfixes (security, pointers):
+    - Avoid a difficult-to-trigger heap corruption attack when extending
+      a smartlist to contain over 16GB of pointers. Fixes bug 18162;
+      bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
+      Reported by Guido Vranken.
+
+  o Major bugfixes (bridges, pluggable transports):
+    - Modify the check for OR connections to private addresses. Allow
+      bridges on private addresses, including pluggable transports that
+      ignore the (potentially private) address in the bridge line. Fixes
+      bug 18517; bugfix on 0.2.8.1-alpha. Reported by gk, patch by teor.
+
+  o Major bugfixes (compilation):
+    - Repair hardened builds under the clang compiler. Previously, our
+      use of _FORTIFY_SOURCE would conflict with clang's address
+      sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
+
+  o Major bugfixes (crash on shutdown):
+    - Correctly handle detaching circuits from muxes when shutting down.
+      Fixes bug 18116; bugfix on 0.2.8.1-alpha.
+    - Fix an assert-on-exit bug related to counting memory usage in
+      rephist.c. Fixes bug 18651; bugfix on 0.2.8.1-alpha.
+
+  o Major bugfixes (crash on startup):
+    - Fix a segfault during startup: If a Unix domain socket was
+      configured as listener (such as a ControlSocket or a SocksPort
+      "unix:" socket), and tor was started as root but not configured to
+      switch to another user, tor would segfault while trying to string
+      compare a NULL value. Fixes bug 18261; bugfix on 0.2.8.1-alpha.
+      Patch by weasel.
+
+  o Major bugfixes (dns proxy mode, crash):
+    - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+      bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
+
+  o Major bugfixes (relays, bridge clients):
+    - Ensure relays always allow IPv4 OR and Dir connections. Ensure
+      bridge clients use the address configured in the bridge line.
+      Fixes bug 18348; bugfix on 0.2.8.1-alpha. Reported by sysrqb,
+      patch by teor.
+
+  o Major bugfixes (voting):
+    - Actually enable support for authorities to match routers by their
+      Ed25519 identities. Previously, the code had been written, but
+      some debugging code that had accidentally been left in the
+      codebase made it stay turned off. Fixes bug 17702; bugfix
+      on 0.2.7.2-alpha.
+    - When collating votes by Ed25519 identities, authorities now
+      include a "NoEdConsensus" flag if the ed25519 value (or lack
+      thereof) for a server does not reflect the majority consensus.
+      Related to bug 17668; bugfix on 0.2.7.2-alpha.
+    - When generating a vote with keypinning disabled, never include two
+      entries for the same ed25519 identity. This bug was causing
+      authorities to generate votes that they could not parse when a
+      router violated key pinning by changing its RSA identity but
+      keeping its Ed25519 identity. Fixes bug 17668; fixes part of bug
+      18318. Bugfix on 0.2.7.2-alpha.
+
+  o Minor features (security, win32):
+    - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
+      attack. Fixes bug 18123; bugfix on all tor versions. Patch
+      by teor.
+
+  o Minor features (bug-resistance):
+    - Make Tor survive errors involving connections without a
+      corresponding event object. Previously we'd fail with an
+      assertion; now we produce a log message. Related to bug 16248.
+
+  o Minor features (build):
+    - Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD)
+      as having possible IPFW support. Closes ticket 18448. Patch from
+      Steven Chamberlain.
+
+  o Minor features (code hardening):
+    - Use tor_snprintf() and tor_vsnprintf() even in external and low-
+      level code, to harden against accidental failures to NUL-
+      terminate. Part of ticket 17852. Patch from jsturgix. Found
+      with Flawfinder.
+
+  o Minor features (crypto):
+    - Validate the hard-coded Diffie-Hellman parameters and ensure that
+      p is a safe prime, and g is a suitable generator. Closes
+      ticket 18221.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden service directory):
+    - Streamline relay-side hsdir handling: when relays consider whether
+      to accept an uploaded hidden service descriptor, they no longer
+      check whether they are one of the relays in the network that is
+      "supposed" to handle that descriptor. Implements ticket 18332.
+
+  o Minor features (IPv6):
+    - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set
+      to 1, tor prefers IPv6 directory addresses.
+    - Add ClientUseIPv4, which is set to 1 by default. If set to 0, tor
+      avoids using IPv4 for client OR and directory connections.
+    - Try harder to obey the IP version restrictions "ClientUseIPv4 0",
+      "ClientUseIPv6 0", "ClientPreferIPv6ORPort", and
+      "ClientPreferIPv6DirPort". Closes ticket 17840; patch by teor.
+
+  o Minor features (linux seccomp2 sandbox):
+    - Reject attempts to change our Address with "Sandbox 1" enabled.
+      Changing Address with Sandbox turned on would never actually work,
+      but previously it would fail in strange and confusing ways. Found
+      while fixing 18548.
+
+  o Minor features (robustness):
+    - Exit immediately with an error message if the code attempts to use
+      Libevent without having initialized it. This should resolve some
+      frequently-made mistakes in our unit tests. Closes ticket 18241.
+
+  o Minor features (unix domain sockets):
+    - Add a new per-socket option, RelaxDirModeCheck, to allow creating
+      Unix domain sockets without checking the permissions on the parent
+      directory. (Tor checks permissions by default because some
+      operating systems only check permissions on the parent directory.
+      However, some operating systems do look at permissions on the
+      socket, and tor's default check is unneeded.) Closes ticket 18458.
+      Patch by weasel.
+
+  o Minor bugfixes (exit policies, security):
+    - Refresh an exit relay's exit policy when interface addresses
+      change. Previously, tor only refreshed the exit policy when the
+      configured external address changed. Fixes bug 18208; bugfix on
+      0.2.7.3-rc. Patch by teor.
+
+  o Minor bugfixes (security, hidden services):
+    - Prevent hidden services connecting to client-supplied rendezvous
+      addresses that are reserved as internal or multicast. Fixes bug
+      8976; bugfix on 0.2.3.21-rc. Patch by dgoulet and teor.
+
+  o Minor bugfixes (build):
+    - Do not link the unit tests against both the testing and non-
+      testing versions of the static libraries. Fixes bug 18490; bugfix
+      on 0.2.7.1-alpha.
+    - Avoid spurious failures from configure files related to calling
+      exit(0) in TOR_SEARCH_LIBRARY. Fixes bug 18626; bugfix on
+      0.2.0.1-alpha. Patch from "cypherpunks".
+    - Silence spurious clang-scan warnings in the ed25519_donna code by
+      explicitly initializing some objects. Fixes bug 18384; bugfix on
+      0.2.7.2-alpha. Patch by teor.
+
+  o Minor bugfixes (client, bootstrap):
+    - Count receipt of new microdescriptors as progress towards
+      bootstrapping. Previously, with EntryNodes set, Tor might not
+      successfully repopulate the guard set on bootstrapping. Fixes bug
+      16825; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (code correctness):
+    - Update to the latest version of Trunnel, which tries harder to
+      avoid generating code that can invoke memcpy(p,NULL,0). Bug found
+      by clang address sanitizer. Fixes bug 18373; bugfix
+      on 0.2.7.2-alpha.
+
+  o Minor bugfixes (configuration):
+    - Fix a tiny memory leak when parsing a port configuration ending in
+      ":auto". Fixes bug 18374; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes (containers):
+    - If we somehow attempt to construct a heap with more than
+      1073741822 elements, avoid an integer overflow when maintaining
+      the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
+
+  o Minor bugfixes (correctness):
+    - Fix a bad memory handling bug that would occur if we had queued a
+      cell on a channel's incoming queue. Fortunately, we can't actually
+      queue a cell like that as our code is constructed today, but it's
+      best to avoid this kind of error, even if there isn't any code
+      that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (directory):
+    - When generating a URL for a directory server on an IPv6 address,
+      wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix
+      on 0.2.3.9-alpha. Patch from Malek.
+
+  o Minor bugfixes (fallback directory mirrors):
+    - When requesting extrainfo descriptors from a trusted directory
+      server, check whether it is an authority or a fallback directory
+      which supports extrainfo descriptors. Fixes bug 18489; bugfix on
+      0.2.4.7-alpha. Reported by atagar, patch by teor.
+
+  o Minor bugfixes (hidden service, client):
+    - Handle the case where the user makes several fast consecutive
+      requests to the same .onion address. Previously, the first six
+      requests would each trigger a descriptor fetch, each picking a
+      directory (there are 6 overall) and the seventh one would fail
+      because no directories were left, thereby triggering a close on
+      all current directory connections asking for the hidden service.
+      The solution here is to not close the connections if we have
+      pending directory fetches. Fixes bug 15937; bugfix
+      on 0.2.7.1-alpha.
+
+  o Minor bugfixes (hidden service, control port):
+    - Add the onion address to the HS_DESC event for the UPLOADED action
+      both on success or failure. It was previously hardcoded with
+      UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (hidden service, directory):
+    - Bridges now refuse "rendezvous2" (hidden service descriptor)
+      publish attempts. Suggested by ticket 18332.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow the setrlimit syscall, and the prlimit and prlimit64
+      syscalls, which some libc implementations use under the hood.
+      Fixes bug 15221; bugfix on 0.2.5.1-alpha.
+    - Avoid a 10-second delay when starting as a client with "Sandbox 1"
+      enabled and no DNS resolvers configured. This should help TAILS
+      start up faster. Fixes bug 18548; bugfix on 0.2.5.1-alpha.
+    - Fix the sandbox's interoperability with unix domain sockets under
+      setuid. Fixes bug 18253; bugfix on 0.2.8.1-alpha.
+
+  o Minor bugfixes (logging):
+    - When logging information about an unparsable networkstatus vote or
+      consensus, do not say "vote" when we mean consensus. Fixes bug
+      18368; bugfix on 0.2.0.8-alpha.
+    - Scrub service name in "unrecognized service ID" log messages.
+      Fixes bug 18600; bugfix on 0.2.4.11-alpha.
+    - Downgrade logs and backtraces about IP versions to info-level.
+      Only log backtraces once each time tor runs. Assists in diagnosing
+      bug 18351; bugfix on 0.2.8.1-alpha. Reported by sysrqb and
+      Christian, patch by teor.
+
+  o Minor bugfixes (memory safety):
+    - Avoid freeing an uninitialized pointer when opening a socket fails
+      in get_interface_addresses_ioctl(). Fixes bug 18454; bugfix on
+      0.2.3.11-alpha. Reported by toralf and "cypherpunks", patch
+      by teor.
+    - Correctly duplicate addresses in get_interface_address6_list().
+      Fixes bug 18454; bugfix on 0.2.8.1-alpha. Reported by toralf,
+      patch by "cypherpunks".
+    - Fix a memory leak in tor-gencert. Fixes part of bug 18672; bugfix
+      on 0.2.0.1-alpha.
+    - Fix a memory leak in "tor --list-fingerprint". Fixes part of bug
+      18672; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (private directory):
+    - Prevent a race condition when creating private directories. Fixes
+      part of bug 17852; bugfix on 0.0.2pre13. Part of ticket 17852.
+      Patch from jsturgix. Found with Flawfinder.
+
+  o Minor bugfixes (test networks, IPv6):
+    - Allow internal IPv6 addresses in descriptors in test networks.
+      Fixes bug 17153; bugfix on 0.2.3.16-alpha. Patch by teor, reported
+      by karsten.
+
+  o Minor bugfixes (testing):
+    - We no longer disable assertions in the unit tests when coverage is
+      enabled. Instead, we require you to say --disable-asserts-in-tests
+      to the configure script if you need assertions disabled in the
+      unit tests (for example, if you want to perform branch coverage).
+      Fixes bug 18242; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (time parsing):
+    - Avoid overflow in tor_timegm when parsing dates in and after 2038
+      on platforms with 32-bit time_t. Fixes bug 18479; bugfix on
+      0.0.2pre14. Patch by teor.
+
+  o Minor bugfixes (tor-gencert):
+    - Correctly handle the case where an authority operator enters a
+      passphrase but sends an EOF before sending a newline. Fixes bug
+      17443; bugfix on 0.2.0.20-rc. Found by junglefowl.
+
+  o Code simplification and refactoring:
+    - Quote all the string interpolations in configure.ac -- even those
+      which we are pretty sure can't contain spaces. Closes ticket
+      17744. Patch from zerosion.
+    - Remove specialized code for non-inplace AES_CTR. 99% of our AES is
+      inplace, so there's no need to have a separate implementation for
+      the non-inplace code. Closes ticket 18258. Patch from Malek.
+    - Simplify return types for some crypto functions that can't
+      actually fail. Patch from Hassan Alsibyani. Closes ticket 18259.
+
+  o Documentation:
+    - Change build messages to refer to "Fedora" instead of "Fedora
+      Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426.
+      Patches from "icanhasaccount" and "cypherpunks".
+
+  o Removed features:
+    - We no longer maintain an internal freelist in memarea.c.
+      Allocators should be good enough to make this code unnecessary,
+      and it's doubtful that it ever had any performance benefit.
+
+  o Testing:
+    - Fix several warnings from clang's address sanitizer produced in
+      the unit tests.
+    - Treat backtrace test failures as expected on FreeBSD until we
+      solve bug 17808. Closes ticket 18204.
+
+
+Changes in version 0.2.8.1-alpha - 2016-02-04
+  Tor 0.2.8.1-alpha is the first alpha release in its series. It
+  includes numerous small features and bugfixes against previous Tor
+  versions, and numerous small infrastructure improvements. The most
+  notable features are a set of improvements to the directory subsystem.
+
+  o Major features (security, Linux):
+    - When Tor starts as root on Linux and is told to switch user ID, it
+      can now retain the capability to bind to low ports. By default,
+      Tor will do this only when it's switching user ID and some low
+      ports have been configured. You can change this behavior with the
+      new option KeepBindCapabilities. Closes ticket 8195.
+
+  o Major features (directory system):
+    - When bootstrapping multiple consensus downloads at a time, use the
+      first one that starts downloading, and close the rest. This
+      reduces failures when authorities or fallback directories are slow
+      or down. Together with the code for feature 15775, this feature
+      should reduces failures due to fallback churn. Implements ticket
+      4483. Patch by "teor". Implements IPv4 portions of proposal 210 by
+      "mikeperry" and "teor".
+    - Include a trial list of 21 default fallback directories, generated
+      in January 2016, based on an opt-in survey of suitable relays.
+      Doing this should make clients bootstrap more quickly and reliably,
+      and reduce the load on the directory authorities. Closes ticket
+      15775. Patch by "teor".
+      Candidates identified using an OnionOO script by "weasel", "teor",
+      "gsathya", and "karsten".
+    - Previously only relays that explicitly opened a directory port
+      (DirPort) accepted directory requests from clients. Now all
+      relays, with and without a DirPort, accept and serve tunneled
+      directory requests that they receive through their ORPort. You can
+      disable this behavior using the new DirCache option. Closes
+      ticket 12538.
+
+  o Major key updates:
+    - Update the V3 identity key for the dannenberg directory authority:
+      it was changed on 18 November 2015. Closes task 17906. Patch
+      by "teor".
+
+  o Minor features (security, clock):
+    - Warn when the system clock appears to move back in time (when the
+      state file was last written in the future). Tor doesn't know that
+      consensuses have expired if the clock is in the past. Patch by
+      "teor". Implements ticket 17188.
+
+  o Minor features (security, exit policies):
+    - ExitPolicyRejectPrivate now rejects more private addresses by
+      default. Specifically, it now rejects the relay's outbound bind
+      addresses (if configured), and the relay's configured port
+      addresses (such as ORPort and DirPort). Fixes bug 17027; bugfix on
+      0.2.0.11-alpha. Patch by "teor".
+
+  o Minor features (security, memory erasure):
+    - Set the unused entries in a smartlist to NULL. This helped catch
+      a (harmless) bug, and shouldn't affect performance too much.
+      Implements ticket 17026.
+    - Use SecureMemoryWipe() function to securely clean memory on
+      Windows. Previously we'd use OpenSSL's OPENSSL_cleanse() function.
+      Implements feature 17986.
+    - Use explicit_bzero or memset_s when present. Previously, we'd use
+      OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches
+      from  and .
+    - Make memwipe() do nothing when passed a NULL pointer or buffer of
+      zero size. Check size argument to memwipe() for underflow. Fixes
+      bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
+      patch by "teor".
+
+  o Minor features (security, RNG):
+    - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
+      positively are not allowed to fail. Previously we depended on
+      internal details of OpenSSL's behavior. Closes ticket 17686.
+    - Never use the system entropy output directly for anything besides
+      seeding the PRNG. When we want to generate important keys, instead
+      of using system entropy directly, we now hash it with the PRNG
+      stream. This may help resist certain attacks based on broken OS
+      entropy implementations. Closes part of ticket 17694.
+    - Use modern system calls (like getentropy() or getrandom()) to
+      generate strong entropy on platforms that have them. Closes
+      ticket 13696.
+
+  o Minor features (accounting):
+    - Added two modes to the AccountingRule option: One for limiting
+      only the number of bytes sent ("AccountingRule out"), and one for
+      limiting only the number of bytes received ("AccountingRule in").
+      Closes ticket 15989; patch from "unixninja92".
+
+  o Minor features (build):
+    - Since our build process now uses "make distcheck", we no longer
+      force "make dist" to depend on "make check". Closes ticket 17893;
+      patch from "cypherpunks."
+    - Tor now builds successfully with the recent OpenSSL 1.1
+      development branch, and with the latest LibreSSL. Closes tickets
+      17549, 17921, and 17984.
+
+  o Minor features (controller):
+    - Adds the FallbackDir entries to 'GETINFO config/defaults'. Closes
+      tickets 16774 and 17817. Patch by George Tankersley.
+    - New 'GETINFO hs/service/desc/id/' command to retrieve a hidden
+      service descriptor from a service's local hidden service
+      descriptor cache. Closes ticket 14846.
+    - Add 'GETINFO exit-policy/reject-private/[default,relay]', so
+      controllers can examine the the reject rules added by
+      ExitPolicyRejectPrivate. This makes it easier for stem to display
+      exit policies.
+
+  o Minor features (crypto):
+    - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
+      George Tankersley.
+    - Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
+    - When allocating a digest state object, allocate no more space than
+      we actually need. Previously, we would allocate as much space as
+      the state for the largest algorithm would need. This change saves
+      up to 672 bytes per circuit. Closes ticket 17796.
+    - Improve performance when hashing non-multiple of 8 sized buffers,
+      based on Andrew Moon's public domain SipHash-2-4 implementation.
+      Fixes bug 17544; bugfix on 0.2.5.3-alpha.
+
+  o Minor features (directory downloads):
+    - Wait for busy authorities and fallback directories to become non-
+      busy when bootstrapping. (A similar change was made in 6c443e987d
+      for directory caches chosen from the consensus.) Closes ticket
+      17864; patch by "teor".
+    - Add UseDefaultFallbackDirs, which enables any hard-coded fallback
+      directory mirrors. The default is 1; set it to 0 to disable
+      fallbacks. Implements ticket 17576. Patch by "teor".
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (IPv6):
+    - Add an argument 'ipv6=address:orport' to the DirAuthority and
+      FallbackDir torrc options, to specify an IPv6 address for an
+      authority or fallback directory. Add hard-coded ipv6 addresses for
+      directory authorities that have them. Closes ticket 17327; patch
+      from Nick Mathewson and "teor".
+    - Add address policy assume_action support for IPv6 addresses.
+    - Limit IPv6 mask bits to 128.
+    - Warn when comparing against an AF_UNSPEC address in a policy, it's
+      almost always a bug. Closes ticket 17863; patch by "teor".
+    - Allow users to configure directory authorities and fallback
+      directory servers with IPv6 addresses and ORPorts. Resolves
+      ticket 6027.
+    - routerset_parse now accepts IPv6 literal addresses. Fixes bug
+      17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
+    - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
+      17638; bugfix on 0.0.2pre8. Patch by "teor".
+
+  o Minor features (logging):
+    - When logging to syslog, allow a tag to be added to the syslog
+      identity (the string prepended to every log message). The tag can
+      be configured with SyslogIdentityTag and defaults to none. Setting
+      it to "foo" will cause logs to be tagged as "Tor-foo". Closes
+      ticket 17194.
+
+  o Minor features (portability):
+    - Use timingsafe_memcmp() where available. Closes ticket 17944;
+      patch from .
+
+  o Minor features (relay, address discovery):
+    - Add a family argument to get_interface_addresses_raw() and
+      subfunctions to make network interface address interogation more
+      efficient. Now Tor can specifically ask for IPv4, IPv6 or both
+      types of interfaces from the operating system. Resolves
+      ticket 17950.
+    - When get_interface_address6_list(.,AF_UNSPEC,.) is called and
+      fails to enumerate interface addresses using the platform-specific
+      API, have it rely on the UDP socket fallback technique to try and
+      find out what IP addresses (both IPv4 and IPv6) our machine has.
+      Resolves ticket 17951.
+
+  o Minor features (replay cache):
+    - The replay cache now uses SHA256 instead of SHA1. Implements
+      feature 8961. Patch by "teor", issue reported by "rransom".
+
+  o Minor features (unix file permissions):
+    - Defer creation of Unix sockets until after setuid. This avoids
+      needing CAP_CHOWN and CAP_FOWNER when using systemd's
+      CapabilityBoundingSet, or chown and fowner when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+    - If any directory created by Tor is marked as group readable, the
+      filesystem group is allowed to be either the default GID or the
+      root user. Allowing root to read the DataDirectory prevents the
+      need for CAP_READ_SEARCH when using systemd's
+      CapabilityBoundingSet, or dac_read_search when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+    - Introduce a new DataDirectoryGroupReadable option. If it is set to
+      1, the DataDirectory will be made readable by the default GID.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+
+  o Minor bugfixes (accounting):
+    - The max bandwidth when using 'AccountRule sum' is now correctly
+      logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch
+      from "unixninja92".
+
+  o Minor bugfixes (code correctness):
+    - When closing an entry connection, generate a warning if we should
+      have sent an end cell for it but we haven't. Fixes bug 17876;
+      bugfix on 0.2.3.2-alpha.
+    - Assert that allocated memory held by the reputation code is freed
+      according to its internal counters. Fixes bug 17753; bugfix
+      on 0.1.1.1-alpha.
+    - Assert when the TLS contexts fail to initialize. Fixes bug 17683;
+      bugfix on 0.0.6.
+
+  o Minor bugfixes (compilation):
+    - Mark all object files that include micro-revision.i as depending
+      on it, so as to make parallel builds more reliable. Fixes bug
+      17826; bugfix on 0.2.5.1-alpha.
+    - Don't try to use the pthread_condattr_setclock() function unless
+      it actually exists. Fixes compilation on NetBSD-6.x. Fixes bug
+      17819; bugfix on 0.2.6.3-alpha.
+    - Fix backtrace compilation on FreeBSD. Fixes bug 17827; bugfix
+      on 0.2.5.2-alpha.
+    - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
+      bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
+    - Fix search for libevent libraries on OpenBSD (and other systems
+      that install libevent 1 and libevent 2 in parallel). Fixes bug
+      16651; bugfix on 0.1.0.7-rc. Patch from "rubiate".
+    - Isolate environment variables meant for tests from the rest of the
+      build system. Fixes bug 17818; bugfix on 0.2.7.3-rc.
+    - Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix
+      on 0.0.2pre8.
+    - Remove config.log only from make distclean, not from make clean.
+      Fixes bug 17924; bugfix on 0.2.4.1-alpha.
+
+  o Minor bugfixes (crypto):
+    - Check the return value of HMAC() and assert on failure. Fixes bug
+      17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
+
+  o Minor bugfixes (fallback directories):
+    - Mark fallbacks as "too busy" when they return a 503 response,
+      rather than just marking authorities. Fixes bug 17572; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+
+  o Minor bugfixes (IPv6):
+    - Update the limits in max_dl_per_request for IPv6 address length.
+      Fixes bug 17573; bugfix on 0.2.1.5-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Fix a crash when using offline master ed25519 keys with the Linux
+      seccomp2 sandbox enabled. Fixes bug 17675; bugfix on 0.2.7.3-rc.
+
+  o Minor bugfixes (logging):
+    - In log messages that include a function name, use __FUNCTION__
+      instead of __PRETTY_FUNCTION__. In GCC, these are synonymous, but
+      with clang __PRETTY_FUNCTION__ has extra information we don't
+      need. Fixes bug 16563; bugfix on 0.0.2pre8. Fix by Tom van
+      der Woerdt.
+    - Remove needless quotes from a log message about unparseable
+      addresses. Fixes bug 17843; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes (portability):
+    - Remove an #endif from configure.ac so that we correctly detect the
+      presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix
+      on 0.2.0.13-alpha.
+
+  o Minor bugfixes (relays):
+    - Check that both the ORPort and DirPort (if present) are reachable
+      before publishing a relay descriptor. Otherwise, relays publish a
+      descriptor with DirPort 0 when the DirPort reachability test takes
+      longer than the ORPort reachability test. Fixes bug 18050; bugfix
+      on 0.1.0.1-rc. Reported by "starlight", patch by "teor".
+
+  o Minor bugfixes (relays, hidden services):
+    - Refuse connection requests to private OR addresses unless
+      ExtendAllowPrivateAddresses is set. Previously, tor would connect,
+      then refuse to send any cells to a private address. Fixes bugs
+      17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
+
+  o Minor bugfixes (safe logging):
+    - When logging a malformed hostname received through socks4, scrub
+      it if SafeLogging says we should. Fixes bug 17419; bugfix
+      on 0.1.1.16-rc.
+
+  o Minor bugfixes (statistics code):
+    - Consistently check for overflow in round_*_to_next_multiple_of
+      functions, and add unit tests with additional and maximal values.
+      Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
+    - Handle edge cases in the laplace functions: avoid division by
+      zero, avoid taking the log of zero, and silence clang type
+      conversion warnings using round and trunc. Add unit tests for edge
+      cases with maximal values. Fixes part of bug 13192; bugfix
+      on 0.2.6.2-alpha.
+
+  o Minor bugfixes (testing):
+    - The test for log_heartbeat was incorrectly failing in timezones
+      with non-integer offsets. Instead of comparing the end of the time
+      string against a constant, compare it to the output of
+      format_local_iso_time when given the correct input. Fixes bug
+      18039; bugfix on 0.2.5.4-alpha.
+    - Make unit tests pass on IPv6-only systems, and systems without
+      localhost addresses (like some FreeBSD jails). Fixes bug 17632;
+      bugfix on 0.2.7.3-rc. Patch by "teor".
+    - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
+      on 0.2.4.8-alpha.
+    - Check the full results of SHA256 and SHA512 digests in the unit
+      tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
+
+  o Code simplification and refactoring:
+    - Move logging of redundant policy entries in
+      policies_parse_exit_policy_internal into its own function. Closes
+      ticket 17608; patch from "juce".
+    - Extract the more complicated parts of circuit_mark_for_close()
+      into a new function that we run periodically before circuits are
+      freed. This change removes more than half of the functions
+      currently in the "blob". Closes ticket 17218.
+    - Clean up a little duplicated code in
+      crypto_expand_key_material_TAP(). Closes ticket 17587; patch
+      from "pfrankw".
+    - Decouple the list of streams waiting to be attached to circuits
+      from the overall connection list. This change makes it possible to
+      attach streams quickly while simplifying Tor's callgraph and
+      avoiding O(N) scans of the entire connection list. Closes
+      ticket 17590.
+    - When a direct directory request fails immediately on launch,
+      instead of relaunching that request from inside the code that
+      launches it, instead mark the connection for teardown. This change
+      simplifies Tor's callback and prevents the directory-request
+      launching code from invoking itself recursively. Closes
+      ticket 17589
+    - Remove code for configuring OpenSSL dynamic locks; OpenSSL doesn't
+      use them. Closes ticket 17926.
+
+  o Documentation:
+    - Add a description of the correct use of the '--keygen' command-
+      line option. Closes ticket 17583; based on text by 's7r'.
+    - Document the minimum HeartbeatPeriod value. Closes ticket 15638.
+    - Explain actual minima for BandwidthRate. Closes ticket 16382.
+    - Fix a minor formatting typo in the manpage. Closes ticket 17791.
+    - Mention torspec URL in the manpage and point the reader to it
+      whenever we mention a document that belongs in torspce. Fixes
+      issue 17392.
+
+  o Removed features:
+    - Remove client-side support for connecting to Tor relays running
+      versions of Tor before 0.2.3.6-alpha. These relays didn't support
+      the v3 TLS handshake protocol, and are no longer allowed on the
+      Tor network. Implements the client side of ticket 11150. Based on
+      patches by Tom van der Woerdt.
+
+  o Testing:
+    - Add unit tests to check for common RNG failure modes, such as
+      returning all zeroes, identical values, or incrementing values
+      (OpenSSL's rand_predictable feature). Patch by "teor".
+    - Log more information when the backtrace tests fail. Closes ticket
+      17892. Patch from "cypherpunks."
+    - Always test both ed25519 backends, so that we can be sure that our
+      batch-open replacement code works. Part of ticket 16794.
+    - Cover dns_resolve_impl() in dns.c with unit tests. Implements a
+      portion of ticket 16831.
+    - More unit tests for compat_libevent.c, procmon.c, tortls.c,
+      util_format.c, directory.c, and options_validate.c. Closes tickets
+      17075, 17082, 17084, 17003, and 17076 respectively. Patches from
+      Ola Bini.
+    - Unit tests for directory_handle_command_get. Closes ticket 17004.
+      Patch from Reinaldo de Souza Jr.
+
+
+Changes in version 0.2.7.6 - 2015-12-10
+  Tor version 0.2.7.6 fixes a major bug in entry guard selection, as
+  well as a minor bug in hidden service reliability.
+
+  o Major bugfixes (guard selection):
+    - Actually look at the Guard flag when selecting a new directory
+      guard. When we implemented the directory guard design, we
+      accidentally started treating all relays as if they have the Guard
+      flag during guard selection, leading to weaker anonymity and worse
+      performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
+      by Mohsen Imani.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - When checking for net/pfvar.h, include netinet/in.h if possible.
+      This fixes transparent proxy detection on OpenBSD. Fixes bug
+      17551; bugfix on 0.1.2.1-alpha. Patch from "rubiate".
+    - Fix a compilation warning with Clang 3.6: Do not check the
+      presence of an address which can never be NULL. Fixes bug 17781.
+
+  o Minor bugfixes (correctness):
+    - When displaying an IPv6 exit policy, include the mask bits
+      correctly even when the number is greater than 31. Fixes bug
+      16056; bugfix on 0.2.4.7-alpha. Patch from "gturner".
+    - The wrong list was used when looking up expired intro points in a
+      rend service object, causing what we think could be reachability
+      issues for hidden services, and triggering a BUG log. Fixes bug
+      16702; bugfix on 0.2.7.2-alpha.
+    - Fix undefined behavior in the tor_cert_checksig function. Fixes
+      bug 17722; bugfix on 0.2.7.2-alpha.
+
+
+Changes in version 0.2.7.5 - 2015-11-20
+  The Tor 0.2.7 release series is dedicated to the memory of Tor user
+  and privacy advocate Caspar Bowden (1961-2015). Caspar worked
+  tirelessly to advocate human rights regardless of national borders,
+  and oppose the encroachments of mass surveillance. He opposed national
+  exceptionalism, he brought clarity to legal and policy debates, he
+  understood and predicted the impact of mass surveillance on the world,
+  and he laid the groundwork for resisting it. While serving on the Tor
+  Project's board of directors, he brought us his uncompromising focus
+  on technical excellence in the service of humankind. Caspar was an
+  inimitable force for good and a wonderful friend. He was kind,
+  humorous, generous, gallant, and believed we should protect one
+  another without exception. We honor him here for his ideals, his
+  efforts, and his accomplishments. Please honor his memory with works
+  that would make him proud.
+
+  Tor 0.2.7.5 is the first stable release in the Tor 0.2.7 series.
+
+  The 0.2.7 series adds a more secure identity key type for relays,
+  improves cryptography performance, resolves several longstanding
+  hidden-service performance issues, improves controller support for
+  hidden services, and includes small bugfixes and performance
+  improvements throughout the program. This release series also includes
+  more tests than before, and significant simplifications to which parts
+  of Tor invoke which others.
+
+  (This release contains no code changes since 0.2.7.4-rc.)
+
+
+Changes in version 0.2.7.4-rc - 2015-10-21
+  Tor 0.2.7.4-rc is the second release candidate in the 0.2.7 series. It
+  fixes some important memory leaks, and a scary-looking (but mostly
+  harmless in practice) invalid-read bug. It also has a few small
+  bugfixes, notably fixes for compilation and portability on different
+  platforms. If no further significant bounds are found, the next
+  release will the the official stable release.
+
+  o Major bugfixes (security, correctness):
+    - Fix an error that could cause us to read 4 bytes before the
+      beginning of an openssl string. This bug could be used to cause
+      Tor to crash on systems with unusual malloc implementations, or
+      systems with unusual hardening installed. Fixes bug 17404; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (correctness):
+    - Fix a use-after-free bug in validate_intro_point_failure(). Fixes
+      bug 17401; bugfix on 0.2.7.3-rc.
+
+  o Major bugfixes (memory leaks):
+    - Fix a memory leak in ed25519 batch signature checking. Fixes bug
+      17398; bugfix on 0.2.6.1-alpha.
+    - Fix a memory leak in rend_cache_failure_entry_free(). Fixes bug
+      17402; bugfix on 0.2.7.3-rc.
+    - Fix a memory leak when reading an expired signing key from disk.
+      Fixes bug 17403; bugfix on 0.2.7.2-rc.
+
+  o Minor features (geoIP):
+    - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - Repair compilation with the most recent (unreleased, alpha)
+      vesions of OpenSSL 1.1. Fixes part of ticket 17237.
+    - Fix an integer overflow warning in test_crypto_slow.c. Fixes bug
+      17251; bugfix on 0.2.7.2-alpha.
+    - Fix compilation of sandbox.c with musl-libc. Fixes bug 17347;
+      bugfix on 0.2.5.1-alpha. Patch from 'jamestk'.
+
+  o Minor bugfixes (portability):
+    - Use libexecinfo on FreeBSD to enable backtrace support. Fixes
+      part of bug 17151; bugfix on 0.2.5.2-alpha. Patch from
+      Marcin Cieślak.
+
+  o Minor bugfixes (sandbox):
+    - Add the "hidserv-stats" filename to our sandbox filter for the
+      HiddenServiceStatistics option to work properly. Fixes bug 17354;
+      bugfix on 0.2.6.2-alpha. Patch from David Goulet.
+
+  o Minor bugfixes (testing):
+    - Add unit tests for get_interface_address* failure cases. Fixes bug
+      17173; bugfix on 0.2.7.3-rc. Patch by fk/teor.
+    - Fix breakage when running 'make check' with BSD make. Fixes bug
+      17154; bugfix on 0.2.7.3-rc. Patch by Marcin Cieślak.
+    - Make the get_ifaddrs_* unit tests more tolerant of different
+      network configurations. (Don't assume every test box has an IPv4
+      address, and don't assume every test box has a non-localhost
+      address.) Fixes bug 17255; bugfix on 0.2.7.3-rc. Patch by "teor".
+    - Skip backtrace tests when backtrace support is not compiled in.
+      Fixes part of bug 17151; bugfix on 0.2.7.1-alpha. Patch from
+      Marcin Cieślak.
+
+  o Documentation:
+    - Fix capitalization of SOCKS in sample torrc. Closes ticket 15609.
+    - Note that HiddenServicePorts can take a unix domain socket. Closes
+      ticket 17364.
+
+
+Changes in version 0.2.7.3-rc - 2015-09-25
+  Tor 0.2.7.3-rc is the first release candidate in the 0.2.7 series. It
+  contains numerous usability fixes for Ed25519 keys, safeguards against
+  several misconfiguration problems, significant simplifications to
+  Tor's callgraph, and numerous bugfixes and small features.
+
+  This is the most tested release of Tor to date. The unit tests cover
+  39.40% of the code, and the integration tests (accessible with "make
+  test-full-online", requiring stem and chutney and a network
+  connection) raise the coverage to 64.49%.
+
+  o Major features (security, hidden services):
+    - Hidden services, if using the EntryNodes option, are required to
+      use more than one EntryNode, in order to avoid a guard discovery
+      attack. (This would only affect people who had configured hidden
+      services and manually specified the EntryNodes option with a
+      single entry-node. The impact was that it would be easy to
+      remotely identify the guard node used by such a hidden service.
+      See ticket for more information.) Fixes ticket 14917.
+
+  o Major features (Ed25519 keys, keypinning):
+    - The key-pinning option on directory authorities is now advisory-
+      only by default. In a future version, or when the AuthDirPinKeys
+      option is set, pins are enforced again. Disabling key-pinning
+      seemed like a good idea so that we can survive the fallout of any
+      usability problems associated with Ed25519 keys. Closes
+      ticket 17135.
+
+  o Major features (Ed25519 performance):
+    - Improve the speed of Ed25519 operations and Curve25519 keypair
+      generation when built targeting 32 bit x86 platforms with SSE2
+      available. Implements ticket 16535.
+    - Improve the runtime speed of Ed25519 signature verification by
+      using Ed25519-donna's batch verification support. Implements
+      ticket 16533.
+
+  o Major features (performance testing):
+    - The test-network.sh script now supports performance testing.
+      Requires corresponding chutney performance testing changes. Patch
+      by "teor". Closes ticket 14175.
+
+  o Major features (relay, Ed25519):
+    - Significant usability improvements for Ed25519 key management. Log
+      messages are better, and the code can recover from far more
+      failure conditions. Thanks to "s7r" for reporting and diagnosing
+      so many of these!
+    - Add a new OfflineMasterKey option to tell Tor never to try loading
+      or generating a secret Ed25519 identity key. You can use this in
+      combination with tor --keygen to manage offline and/or encrypted
+      Ed25519 keys. Implements ticket 16944.
+    - Add a --newpass option to allow changing or removing the
+      passphrase of an encrypted key with tor --keygen. Implements part
+      of ticket 16769.
+    - On receiving a HUP signal, check to see whether the Ed25519
+      signing key has changed, and reload it if so. Closes ticket 16790.
+
+  o Major bugfixes (relay, Ed25519):
+    - Avoid crashing on 'tor --keygen'. Fixes bug 16679; bugfix on
+      0.2.7.2-alpha. Reported by "s7r".
+    - Improve handling of expired signing keys with offline master keys.
+      Fixes bug 16685; bugfix on 0.2.7.2-alpha. Reported by "s7r".
+
+  o Minor features (client-side privacy):
+    - New KeepAliveIsolateSOCKSAuth option to indefinitely extend circuit
+      lifespan when IsolateSOCKSAuth and streams with SOCKS
+      authentication are attached to the circuit. This allows
+      applications like TorBrowser to manage circuit lifetime on their
+      own. Implements feature 15482.
+    - When logging malformed hostnames from SOCKS5 requests, respect
+      SafeLogging configuration. Fixes bug 16891; bugfix on 0.1.1.16-rc.
+
+  o Minor features (compilation):
+    - Give a warning as early as possible when trying to build with an
+      unsupported OpenSSL version. Closes ticket 16901.
+    - Fail during configure if we're trying to build against an OpenSSL
+      built without ECC support. Fixes bug 17109, bugfix on 0.2.7.1-alpha
+      which started requiring ECC.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden services):
+    - Relays need to have the Fast flag to get the HSDir flag. As this
+      is being written, we'll go from 2745 HSDirs down to 2342, a ~14%
+      drop. This change should make some attacks against the hidden
+      service directory system harder. Fixes ticket 15963.
+    - Turn on hidden service statistics collection by setting the torrc
+      option HiddenServiceStatistics to "1" by default. (This keeps
+      track only of the fraction of traffic used by hidden services, and
+      the total number of hidden services in existence.) Closes
+      ticket 15254.
+    - Client now uses an introduction point failure cache to know when
+      to fetch or keep a descriptor in their cache. Previously, failures
+      were recorded implicitly, but not explicitly remembered. Closes
+      ticket 16389.
+
+  o Minor features (testing, authorities, documentation):
+    - New TestingDirAuthVote{Exit,Guard,HSDir}IsStrict flags to
+      explicitly manage consensus flags in testing networks. Patch by
+      "robgjansen", modified by "teor". Implements part of ticket 14882.
+
+  o Minor bugfixes (security, exit policies):
+    - ExitPolicyRejectPrivate now also rejects the relay's published
+      IPv6 address (if any), and any publicly routable IPv4 or IPv6
+      addresses on any local interfaces. ticket 17027. Patch by "teor".
+      Fixes bug 17027; bugfix on 0.2.0.11-alpha.
+
+  o Minor bug fixes (torrc exit policies):
+    - In torrc, "accept6 *" and "reject6 *" ExitPolicy lines now only
+      produce IPv6 wildcard addresses. Previously they would produce
+      both IPv4 and IPv6 wildcard addresses. Patch by "teor". Fixes part
+      of bug 16069; bugfix on 0.2.4.7-alpha.
+    - When parsing torrc ExitPolicies, we now warn for a number of cases
+      where the user's intent is likely to differ from Tor's actual
+      behavior. These include: using an IPv4 address with an accept6 or
+      reject6 line; using "private" on an accept6 or reject6 line; and
+      including any ExitPolicy lines after accept *:* or reject *:*.
+      Related to ticket 16069.
+    - When parsing torrc ExitPolicies, we now issue an info-level
+      message when expanding an "accept/reject *" line to include both
+      IPv4 and IPv6 wildcard addresses. Related to ticket 16069.
+    - In each instance above, usage advice is provided to avoid the
+      message. Resolves ticket 16069. Patch by "teor". Fixes part of bug
+      16069; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (authority):
+    - Don't assign "HSDir" to a router if it isn't Valid and Running.
+      Fixes bug 16524; bugfix on 0.2.7.2-alpha.
+    - Downgrade log messages about Ed25519 key issues if they are in old
+      cached router descriptors. Fixes part of bug 16286; bugfix
+      on 0.2.7.2-alpha.
+    - When we find an Ed25519 key issue in a cached descriptor, stop
+      saying the descriptor was just "uploaded". Fixes another part of
+      bug 16286; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (control port):
+    - Repair a warning and a spurious result when getting the maximum
+      number of file descriptors from the controller. Fixes bug 16697;
+      bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (correctness):
+    - When calling channel_free_list(), avoid calling smartlist_remove()
+      while inside a FOREACH loop. This partially reverts commit
+      17356fe7fd96af where the correct SMARTLIST_DEL_CURRENT was
+      incorrectly removed. Fixes bug 16924; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (documentation):
+    - Advise users on how to configure separate IPv4 and IPv6 exit
+      policies in the manpage and sample torrcs. Related to ticket 16069.
+    - Fix the usage message of tor-resolve(1) so that it no longer lists
+      the removed -F option. Fixes bug 16913; bugfix on 0.2.2.28-beta.
+    - Fix an error in the manual page and comments for
+      TestingDirAuthVoteHSDir[IsStrict], which suggested that a HSDir
+      required "ORPort connectivity". While this is true, it is in no
+      way unique to the HSDir flag. Of all the flags, only HSDirs need a
+      DirPort configured in order for the authorities to assign that
+      particular flag. Patch by "teor". Fixed as part of 14882; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor bugfixes (Ed25519):
+    - Fix a memory leak when reading router descriptors with expired
+      Ed25519 certificates. Fixes bug 16539; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Allow bridge authorities to run correctly under the seccomp2
+      sandbox. Fixes bug 16964; bugfix on 0.2.5.1-alpha.
+    - Allow routers with ed25519 keys to run correctly under the
+      seccomp2 sandbox. Fixes bug 16965; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (open file limit):
+    - Fix set_max_file_descriptors() to set by default the max open file
+      limit to the current limit when setrlimit() fails. Fixes bug
+      16274; bugfix on 0.2.0.10-alpha. Patch by dgoulet.
+
+  o Minor bugfixes (portability):
+    - Try harder to normalize the exit status of the Tor process to the
+      standard-provided range. Fixes bug 16975; bugfix on every version
+      of Tor ever.
+    - Check correctly for Windows socket errors in the workqueue
+      backend. Fixes bug 16741; bugfix on 0.2.6.3-alpha.
+    - Fix the behavior of crypto_rand_time_range() when told to consider
+      times before 1970. (These times were possible when running in a
+      simulated network environment where time()'s output starts at
+      zero.) Fixes bug 16980; bugfix on 0.2.7.1-alpha.
+    - Restore correct operation of TLS client-cipher detection on
+      OpenSSL 1.1. Fixes bug 14047; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (relay):
+    - Ensure that worker threads actually exit when a fatal error or
+      shutdown is indicated. This fix doesn't currently affect the
+      behavior of Tor, because Tor workers never indicates fatal error
+      or shutdown except in the unit tests. Fixes bug 16868; bugfix
+      on 0.2.6.3-alpha.
+    - Unblock threads before releasing the work queue mutex to ensure
+      predictable scheduling behavior. Fixes bug 16644; bugfix
+      on 0.2.6.3-alpha.
+
+  o Code simplification and refactoring:
+    - Change the function that's called when we need to retry all
+      downloads so that it only reschedules the downloads to happen
+      immediately, rather than launching them all at once itself. This
+      further simplifies Tor's callgraph.
+    - Move some format-parsing functions out of crypto.c and
+      crypto_curve25519.c into crypto_format.c and/or util_format.c.
+    - Move the client-only parts of init_keys() into a separate
+      function. Closes ticket 16763.
+    - Simplify the microdesc_free() implementation so that it no longer
+      appears (to code analysis tools) to potentially invoke a huge
+      suite of other microdesc functions.
+    - Simply the control graph further by deferring the inner body of
+      directory_all_unreachable() into a callback. Closes ticket 16762.
+    - Treat the loss of an owning controller as equivalent to a SIGTERM
+      signal. This removes a tiny amount of duplicated code, and
+      simplifies our callgraph. Closes ticket 16788.
+    - When generating an event to send to the controller, we no longer
+      put the event over the network immediately. Instead, we queue
+      these events, and use a Libevent callback to deliver them. This
+      change simplifies Tor's callgraph by reducing the number of
+      functions from which all other Tor functions are reachable. Closes
+      ticket 16695.
+    - Wrap Windows-only C files inside '#ifdef _WIN32' so that tools
+      that try to scan or compile every file on Unix won't decide that
+      they are broken.
+    - Remove the unused "nulterminate" argument from buf_pullup().
+
+  o Documentation:
+    - Recommend a 40 GB example AccountingMax in torrc.sample rather
+      than a 4 GB max. Closes ticket 16742.
+    - Include the TUNING document in our source tarball. It is referred
+      to in the ChangeLog and an error message. Fixes bug 16929; bugfix
+      on 0.2.6.1-alpha.
+
+  o Removed code:
+    - The internal pure-C tor-fw-helper tool is now removed from the Tor
+      distribution, in favor of the pure-Go clone available from
+      https://gitweb.torproject.org/tor-fw-helper.git/ . The libraries
+      used by the C tor-fw-helper are not, in our opinion, very
+      confidence- inspiring in their secure-programming techniques.
+      Closes ticket 13338.
+    - Remove the code that would try to aggressively flush controller
+      connections while writing to them. This code was introduced in
+      0.1.2.7-alpha, in order to keep output buffers from exceeding
+      their limits. But there is no longer a maximum output buffer size,
+      and flushing data in this way caused some undesirable recursions
+      in our call graph. Closes ticket 16480.
+
+  o Testing:
+    - Make "bridges+hs" the default test network. This tests almost all
+      tor functionality during make test-network, while allowing tests
+      to succeed on non-IPv6 systems. Requires chutney commit 396da92 in
+      test-network-bridges-hs. Closes tickets 16945 (tor) and 16946
+      (chutney). Patches by "teor".
+    - Autodetect CHUTNEY_PATH if the chutney and Tor sources are side-
+      by-side in the same parent directory. Closes ticket 16903. Patch
+      by "teor".
+    - Use environment variables rather than autoconf substitutions to
+      send variables from the build system to the test scripts. This
+      change should be easier to maintain, and cause 'make distcheck' to
+      work better than before. Fixes bug 17148.
+    - Add a new set of callgraph analysis scripts that use clang to
+      produce a list of which Tor functions are reachable from which
+      other Tor functions. We're planning to use these to help simplify
+      our code structure by identifying illogical dependencies.
+    - Add new 'test-full' and 'test-full-online' targets to run all
+      tests, including integration tests with stem and chutney.
+    - Make the test-workqueue test work on Windows by initializing the
+      network before we begin.
+    - New make target (make test-network-all) to run multiple applicable
+      chutney test cases. Patch from Teor; closes 16953.
+    - Unit test dns_resolve(), dns_clip_ttl() and dns_get_expiry_ttl()
+      functions in dns.c. Implements a portion of ticket 16831.
+    - When building Tor with testing coverage enabled, run Chutney tests
+      (if any) using the 'tor-cov' coverage binary.
+    - When running test-network or test-stem, check for the absence of
+      stem/chutney before doing any build operations.
+
+
+Changes in version 0.2.7.2-alpha - 2015-07-27
+  This, the second alpha in the Tor 0.2.7 series, has a number of new
+  features, including a way to manually pick the number of introduction
+  points for hidden services, and the much stronger Ed25519 signing key
+  algorithm for regular Tor relays (including support for encrypted
+  offline identity keys in the new algorithm).
+
+  Support for Ed25519 on relays is currently limited to signing router
+  descriptors; later alphas in this series will extend Ed25519 key
+  support to more parts of the Tor protocol.
+
+  o Major features (Ed25519 identity keys, Proposal 220):
+    - All relays now maintain a stronger identity key, using the Ed25519
+      elliptic curve signature format. This master key is designed so
+      that it can be kept offline. Relays also generate an online
+      signing key, and a set of other Ed25519 keys and certificates.
+      These are all automatically regenerated and rotated as needed.
+      Implements part of ticket 12498.
+    - Directory authorities now vote on Ed25519 identity keys along with
+      RSA1024 keys. Implements part of ticket 12498.
+    - Directory authorities track which Ed25519 identity keys have been
+      used with which RSA1024 identity keys, and do not allow them to
+      vary freely. Implements part of ticket 12498.
+    - Microdescriptors now include Ed25519 identity keys. Implements
+      part of ticket 12498.
+    - Add support for offline encrypted Ed25519 master keys. To use this
+      feature on your tor relay, run "tor --keygen" to make a new master
+      key (or to make a new signing key if you already have a master
+      key). Closes ticket 13642.
+
+  o Major features (Hidden services):
+    - Add the torrc option HiddenServiceNumIntroductionPoints, to
+      specify a fixed number of introduction points. Its maximum value
+      is 10 and default is 3. Using this option can increase a hidden
+      service's reliability under load, at the cost of making it more
+      visible that the hidden service is facing extra load. Closes
+      ticket 4862.
+    - Remove the adaptive algorithm for choosing the number of
+      introduction points, which used to change the number of
+      introduction points (poorly) depending on the number of
+      connections the HS sees. Closes ticket 4862.
+
+  o Major features (onion key cross-certification):
+    - Relay descriptors now include signatures of their own identity
+      keys, made using the TAP and ntor onion keys. These signatures
+      allow relays to prove ownership of their own onion keys. Because
+      of this change, microdescriptors will no longer need to include
+      RSA identity keys. Implements proposal 228; closes ticket 12499.
+
+  o Major features (performance):
+    - Improve the runtime speed of Ed25519 operations by using the
+      public-domain Ed25519-donna by Andrew M. ("floodyberry").
+      Implements ticket 16467.
+    - Improve the runtime speed of the ntor handshake by using an
+      optimized curve25519 basepoint scalarmult implementation from the
+      public-domain Ed25519-donna by Andrew M. ("floodyberry"), based on
+      ideas by Adam Langley. Implements ticket 9663.
+
+  o Major bugfixes (client-side privacy, also in 0.2.6.9):
+    - Properly separate out each SOCKSPort when applying stream
+      isolation. The error occurred because each port's session group
+      was being overwritten by a default value when the listener
+      connection was initialized. Fixes bug 16247; bugfix on
+      0.2.6.3-alpha. Patch by "jojelino".
+
+  o Major bugfixes (hidden service clients, stability, also in 0.2.6.10):
+    - Stop refusing to store updated hidden service descriptors on a
+      client. This reverts commit 9407040c59218 (which indeed fixed bug
+      14219, but introduced a major hidden service reachability
+      regression detailed in bug 16381). This is a temporary fix since
+      we can live with the minor issue in bug 14219 (it just results in
+      some load on the network) but the regression of 16381 is too much
+      of a setback. First-round fix for bug 16381; bugfix
+      on 0.2.6.3-alpha.
+
+  o Major bugfixes (hidden services):
+    - When cannibalizing a circuit for an introduction point, always
+      extend to the chosen exit node (creating a 4 hop circuit).
+      Previously Tor would use the current circuit exit node, which
+      changed the original choice of introduction point, and could cause
+      the hidden service to skip excluded introduction points or
+      reconnect to a skipped introduction point. Fixes bug 16260; bugfix
+      on 0.1.0.1-rc.
+
+  o Major bugfixes (open file limit):
+    - The open file limit wasn't checked before calling
+      tor_accept_socket_nonblocking(), which would make Tor exceed the
+      limit. Now, before opening a new socket, Tor validates the open
+      file limit just before, and if the max has been reached, return an
+      error. Fixes bug 16288; bugfix on 0.1.1.1-alpha.
+
+  o Major bugfixes (stability, also in 0.2.6.10):
+    - Stop crashing with an assertion failure when parsing certain kinds
+      of malformed or truncated microdescriptors. Fixes bug 16400;
+      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
+      by "cypherpunks_backup".
+    - Stop random client-side assertion failures that could occur when
+      connecting to a busy hidden service, or connecting to a hidden
+      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor features (directory authorities, security, also in 0.2.6.9):
+    - The HSDir flag given by authorities now requires the Stable flag.
+      For the current network, this results in going from 2887 to 2806
+      HSDirs. Also, it makes it harder for an attacker to launch a sybil
+      attack by raising the effort for a relay to become Stable to
+      require at the very least 7 days, while maintaining the 96 hours
+      uptime requirement for HSDir. Implements ticket 8243.
+
+  o Minor features (client):
+    - Relax the validation of hostnames in SOCKS5 requests, allowing the
+      character '_' to appear, in order to cope with domains observed in
+      the wild that are serving non-RFC compliant records. Resolves
+      ticket 16430.
+    - Relax the validation done to hostnames in SOCKS5 requests, and
+      allow a single trailing '.' to cope with clients that pass FQDNs
+      using that syntax to explicitly indicate that the domain name is
+      fully-qualified. Fixes bug 16674; bugfix on 0.2.6.2-alpha.
+    - Add GroupWritable and WorldWritable options to unix-socket based
+      SocksPort and ControlPort options. These options apply to a single
+      socket, and override {Control,Socks}SocketsGroupWritable. Closes
+      ticket 15220.
+
+  o Minor features (control protocol):
+    - Support network-liveness GETINFO key and NETWORK_LIVENESS event in
+      the control protocol. Resolves ticket 15358.
+
+  o Minor features (directory authorities):
+    - Directory authorities no longer vote against the "Fast", "Stable",
+      and "HSDir" flags just because they were going to vote against
+      "Running": if the consensus turns out to be that the router was
+      running, then the authority's vote should count. Patch from Peter
+      Retzlaff; closes issue 8712.
+
+  o Minor features (geoip, also in 0.2.6.10):
+    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
+
+  o Minor features (hidden services):
+    - Add the new options "HiddenServiceMaxStreams" and
+      "HiddenServiceMaxStreamsCloseCircuit" to allow hidden services to
+      limit the maximum number of simultaneous streams per circuit, and
+      optionally tear down the circuit when the limit is exceeded. Part
+      of ticket 16052.
+
+  o Minor features (portability):
+    - Use C99 variadic macros when the compiler is not GCC. This avoids
+      failing compilations on MSVC, and fixes a log-file-based race
+      condition in our old workarounds. Original patch from Gisle Vanem.
+
+  o Minor bugfixes (compilation, also in 0.2.6.9):
+    - Build with --enable-systemd correctly when libsystemd is
+      installed, but systemd is not. Fixes bug 16164; bugfix on
+      0.2.6.3-alpha. Patch from Peter Palfrader.
+
+  o Minor bugfixes (controller):
+    - Add the descriptor ID in each HS_DESC control event. It was
+      missing, but specified in control-spec.txt. Fixes bug 15881;
+      bugfix on 0.2.5.2-alpha.
+
+  o Minor bugfixes (crypto error-handling, also in 0.2.6.10):
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+      when implementing ticket 4900. Patch by "teor".
+
+  o Minor bugfixes (hidden services):
+    - Fix a crash when reloading configuration while at least one
+      configured and one ephemeral hidden service exists. Fixes bug
+      16060; bugfix on 0.2.7.1-alpha.
+    - Avoid crashing with a double-free bug when we create an ephemeral
+      hidden service but adding it fails for some reason. Fixes bug
+      16228; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Use the sandbox in tor_open_cloexec whether or not O_CLOEXEC is
+      defined. Patch by "teor". Fixes bug 16515; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.10):
+    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
+      these when eventfd2() support is missing. Fixes bug 16363; bugfix
+      on 0.2.6.3-alpha. Patch from "teor".
+
+  o Minor bugfixes (Linux seccomp2 sandbox, also in 0.2.6.9):
+    - Fix sandboxing to work when running as a relay, by allowing the
+      renaming of secret_id_key, and allowing the eventfd2 and futex
+      syscalls. Fixes bug 16244; bugfix on 0.2.6.1-alpha. Patch by
+      Peter Palfrader.
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+      Peter Palfrader.
+
+  o Minor bugfixes (relay):
+    - Fix a rarely-encountered memory leak when failing to initialize
+      the thread pool. Fixes bug 16631; bugfix on 0.2.6.3-alpha. Patch
+      from "cypherpunks".
+
+  o Minor bugfixes (systemd):
+    - Fix an accidental formatting error that broke the systemd
+      configuration file. Fixes bug 16152; bugfix on 0.2.7.1-alpha.
+    - Tor's systemd unit file no longer contains extraneous spaces.
+      These spaces would sometimes confuse tools like deb-systemd-
+      helper. Fixes bug 16162; bugfix on 0.2.5.5-alpha.
+
+  o Minor bugfixes (tests):
+    - Use the configured Python executable when running test-stem-full.
+      Fixes bug 16470; bugfix on 0.2.7.1-alpha.
+
+  o Minor bugfixes (tests, also in 0.2.6.9):
+    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+  o Minor bugfixes (threads, comments):
+    - Always initialize return value in compute_desc_id in rendcommon.c
+      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+    - Check for NULL values in getinfo_helper_onions(). Patch by "teor".
+      Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+    - Remove undefined directive-in-macro in test_util_writepid clang
+      3.7 complains that using a preprocessor directive inside a macro
+      invocation in test_util_writepid in test_util.c is undefined.
+      Patch by "teor". Fixes part of bug 16115; bugfix on 0.2.7.1-alpha.
+
+  o Code simplification and refactoring:
+    - Define WINVER and _WIN32_WINNT centrally, in orconfig.h, in order
+      to ensure they remain consistent and visible everywhere.
+    - Remove some vestigial workarounds for the MSVC6 compiler. We
+      haven't supported that in ages.
+    - The link authentication code has been refactored for better
+      testability and reliability. It now uses code generated with the
+      "trunnel" binary encoding generator, to reduce the risk of bugs
+      due to programmer error. Done as part of ticket 12498.
+
+  o Documentation:
+    - Include a specific and (hopefully) accurate documentation of the
+      torrc file's meta-format in doc/torrc_format.txt. This is mainly
+      of interest to people writing programs to parse or generate torrc
+      files. This document is not a commitment to long-term
+      compatibility; some aspects of the current format are a bit
+      ridiculous. Closes ticket 2325.
+
+  o Removed features:
+    - Tor no longer supports copies of OpenSSL that are missing support
+      for Elliptic Curve Cryptography. (We began using ECC when
+      available in 0.2.4.8-alpha, for more safe and efficient key
+      negotiation.) In particular, support for at least one of P256 or
+      P224 is now required, with manual configuration needed if only
+      P224 is available. Resolves ticket 16140.
+    - Tor no longer supports versions of OpenSSL before 1.0. (If you are
+      on an operating system that has not upgraded to OpenSSL 1.0 or
+      later, and you compile Tor from source, you will need to install a
+      more recent OpenSSL to link Tor against.) These versions of
+      OpenSSL are still supported by the OpenSSL, but the numerous
+      cryptographic improvements in later OpenSSL releases makes them a
+      clear choice. Resolves ticket 16034.
+    - Remove the HidServDirectoryV2 option. Now all relays offer to
+      store hidden service descriptors. Related to 16543.
+    - Remove the VoteOnHidServDirectoriesV2 option, since all
+      authorities have long set it to 1. Closes ticket 16543.
+
+  o Testing:
+    - Document use of coverity, clang static analyzer, and clang dynamic
+      undefined behavior and address sanitizers in doc/HACKING. Include
+      detailed usage instructions in the blacklist. Patch by "teor".
+      Closes ticket 15817.
+    - The link authentication protocol code now has extensive tests.
+    - The relay descriptor signature testing code now has
+      extensive tests.
+    - The test_workqueue program now runs faster, and is enabled by
+      default as a part of "make check".
+    - Now that OpenSSL has its own scrypt implementation, add an unit
+      test that checks for interoperability between libscrypt_scrypt()
+      and OpenSSL's EVP_PBE_scrypt() so that we could not use libscrypt
+      and rely on EVP_PBE_scrypt() whenever possible. Resolves
+      ticket 16189.
+
+
+Changes in version 0.2.6.10 - 2015-07-12
+  Tor version 0.2.6.10 fixes some significant stability and hidden
+  service client bugs, bulletproofs the cryptography init process, and
+  fixes a bug when using the sandbox code with some older versions of
+  Linux. Everyone running an older version, especially an older version
+  of 0.2.6, should upgrade.
+
+  o Major bugfixes (hidden service clients, stability):
+    - Stop refusing to store updated hidden service descriptors on a
+      client. This reverts commit 9407040c59218 (which indeed fixed bug
+      14219, but introduced a major hidden service reachability
+      regression detailed in bug 16381). This is a temporary fix since
+      we can live with the minor issue in bug 14219 (it just results in
+      some load on the network) but the regression of 16381 is too much
+      of a setback. First-round fix for bug 16381; bugfix
+      on 0.2.6.3-alpha.
+
+  o Major bugfixes (stability):
+    - Stop crashing with an assertion failure when parsing certain kinds
+      of malformed or truncated microdescriptors. Fixes bug 16400;
+      bugfix on 0.2.6.1-alpha. Found by "torkeln"; fix based on a patch
+      by "cypherpunks_backup".
+    - Stop random client-side assertion failures that could occur when
+      connecting to a busy hidden service, or connecting to a hidden
+      service while a NEWNYM is in progress. Fixes bug 16013; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor features (geoip):
+    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the June 3 2015 Maxmind GeoLite2 Country database.
+
+  o Minor bugfixes (crypto error-handling):
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+      when implementing ticket 4900. Patch by "teor".
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Allow pipe() and pipe2() syscalls in the seccomp2 sandbox: we need
+      these when eventfd2() support is missing. Fixes bug 16363; bugfix
+      on 0.2.6.3-alpha. Patch from "teor".
+
+
+Changes in version 0.2.6.9 - 2015-06-11
+  Tor 0.2.6.9 fixes a regression in the circuit isolation code, increases the
+  requirements for receiving an HSDir flag, and addresses some other small
+  bugs in the systemd and sandbox code. Clients using circuit isolation
+  should upgrade; all directory authorities should upgrade.
+
+  o Major bugfixes (client-side privacy):
+    - Properly separate out each SOCKSPort when applying stream
+      isolation. The error occurred because each port's session group was
+      being overwritten by a default value when the listener connection
+      was initialized. Fixes bug 16247; bugfix on 0.2.6.3-alpha. Patch
+      by "jojelino".
+
+  o Minor feature (directory authorities, security):
+    - The HSDir flag given by authorities now requires the Stable flag.
+      For the current network, this results in going from 2887 to 2806
+      HSDirs. Also, it makes it harder for an attacker to launch a sybil
+      attack by raising the effort for a relay to become Stable which
+      takes at the very least 7 days to do so and by keeping the 96
+      hours uptime requirement for HSDir. Implements ticket 8243.
+
+  o Minor bugfixes (compilation):
+    - Build with --enable-systemd correctly when libsystemd is
+      installed, but systemd is not. Fixes bug 16164; bugfix on
+      0.2.6.3-alpha. Patch from Peter Palfrader.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Fix sandboxing to work when running as a relaymby renaming of
+      secret_id_key, and allowing the eventfd2 and futex syscalls. Fixes
+      bug 16244; bugfix on 0.2.6.1-alpha. Patch by Peter Palfrader.
+    - Allow systemd connections to work with the Linux seccomp2 sandbox
+      code. Fixes bug 16212; bugfix on 0.2.6.2-alpha. Patch by
+      Peter Palfrader.
+
+  o Minor bugfixes (tests):
+    - Fix a crash in the unit tests when built with MSVC2013. Fixes bug
+      16030; bugfix on 0.2.6.2-alpha. Patch from "NewEraCracker".
+
+
+Changes in version 0.2.6.8 - 2015-05-21
+  Tor 0.2.6.8 fixes a bit of dodgy code in parsing INTRODUCE2 cells, and
+  fixes an authority-side bug in assigning the HSDir flag. All directory
+  authorities should upgrade.
+
+  o Major bugfixes (hidden services, backport from 0.2.7.1-alpha):
+    - Revert commit that made directory authorities assign the HSDir
+      flag to relays without a DirPort; this was bad because such relays
+      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on 0.2.1.6-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the April 8 2015 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.7.1-alpha - 2015-05-12
+  Tor 0.2.7.1-alpha is the first alpha release in its series. It
+  includes numerous small features and bugfixes against previous Tor
+  versions, and numerous small infrastructure improvements. The most
+  notable features are several new ways for controllers to interact with
+  the hidden services subsystem.
+
+  o New system requirements:
+    - Tor no longer includes workarounds to support Libevent versions
+      before 1.3e. Libevent 2.0 or later is recommended. Closes
+      ticket 15248.
+
+  o Major features (controller):
+    - Add the ADD_ONION and DEL_ONION commands that allow the creation
+      and management of hidden services via the controller. Closes
+      ticket 6411.
+    - New "GETINFO onions/current" and "GETINFO onions/detached"
+      commands to get information about hidden services created via the
+      controller. Part of ticket 6411.
+    - New HSFETCH command to launch a request for a hidden service
+      descriptor. Closes ticket 14847.
+    - New HSPOST command to upload a hidden service descriptor. Closes
+      ticket 3523. Patch by "DonnchaC".
+
+  o Major bugfixes (hidden services):
+    - Revert commit that made directory authorities assign the HSDir
+      flag to relays without a DirPort; this was bad because such relays
+      can't handle BEGIN_DIR cells. Fixes bug 15850; bugfix
+      on 0.2.6.3-alpha.
+
+  o Minor features (clock-jump tolerance):
+    - Recover better when our clock jumps back many hours, like might
+      happen for Tails or Whonix users who start with a very wrong
+      hardware clock, use Tor to discover a more accurate time, and then
+      fix their clock. Resolves part of ticket 8766.
+
+  o Minor features (command-line interface):
+    - Make --hash-password imply --hush to prevent unnecessary noise.
+      Closes ticket 15542. Patch from "cypherpunks".
+    - Print a warning whenever we find a relative file path being used
+      as torrc option. Resolves issue 14018.
+
+  o Minor features (controller):
+    - Add DirAuthority lines for default directory authorities to the
+      output of the "GETINFO config/defaults" command if not already
+      present. Implements ticket 14840.
+    - Controllers can now use "GETINFO hs/client/desc/id/..." to
+      retrieve items from the client's hidden service descriptor cache.
+      Closes ticket 14845.
+    - Implement a new controller command "GETINFO status/fresh-relay-
+      descs" to fetch a descriptor/extrainfo pair that was generated on
+      demand just for the controller's use. Implements ticket 14784.
+
+  o Minor features (DoS-resistance):
+    - Make it harder for attackers to overload hidden services with
+      introductions, by blocking multiple introduction requests on the
+      same circuit. Resolves ticket 15515.
+
+  o Minor features (geoip):
+    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the April 8 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (HS popularity countermeasure):
+    - To avoid leaking HS popularity, don't cycle the introduction point
+      when we've handled a fixed number of INTRODUCE2 cells but instead
+      cycle it when a random number of introductions is reached, thus
+      making it more difficult for an attacker to find out the amount of
+      clients that have used the introduction point for a specific HS.
+      Closes ticket 15745.
+
+  o Minor features (logging):
+    - Include the Tor version in all LD_BUG log messages, since people
+      tend to cut and paste those into the bugtracker. Implements
+      ticket 15026.
+
+  o Minor features (pluggable transports):
+    - When launching managed pluggable transports on Linux systems,
+      attempt to have the kernel deliver a SIGTERM on tor exit if the
+      pluggable transport process is still running. Resolves
+      ticket 15471.
+    - When launching managed pluggable transports, setup a valid open
+      stdin in the child process that can be used to detect if tor has
+      terminated. The "TOR_PT_EXIT_ON_STDIN_CLOSE" environment variable
+      can be used by implementations to detect this new behavior.
+      Resolves ticket 15435.
+
+  o Minor features (testing):
+    - Add a test to verify that the compiler does not eliminate our
+      memwipe() implementation. Closes ticket 15377.
+    - Add make rule `check-changes` to verify the format of changes
+      files. Closes ticket 15180.
+    - Add unit tests for control_event_is_interesting(). Add a compile-
+      time check that the number of events doesn't exceed the capacity
+      of control_event_t.event_mask. Closes ticket 15431, checks for
+      bugs similar to 13085. Patch by "teor".
+    - Command-line argument tests moved to Stem. Resolves ticket 14806.
+    - Integrate the ntor, backtrace, and zero-length keys tests into the
+      automake test suite. Closes ticket 15344.
+    - Remove assertions during builds to determine Tor's test coverage.
+      We don't want to trigger these even in assertions, so including
+      them artificially makes our branch coverage look worse than it is.
+      This patch provides the new test-stem-full and coverage-html-full
+      configure options. Implements ticket 15400.
+
+  o Minor bugfixes (build):
+    - Improve out-of-tree builds by making non-standard rules work and
+      clean up additional files and directories. Fixes bug 15053; bugfix
+      on 0.2.7.0-alpha.
+
+  o Minor bugfixes (command-line interface):
+    - When "--quiet" is provided along with "--validate-config", do not
+      write anything to stdout on success. Fixes bug 14994; bugfix
+      on 0.2.3.3-alpha.
+    - When complaining about bad arguments to "--dump-config", use
+      stderr, not stdout.
+
+  o Minor bugfixes (configuration, unit tests):
+    - Only add the default fallback directories when the DirAuthorities,
+      AlternateDirAuthority, and FallbackDir directory config options
+      are set to their defaults. The default fallback directory list is
+      currently empty, this fix will only change tor's behavior when it
+      has default fallback directories. Includes unit tests for
+      consider_adding_dir_servers(). Fixes bug 15642; bugfix on
+      90f6071d8dc0 in 0.2.4.7-alpha. Patch by "teor".
+
+  o Minor bugfixes (correctness):
+    - For correctness, avoid modifying a constant string in
+      handle_control_postdescriptor. Fixes bug 15546; bugfix
+      on 0.1.1.16-rc.
+    - Remove side-effects from tor_assert() calls. This was harmless,
+      because we never disable assertions, but it is bad style and
+      unnecessary. Fixes bug 15211; bugfix on 0.2.5.5, 0.2.2.36,
+      and 0.2.0.10.
+
+  o Minor bugfixes (hidden service):
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on 0.2.1.6-alpha.
+    - Remove an extraneous newline character from the end of hidden
+      service descriptors. Fixes bug 15296; bugfix on 0.2.0.10-alpha.
+
+  o Minor bugfixes (interface):
+    - Print usage information for --dump-config when it is used without
+      an argument. Also, fix the error message to use different wording
+      and add newline at the end. Fixes bug 15541; bugfix
+      on 0.2.5.1-alpha.
+
+  o Minor bugfixes (logs):
+    - When building Tor under Clang, do not include an extra set of
+      parentheses in log messages that include function names. Fixes bug
+      15269; bugfix on every released version of Tor when compiled with
+      recent enough Clang.
+
+  o Minor bugfixes (network):
+    - When attempting to use fallback technique for network interface
+      lookup, disregard loopback and multicast addresses since they are
+      unsuitable for public communications.
+
+  o Minor bugfixes (statistics):
+    - Disregard the ConnDirectionStatistics torrc options when Tor is
+      not a relay since in that mode of operation no sensible data is
+      being collected and because Tor might run into measurement hiccups
+      when running as a client for some time, then becoming a relay.
+      Fixes bug 15604; bugfix on 0.2.2.35.
+
+  o Minor bugfixes (test networks):
+    - When self-testing reachability, use ExtendAllowPrivateAddresses to
+      determine if local/private addresses imply reachability. The
+      previous fix used TestingTorNetwork, which implies
+      ExtendAllowPrivateAddresses, but this excluded rare configurations
+      where ExtendAllowPrivateAddresses is set but TestingTorNetwork is
+      not. Fixes bug 15771; bugfix on 0.2.6.1-alpha. Patch by "teor",
+      issue discovered by CJ Ess.
+
+  o Minor bugfixes (testing):
+    - Check for matching value in server response in ntor_ref.py. Fixes
+      bug 15591; bugfix on 0.2.4.8-alpha. Reported and fixed
+      by "joelanders".
+    - Set the severity correctly when testing
+      get_interface_addresses_ifaddrs() and
+      get_interface_addresses_win32(), so that the tests fail gracefully
+      instead of triggering an assertion. Fixes bug 15759; bugfix on
+      0.2.6.3-alpha. Reported by Nicolas Derive.
+
+  o Code simplification and refactoring:
+    - Move the hacky fallback code out of get_interface_address6() into
+      separate function and get it covered with unit-tests. Resolves
+      ticket 14710.
+    - Refactor hidden service client-side cache lookup to intelligently
+      report its various failure cases, and disentangle failure cases
+      involving a lack of introduction points. Closes ticket 14391.
+    - Use our own Base64 encoder instead of OpenSSL's, to allow more
+      control over the output. Part of ticket 15652.
+
+  o Documentation:
+    - Improve the descriptions of statistics-related torrc options in
+      the manpage to describe rationale and possible uses cases. Fixes
+      issue 15550.
+    - Improve the layout and formatting of ./configure --help messages.
+      Closes ticket 15024. Patch from "cypherpunks".
+    - Standardize on the term "server descriptor" in the manual page.
+      Previously, we had used "router descriptor", "server descriptor",
+      and "relay descriptor" interchangeably. Part of ticket 14987.
+
+  o Removed code:
+    - Remove `USE_OPENSSL_BASE64` and the corresponding fallback code
+      and always use the internal Base64 decoder. The internal decoder
+      has been part of tor since 0.2.0.10-alpha, and no one should
+      be using the OpenSSL one. Part of ticket 15652.
+    - Remove the 'tor_strclear()' function; use memwipe() instead.
+      Closes ticket 14922.
+
+  o Removed features:
+    - Remove the (seldom-used) DynamicDHGroups feature. For anti-
+      fingerprinting we now recommend pluggable transports; for forward-
+      secrecy in TLS, we now use the P-256 group. Closes ticket 13736.
+    - Remove the undocumented "--digests" command-line option. It
+      complicated our build process, caused subtle build issues on
+      multiple platforms, and is now redundant since we started
+      including git version identifiers. Closes ticket 14742.
+    - Tor no longer contains checks for ancient directory cache versions
+      that didn't know about microdescriptors.
+    - Tor no longer contains workarounds for stat files generated by
+      super-old versions of Tor that didn't choose guards sensibly.
+
+
+Changes in version 0.2.4.27 - 2015-04-06
+  Tor 0.2.4.27 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.5.12 - 2015-04-06
+  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.6.7 - 2015-04-06
+  Tor 0.2.6.7 fixes two security issues that could be used by an
+  attacker to crash hidden services, or crash clients visiting hidden
+  services. Hidden services should upgrade as soon as possible; clients
+  should upgrade whenever packages become available.
+
+  This release also contains two simple improvements to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+    - Decrease the amount of reattempts that a hidden service performs
+      when its rendezvous circuits fail. This reduces the computational
+      cost for running a hidden service under heavy load. Resolves
+      ticket 11447.
+
+
+Changes in version 0.2.6.6 - 2015-03-24
+  Tor 0.2.6.6 is the first stable release in the 0.2.6 series.
+
+  It adds numerous safety, security, correctness, and performance
+  improvements. Client programs can be configured to use more kinds of
+  sockets, AutomapHosts works better, the multithreading backend is
+  improved, cell transmission is refactored, test coverage is much
+  higher, more denial-of-service attacks are handled, guard selection is
+  improved to handle long-term guards better, pluggable transports
+  should work a bit better, and some annoying hidden service performance
+  bugs should be addressed.
+
+  o Minor bugfixes (portability):
+    - Use the correct datatype in the SipHash-2-4 function to prevent
+      compilers from assuming any sort of alignment. Fixes bug 15436;
+      bugfix on 0.2.5.3-alpha.
+
+Changes in version 0.2.6.5-rc - 2015-03-18
+  Tor 0.2.6.5-rc is the second and (hopefully) last release candidate in
+  the 0.2.6. It fixes a small number of bugs found in 0.2.6.4-rc.
+
+  o Major bugfixes (client):
+    - Avoid crashing when making certain configuration option changes on
+      clients. Fixes bug 15245; bugfix on 0.2.6.3-alpha. Reported
+      by "anonym".
+
+  o Major bugfixes (pluggable transports):
+    - Initialize the extended OR Port authentication cookie before
+      launching pluggable transports. This prevents a race condition
+      that occurred when server-side pluggable transports would cache the
+      authentication cookie before it has been (re)generated. Fixes bug
+      15240; bugfix on 0.2.5.1-alpha.
+
+  o Major bugfixes (portability):
+    - Do not crash on startup when running on Solaris. Fixes a bug
+      related to our fix for 9495; bugfix on 0.2.6.1-alpha. Reported
+      by "ruebezahl".
+
+  o Minor features (heartbeat):
+    - On relays, report how many connections we negotiated using each
+      version of the Tor link protocols. This information will let us
+      know if removing support for very old versions of the Tor
+      protocols is harming the network. Closes ticket 15212.
+
+  o Code simplification and refactoring:
+    - Refactor main loop to extract the 'loop' part. This makes it
+      easier to run Tor under Shadow. Closes ticket 15176.
+
+
+Changes in version 0.2.5.11 - 2015-03-17
+  Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+  It backports several bugfixes from the 0.2.6 branch, including a
+  couple of medium-level security fixes for relays and exit nodes.
+  It also updates the list of directory authorities.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Minor features (controller):
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (compilation):
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+  Tor 0.2.4.26 includes an updated list of directory authorities.  It
+  also backports a couple of stability and security bugfixes from 0.2.5
+  and beyond.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+Changes in version 0.2.6.4-rc - 2015-03-09
+  Tor 0.2.6.4-alpha fixes an issue in the directory code that an
+  attacker might be able to use in order to crash certain Tor
+  directories. It also resolves some minor issues left over from, or
+  introduced in, Tor 0.2.6.3-alpha or earlier.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout is passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from "cypherpunks".
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (FreeBSD IPFW transparent proxy):
+    - Fix address detection with FreeBSD transparent proxies, when
+      "TransProxyType ipfw" is in use. Fixes bug 15064; bugfix
+      on 0.2.5.4-alpha.
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Pass IPPROTO_TCP rather than 0 to socket(), so that the Linux
+      seccomp2 sandbox doesn't fail. Fixes bug 14989; bugfix
+      on 0.2.6.3-alpha.
+    - Allow AF_UNIX hidden services to be used with the seccomp2
+      sandbox. Fixes bug 15003; bugfix on 0.2.6.3-alpha.
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Minor features (controller):
+    - Messages about problems in the bootstrap process now include
+      information about the server we were trying to connect to when we
+      noticed the problem. Closes ticket 15006.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (logs):
+    - Quiet some log messages in the heartbeat and at startup. Closes
+      ticket 14950.
+
+  o Minor bugfixes (certificate handling):
+    - If an authority operator accidentally makes a signing certificate
+      with a future publication time, do not discard its real signing
+      certificates. Fixes bug 11457; bugfix on 0.2.0.3-alpha.
+    - Remove any old authority certificates that have been superseded
+      for at least two days. Previously, we would keep superseded
+      certificates until they expired, if they were published close in
+      time to the certificate that superseded them. Fixes bug 11454;
+      bugfix on 0.2.1.8-alpha.
+
+  o Minor bugfixes (compilation):
+    - Fix a compilation warning on s390. Fixes bug 14988; bugfix
+      on 0.2.5.2-alpha.
+    - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix
+      on 0.2.6.2-alpha.
+
+  o Minor bugfixes (testing):
+    - Fix endianness issues in unit test for resolve_my_address() to
+      have it pass on big endian systems. Fixes bug 14980; bugfix on
+      Tor 0.2.6.3-alpha.
+    - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
+      15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
+    - When running the new 'make test-stem' target, use the configured
+      python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
+      from "cypherpunks".
+    - When running the zero-length-keys tests, do not use the default
+      torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
+      by "reezer".
+
+  o Directory authority IP change:
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Removed code:
+    - Remove some lingering dead code that once supported mempools.
+      Mempools were disabled by default in 0.2.5, and removed entirely
+      in 0.2.6.3-alpha. Closes more of ticket 14848; patch
+      by "cypherpunks".
+
+
+Changes in version 0.2.6.3-alpha - 2015-02-19
+  Tor 0.2.6.3-alpha is the third (and hopefully final) alpha release in
+  the 0.2.6.x series. It introduces support for more kinds of sockets,
+  makes it harder to accidentally run an exit, improves our
+  multithreading backend, incorporates several fixes for the
+  AutomapHostsOnResolve option, and fixes numerous other bugs besides.
+
+  If no major regressions or security holes are found in this version,
+  the next version will be a release candidate.
+
+  o Deprecated versions:
+    - Tor relays older than 0.2.4.18-rc are no longer allowed to
+      advertise themselves on the network. Closes ticket 13555.
+
+  o Major features (security, unix domain sockets):
+    - Allow SocksPort to be an AF_UNIX Unix Domain Socket. Now high risk
+      applications can reach Tor without having to create AF_INET or
+      AF_INET6 sockets, meaning they can completely disable their
+      ability to make non-Tor network connections. To create a socket of
+      this type, use "SocksPort unix:/path/to/socket". Implements
+      ticket 12585.
+    - Support mapping hidden service virtual ports to AF_UNIX sockets.
+      The syntax is "HiddenServicePort 80 unix:/path/to/socket".
+      Implements ticket 11485.
+
+  o Major features (changed defaults):
+    - Prevent relay operators from unintentionally running exits: When a
+      relay is configured as an exit node, we now warn the user unless
+      the "ExitRelay" option is set to 1. We warn even more loudly if
+      the relay is configured with the default exit policy, since this
+      can indicate accidental misconfiguration. Setting "ExitRelay 0"
+      stops Tor from running as an exit relay. Closes ticket 10067.
+
+  o Major features (directory system):
+    - When downloading server- or microdescriptors from a directory
+      server, we no longer launch multiple simultaneous requests to the
+      same server. This reduces load on the directory servers,
+      especially when directory guards are in use. Closes ticket 9969.
+    - When downloading server- or microdescriptors over a tunneled
+      connection, do not limit the length of our requests to what the
+      Squid proxy is willing to handle. Part of ticket 9969.
+    - Authorities can now vote on the correct digests and latest
+      versions for different software packages. This allows packages
+      that include Tor to use the Tor authority system as a way to get
+      notified of updates and their correct digests. Implements proposal
+      227. Closes ticket 10395.
+
+  o Major features (guards):
+    - Introduce the Guardfraction feature to improves load balancing on
+      guard nodes. Specifically, it aims to reduce the traffic gap that
+      guard nodes experience when they first get the Guard flag. This is
+      a required step if we want to increase the guard lifetime to 9
+      months or greater.  Closes ticket 9321.
+
+  o Major features (performance):
+    - Make the CPU worker implementation more efficient by avoiding the
+      kernel and lengthening pipelines. The original implementation used
+      sockets to transfer data from the main thread to the workers, and
+      didn't allow any thread to be assigned more than a single piece of
+      work at once. The new implementation avoids communications
+      overhead by making requests in shared memory, avoiding kernel IO
+      where possible, and keeping more requests in flight at once.
+      Implements ticket 9682.
+
+  o Major features (relay):
+    - Raise the minimum acceptable configured bandwidth rate for bridges
+      to 50 KiB/sec and for relays to 75 KiB/sec. (The old values were
+      20 KiB/sec.) Closes ticket 13822.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (mixed relay-client operation):
+    - When running as a relay and client at the same time (not
+      recommended), if we decide not to use a new guard because we want
+      to retry older guards, only close the locally-originating circuits
+      passing through that guard. Previously we would close all the
+      circuits through that guard. Fixes bug 9819; bugfix on
+      0.2.1.1-alpha. Reported by "skruffy".
+
+  o Minor features (build):
+    - New --disable-system-torrc compile-time option to prevent Tor from
+      looking for the system-wide torrc or torrc-defaults files.
+      Resolves ticket 13037.
+
+  o Minor features (controller):
+    - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
+      events so controllers can observe circuit isolation inputs. Closes
+      ticket 8405.
+    - ControlPort now supports the unix:/path/to/socket syntax as an
+      alternative to the ControlSocket option, for consistency with
+      SocksPort and HiddenServicePort. Closes ticket 14451.
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+
+  o Minor features (Denial of service resistance):
+    - Count the total number of bytes used storing hidden service
+      descriptors against the value of MaxMemInQueues. If we're low on
+      memory, and more than 20% of our memory is used holding hidden
+      service descriptors, free them until no more than 10% of our
+      memory holds hidden service descriptors. Free the least recently
+      fetched descriptors first. Resolves ticket 13806.
+    - When we have recently been under memory pressure (over 3/4 of
+      MaxMemInQueues is allocated), then allocate smaller zlib objects
+      for small requests. Closes ticket 11791.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 files to the January 7 2015 Maxmind
+      GeoLite2 Country database.
+
+  o Minor features (guard nodes):
+    - Reduce the time delay before saving guard status to disk from 10
+      minutes to 30 seconds (or from one hour to 10 minutes if
+      AvoidDiskWrites is set). Closes ticket 12485.
+
+  o Minor features (hidden service):
+    - Make Sybil attacks against hidden services harder by changing the
+      minimum time required to get the HSDir flag from 25 hours up to 96
+      hours. Addresses ticket 14149.
+    - New option "HiddenServiceAllowUnknownPorts" to allow hidden
+      services to disable the anti-scanning feature introduced in
+      0.2.6.2-alpha. With this option not set, a connection to an
+      unlisted port closes the circuit. With this option set, only a
+      RELAY_DONE cell is sent. Closes ticket 14084.
+
+  o Minor features (interface):
+    - Implement "-f -" command-line option to read torrc configuration
+      from standard input, if you don't want to store the torrc file in
+      the file system. Implements feature 13865.
+
+  o Minor features (logging):
+    - Add a count of unique clients to the bridge heartbeat message.
+      Resolves ticket 6852.
+    - Suppress "router info incompatible with extra info" message when
+      reading extrainfo documents from cache. (This message got loud
+      around when we closed bug 9812 in 0.2.6.2-alpha.) Closes
+      ticket 13762.
+    - Elevate hidden service authorized-client message from DEBUG to
+      INFO. Closes ticket 14015.
+
+  o Minor features (stability):
+    - Add assertions in our hash-table iteration code to check for
+      corrupted values that could cause infinite loops. Closes
+      ticket 11737.
+
+  o Minor features (systemd):
+    - Various improvements and modernizations in systemd hardening
+      support. Closes ticket 13805. Patch from Craig Andrews.
+
+  o Minor features (testing networks):
+    - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
+      and the default on a testing network to 2 minutes. Drop the
+      MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds, but
+      keep the default on a testing network at 30 seconds. This reduces
+      HS bootstrap time to around 25 seconds. Also, change the default
+      time in test-network.sh to match. Closes ticket 13401. Patch
+      by "teor".
+    - Create TestingDirAuthVoteHSDir to correspond to
+      TestingDirAuthVoteExit/Guard. Ensures that authorities vote the
+      HSDir flag for the listed relays regardless of uptime or ORPort
+      connectivity. Respects the value of VoteOnHidServDirectoriesV2.
+      Partial implementation for ticket 14067. Patch by "teor".
+
+  o Minor features (tor2web mode):
+    - Introduce the config option Tor2webRendezvousPoints, which allows
+      clients in Tor2webMode to select a specific Rendezvous Point to be
+      used in HS circuits. This might allow better performance for
+      Tor2Web nodes. Implements ticket 12844.
+
+  o Minor bugfixes (client DNS):
+    - Report the correct cached DNS expiration times on SOCKS port or in
+      DNS replies. Previously, we would report everything as "never
+      expires." Fixes bug 14193; bugfix on 0.2.3.17-beta.
+    - Avoid a small memory leak when we find a cached answer for a
+      reverse DNS lookup in a client-side DNS cache. (Remember, client-
+      side DNS caching is off by default, and is not recommended.) Fixes
+      bug 14259; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+    - Prevent changes to other options from removing the wildcard value
+      "." from "AutomapHostsSuffixes". Fixes bug 12509; bugfix
+      on 0.2.0.1-alpha.
+    - Allow MapAddress and AutomapHostsOnResolve to work together when
+      an address is mapped into another address type (like .onion) that
+      must be automapped at resolve time. Fixes bug 7555; bugfix
+      on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client, bridges):
+    - When we are using bridges and we had a network connectivity
+      problem, only retry connecting to our currently configured
+      bridges, not all bridges we know about and remember using. Fixes
+      bug 14216; bugfix on 0.2.2.17-alpha.
+
+  o Minor bugfixes (client, IPv6):
+    - Reject socks requests to literal IPv6 addresses when IPv6Traffic
+      flag is not set; and not because the NoIPv4Traffic flag was set.
+      Previously we'd looked at the NoIPv4Traffic flag for both types of
+      literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (compilation):
+    - The address of an array in the middle of a structure will always
+      be non-NULL. clang recognises this and complains. Disable the
+      tautologous and redundant check to silence this warning. Fixes bug
+      14001; bugfix on 0.2.1.2-alpha.
+    - Avoid warnings when building with systemd 209 or later. Fixes bug
+      14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".
+    - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
+      Addresses ticket 14188.
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+    - Do not compile any code related to Tor2Web mode when Tor2Web mode
+      is not enabled at compile time. Previously, this code was included
+      in a disabled state. See discussion on ticket 12844.
+    - Remove the --disable-threads configure option again. It was
+      accidentally partially reintroduced in 29ac883606d6d. Fixes bug
+      14819; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (controller):
+    - Report "down" in response to the "GETINFO entry-guards" command
+      when relays are down with an unreachable_since value. Previously,
+      we would report "up". Fixes bug 14184; bugfix on 0.1.2.2-alpha.
+    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug
+      14116; bugfix on 0.2.2.9-alpha.
+    - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close
+      reason. Fixes bug 14207; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Do not attempt to download extrainfo documents which we will be
+      unable to validate with a matching server descriptor. Fixes bug
+      13762; bugfix on 0.2.0.1-alpha.
+    - Fix a bug that was truncating AUTHDIR_NEWDESC events sent to the
+      control port. Fixes bug 14953; bugfix on 0.2.0.1-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (file handling):
+    - Stop failing when key files are zero-length. Instead, generate new
+      keys, and overwrite the empty key files. Fixes bug 13111; bugfix
+      on all versions of Tor. Patch by "teor".
+    - Stop generating a fresh .old RSA onion key file when the .old file
+      is missing. Fixes part of 13111; bugfix on 0.0.6rc1.
+    - Avoid overwriting .old key files with empty key files.
+    - Skip loading zero-length extrainfo store, router store, stats,
+      state, and key files.
+    - Avoid crashing when trying to reload a torrc specified as a
+      relative path with RunAsDaemon turned on. Fixes bug 13397; bugfix
+      on 0.2.3.11-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Close the introduction circuit when we have no more usable intro
+      points, instead of waiting for it to time out. This also ensures
+      that no follow-up HS descriptor fetch is triggered when the
+      circuit eventually times out. Fixes bug 14224; bugfix on 0.0.6.
+    - When fetching a hidden service descriptor for a down service that
+      was recently up, do not keep refetching until we try the same
+      replica twice in a row. Fixes bug 14219; bugfix on 0.2.0.10-alpha.
+    - Successfully launch Tor with a nonexistent hidden service
+      directory. Our fix for bug 13942 didn't catch this case. Fixes bug
+      14106; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (logging):
+    - Avoid crashing when there are more log domains than entries in
+      domain_list. Bugfix on 0.2.3.1-alpha.
+    - Add a string representation for LD_SCHED. Fixes bug 14740; bugfix
+      on 0.2.6.1-alpha.
+    - Don't log messages to stdout twice when starting up. Fixes bug
+      13993; bugfix on 0.2.6.1-alpha.
+
+  o Minor bugfixes (parsing):
+    - Stop accepting milliseconds (or other junk) at the end of
+      descriptor publication times. Fixes bug 9286; bugfix on 0.0.2pre25.
+    - Support two-number and three-number version numbers correctly, in
+      case we change the Tor versioning system in the future. Fixes bug
+      13661; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (path counting):
+    - When deciding whether the consensus lists any exit nodes, count
+      the number listed in the consensus, not the number we have
+      descriptors for. Fixes part of bug 14918; bugfix on 0.2.6.2-alpha.
+    - When deciding whether we have any exit nodes, only examine
+      ExitNodes when the ExitNodes option is actually set. Fixes part of
+      bug 14918; bugfix on 0.2.6.2-alpha.
+    - Get rid of redundant and possibly scary warnings that we are
+      missing directory information while we bootstrap. Fixes part of
+      bug 14918; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (portability):
+    - Fix the ioctl()-based network interface lookup code so that it
+      will work on systems that have variable-length struct ifreq, for
+      example Mac OS X.
+    - Fix scheduler compilation on targets where char is unsigned. Fixes
+      bug 14764; bugfix on 0.2.6.2-alpha. Reported by Christian Kujau.
+
+  o Minor bugfixes (sandbox):
+    - Allow glibc fatal errors to be sent to stderr before Tor exits.
+      Previously, glibc would try to write them to /dev/tty, and the
+      sandbox would trap the call and make Tor exit prematurely. Fixes
+      bug 14759; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (shutdown):
+    - When shutting down, always call event_del() on lingering read or
+      write events before freeing them. Otherwise, we risk double-frees
+      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix
+      on 0.1.0.2-rc.
+
+  o Minor bugfixes (small memory leaks):
+    - Avoid leaking memory when using IPv6 virtual address mappings.
+      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van
+      der Woerdt.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (systemd support):
+    - Fix detection and operation of systemd watchdog. Fixes part of bug
+      14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz.
+    - Run correctly under systemd with the RunAsDaemon option set. Fixes
+      part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz Torcz.
+    - Inform the systemd supervisor about more changes in the Tor
+      process status. Implements part of ticket 14141. Patch from
+      Tomasz Torcz.
+    - Cause the "--disable-systemd" option to actually disable systemd
+      support. Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch
+      from "blueness".
+
+  o Minor bugfixes (TLS):
+    - Check more thoroughly throughout the TLS code for possible
+      unlogged TLS errors. Possible diagnostic or fix for bug 13319.
+
+  o Minor bugfixes (transparent proxy):
+    - Use getsockname, not getsockopt, to retrieve the address for a
+      TPROXY-redirected connection. Fixes bug 13796; bugfix
+      on 0.2.5.2-alpha.
+
+  o Code simplification and refactoring:
+    - Move fields related to isolating and configuring client ports into
+      a shared structure. Previously, they were duplicated across
+      port_cfg_t, listener_connection_t, and edge_connection_t. Failure
+      to copy them correctly had been the cause of at least one bug in
+      the past. Closes ticket 8546.
+    - Refactor the get_interface_addresses_raw() doom-function into
+      multiple smaller and simpler subfunctions. Cover the resulting
+      subfunctions with unit-tests. Fixes a significant portion of
+      issue 12376.
+    - Remove workaround in dirserv_thinks_router_is_hs_dir() that was
+      only for version <= 0.2.2.24 which is now deprecated. Closes
+      ticket 14202.
+    - Remove a test for a long-defunct broken version-one
+      directory server.
+
+  o Documentation:
+    - Adding section on OpenBSD to our TUNING document. Thanks to mmcc
+      for writing the OpenBSD-specific tips. Resolves ticket 13702.
+    - Make the tor-resolve documentation match its help string and its
+      options. Resolves part of ticket 14325.
+    - Log a more useful error message from tor-resolve when failing to
+      look up a hidden service address. Resolves part of ticket 14325.
+
+  o Downgraded warnings:
+    - Don't warn when we've attempted to contact a relay using the wrong
+      ntor onion key. Closes ticket 9635.
+
+  o Removed features:
+    - To avoid confusion with the "ExitRelay" option, "ExitNode" is no
+      longer silently accepted as an alias for "ExitNodes".
+    - The --enable-mempool and --enable-buf-freelists options, which
+      were originally created to work around bad malloc implementations,
+      no longer exist. They were off-by-default in 0.2.5. Closes
+      ticket 14848.
+
+  o Testing:
+    - Make the checkdir/perms test complete successfully even if the
+      global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha.
+    - Test that tor does not fail when key files are zero-length. Check
+      that tor generates new keys, and overwrites the empty key files.
+    - Test that tor generates new keys when keys are missing
+      (existing behavior).
+    - Test that tor does not overwrite key files that already contain
+      data (existing behavior). Tests bug 13111. Patch by "teor".
+    - New "make test-stem" target to run stem integration tests.
+      Requires that the "STEM_SOURCE_DIR" environment variable be set.
+      Closes ticket 14107.
+    - Make the test_cmdline_args.py script work correctly on Windows.
+      Patch from Gisle Vanem.
+    - Move the slower unit tests into a new "./src/test/test-slow"
+      binary that can be run independently of the other tests. Closes
+      ticket 13243.
+    - Avoid undefined behavior when sampling huge values from the
+      Laplace distribution. This made unittests fail on Raspberry Pi.
+      Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha.
+
+
+Changes in version 0.2.6.2-alpha - 2014-12-31
+  Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
+  It introduces a major new backend for deciding when to send cells on
+  channels, which should lead down the road to big performance
+  increases. It contains security and statistics features for better
+  work on hidden services, and numerous bugfixes.
+
+  This release contains many new unit tests, along with major
+  performance improvements for running testing networks using Chutney.
+  Thanks to a series of patches contributed by "teor", testing networks
+  should now bootstrap in seconds, rather than minutes.
+
+  o Major features (relay, infrastructure):
+    - Complete revision of the code that relays use to decide which cell
+      to send next. Formerly, we selected the best circuit to write on
+      each channel, but we didn't select among channels in any
+      sophisticated way. Now, we choose the best circuits globally from
+      among those whose channels are ready to deliver traffic.
+
+      This patch implements a new inter-cmux comparison API, a global
+      high/low watermark mechanism and a global scheduler loop for
+      transmission prioritization across all channels as well as among
+      circuits on one channel. This schedule is currently tuned to
+      (tolerantly) avoid making changes in network performance, but it
+      should form the basis for major circuit performance increases in
+      the future. Code by Andrea; tuning by Rob Jansen; implements
+      ticket 9262.
+
+  o Major features (hidden services):
+    - Make HS port scanning more difficult by immediately closing the
+      circuit when a user attempts to connect to a nonexistent port.
+      Closes ticket 13667.
+    - Add a HiddenServiceStatistics option that allows Tor relays to
+      gather and publish statistics about the overall size and volume of
+      hidden service usage. Specifically, when this option is turned on,
+      an HSDir will publish an approximate number of hidden services
+      that have published descriptors to it the past 24 hours. Also, if
+      a relay has acted as a hidden service rendezvous point, it will
+      publish the approximate amount of rendezvous cells it has relayed
+      the past 24 hours. The statistics themselves are obfuscated so
+      that the exact values cannot be derived. For more details see
+      proposal 238, "Better hidden service stats from Tor relays". This
+      feature is currently disabled by default. Implements feature 13192.
+
+  o Major bugfixes (client, automap):
+    - Repair automapping with IPv6 addresses. This automapping should
+      have worked previously, but one piece of debugging code that we
+      inserted to detect a regression actually caused the regression to
+      manifest itself again. Fixes bug 13811 and bug 12831; bugfix on
+      0.2.4.7-alpha. Diagnosed and fixed by Francisco Blas
+      Izquierdo Riera.
+
+  o Major bugfixes (hidden services):
+    - When closing an introduction circuit that was opened in parallel
+      with others, don't mark the introduction point as unreachable.
+      Previously, the first successful connection to an introduction
+      point would make the other introduction points get marked as
+      having timed out. Fixes bug 13698; bugfix on 0.0.6rc2.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+
+  o Major removed features:
+    - Tor clients no longer support connecting to hidden services
+      running on Tor 0.2.2.x and earlier; the Support022HiddenServices
+      option has been removed. (There shouldn't be any hidden services
+      running these versions on the network.) Closes ticket 7803.
+
+  o Minor features (client):
+    - Validate hostnames in SOCKS5 requests more strictly. If SafeSocks
+      is enabled, reject requests with IP addresses as hostnames.
+      Resolves ticket 13315.
+
+  o Minor features (controller):
+    - Add a "SIGNAL HEARTBEAT" controller command that tells Tor to
+      write an unscheduled heartbeat message to the log. Implements
+      feature 9503.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 15 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (hidden services):
+    - When re-enabling the network, don't try to build introduction
+      circuits until we have successfully built a circuit. This makes
+      hidden services come up faster when the network is re-enabled.
+      Patch from "akwizgran". Closes ticket 13447.
+    - When we fail to retrieve a hidden service descriptor, send the
+      controller an "HS_DESC FAILED" controller event. Implements
+      feature 13212.
+    - New HiddenServiceDirGroupReadable option to cause hidden service
+      directories and hostname files to be created group-readable. Patch
+      from "anon", David Stainton, and "meejah". Closes ticket 11291.
+
+  o Minor features (systemd):
+    - Where supported, when running with systemd, report successful
+      startup to systemd. Part of ticket 11016. Patch by Michael Scherer.
+    - When running with systemd, support systemd watchdog messages. Part
+      of ticket 11016. Patch by Michael Scherer.
+
+  o Minor features (transparent proxy):
+    - Update the transparent proxy option checks to allow for both ipfw
+      and pf on OS X. Closes ticket 14002.
+    - Use the correct option when using IPv6 with transparent proxy
+      support on Linux. Resolves 13808. Patch by Francisco Blas
+      Izquierdo Riera.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+    - Clear all memory targeted by tor_addr_{to,from}_sockaddr(), not
+      just the part that's used. This makes it harder for data leak bugs
+      to occur in the event of other programming failures. Resolves
+      ticket 14041.
+
+  o Minor bugfixes (client, microdescriptors):
+    - Use a full 256 bits of the SHA256 digest of a microdescriptor when
+      computing which microdescriptors to download. This keeps us from
+      erroneous download behavior if two microdescriptor digests ever
+      have the same first 160 bits. Fixes part of bug 13399; bugfix
+      on 0.2.3.1-alpha.
+    - Reset a router's status if its microdescriptor digest changes,
+      even if the first 160 bits remain the same. Fixes part of bug
+      13399; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (compilation):
+    - Silence clang warnings under --enable-expensive-hardening,
+      including implicit truncation of 64 bit values to 32 bit, const
+      char assignment to self, tautological compare, and additional
+      parentheses around equality tests. Fixes bug 13577; bugfix
+      on 0.2.5.4-alpha.
+    - Fix a clang warning about checking whether an address in the
+      middle of a structure is NULL. Fixes bug 14001; bugfix
+      on 0.2.1.2-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Correctly send a controller event when we find that a rendezvous
+      circuit has finished. Fixes bug 13936; bugfix on 0.1.1.5-alpha.
+    - Pre-check directory permissions for new hidden-services to avoid
+      at least one case of "Bug: Acting on config options left us in a
+      broken state. Dying." Fixes bug 13942; bugfix on 0.0.6pre1.
+    - When adding a new hidden service (for example, via SETCONF), Tor
+      no longer congratulates the user for running a relay. Fixes bug
+      13941; bugfix on 0.2.6.1-alpha.
+    - When fetching hidden service descriptors, we now check not only
+      for whether we got the hidden service we had in mind, but also
+      whether we got the particular descriptors we wanted. This prevents
+      a class of inefficient but annoying DoS attacks by hidden service
+      directories. Fixes bug 13214; bugfix on 0.2.1.6-alpha. Reported
+      by "special".
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Make transparent proxy support work along with the seccomp2
+      sandbox. Fixes part of bug 13808; bugfix on 0.2.5.1-alpha. Patch
+      by Francisco Blas Izquierdo Riera.
+    - Fix a memory leak in tor-resolve when running with the sandbox
+      enabled. Fixes bug 14050; bugfix on 0.2.5.9-rc.
+
+  o Minor bugfixes (logging):
+    - Downgrade warnings about RSA signature failures to info log level.
+      Emit a warning when an extra info document is found incompatible
+      with a corresponding router descriptor. Fixes bug 9812; bugfix
+      on 0.0.6rc3.
+    - Make connection_ap_handshake_attach_circuit() log the circuit ID
+      correctly. Fixes bug 13701; bugfix on 0.0.6.
+
+  o Minor bugfixes (misc):
+    - Stop allowing invalid address patterns like "*/24" that contain
+      both a wildcard address and a bit prefix length. This affects all
+      our address-range parsing code. Fixes bug 7484; bugfix
+      on 0.0.2pre14.
+
+  o Minor bugfixes (testing networks, fast startup):
+    - Allow Tor to build circuits using a consensus with no exits. If
+      the consensus has no exits (typical of a bootstrapping test
+      network), allow Tor to build circuits once enough descriptors have
+      been downloaded. This assists in bootstrapping a testing Tor
+      network. Fixes bug 13718; bugfix on 0.2.4.10-alpha. Patch
+      by "teor".
+    - When V3AuthVotingInterval is low, give a lower If-Modified-Since
+      header to directory servers. This allows us to obtain consensuses
+      promptly when the consensus interval is very short. This assists
+      in bootstrapping a testing Tor network. Fixes parts of bugs 13718
+      and 13963; bugfix on 0.2.0.3-alpha. Patch by "teor".
+    - Stop assuming that private addresses are local when checking
+      reachability in a TestingTorNetwork. Instead, when testing, assume
+      all OR connections are remote. (This is necessary due to many test
+      scenarios running all relays on localhost.) This assists in
+      bootstrapping a testing Tor network. Fixes bug 13924; bugfix on
+      0.1.0.1-rc. Patch by "teor".
+    - Avoid building exit circuits from a consensus with no exits. Now
+      thanks to our fix for 13718, we accept a no-exit network as not
+      wholly lost, but we need to remember not to try to build exit
+      circuits on it. Closes ticket 13814; patch by "teor".
+    - Stop requiring exits to have non-zero bandwithcapacity in a
+      TestingTorNetwork. Instead, when TestingMinExitFlagThreshold is 0,
+      ignore exit bandwidthcapacity. This assists in bootstrapping a
+      testing Tor network. Fixes parts of bugs 13718 and 13839; bugfix
+      on 0.2.0.3-alpha. Patch by "teor".
+    - Add "internal" to some bootstrap statuses when no exits are
+      available. If the consensus does not contain Exits, Tor will only
+      build internal circuits. In this case, relevant statuses will
+      contain the word "internal" as indicated in the Tor control-
+       spec.txt. When bootstrap completes, Tor will be ready to build
+      internal circuits. If a future consensus contains Exits, exit
+      circuits may become available. Fixes part of bug 13718; bugfix on
+      0.2.4.10-alpha. Patch by "teor".
+    - Decrease minimum consensus interval to 10 seconds when
+      TestingTorNetwork is set, or 5 seconds for the first consensus.
+      Fix assumptions throughout the code that assume larger intervals.
+      Fixes bugs 13718 and 13823; bugfix on 0.2.0.3-alpha. Patch
+      by "teor".
+    - Avoid excluding guards from path building in minimal test
+      networks, when we're in a test network and excluding guards would
+      exclude all relays. This typically occurs in incredibly small tor
+      networks, and those using "TestingAuthVoteGuard *". Fixes part of
+      bug 13718; bugfix on 0.1.1.11-alpha. Patch by "teor".
+
+  o Code simplification and refactoring:
+    - Stop using can_complete_circuits as a global variable; access it
+      with a function instead.
+    - Avoid using operators directly as macro arguments: this lets us
+      apply coccinelle transformations to our codebase more directly.
+      Closes ticket 13172.
+    - Combine the functions used to parse ClientTransportPlugin and
+      ServerTransportPlugin into a single function. Closes ticket 6456.
+    - Add inline functions and convenience macros for inspecting channel
+      state. Refactor the code to use convenience macros instead of
+      checking channel state directly. Fixes issue 7356.
+    - Document all members of was_router_added_t and rename
+      ROUTER_WAS_NOT_NEW to ROUTER_IS_ALREADY_KNOWN to make it less
+      confusable with ROUTER_WAS_TOO_OLD. Fixes issue 13644.
+    - In connection_exit_begin_conn(), use END_CIRC_REASON_TORPROTOCOL
+      constant instead of hardcoded value. Fixes issue 13840.
+    - Refactor our generic strmap and digestmap types into a single
+      implementation, so that we can add a new digest256map
+      type trivially.
+
+  o Documentation:
+    - Document the bridge-authority-only 'networkstatus-bridges' file.
+      Closes ticket 13713; patch from "tom".
+    - Fix typo in PredictedPortsRelevanceTime option description in
+      manpage. Resolves issue 13707.
+    - Stop suggesting that users specify relays by nickname: it isn't a
+      good idea. Also, properly cross-reference how to specify relays in
+      all parts of manual documenting options that take a list of
+      relays. Closes ticket 13381.
+    - Clarify the HiddenServiceDir option description in manpage to make
+      it clear that relative paths are taken with respect to the current
+      working directory. Also clarify that this behavior is not
+      guaranteed to remain indefinitely. Fixes issue 13913.
+
+  o Testing:
+    - New tests for many parts of channel, relay, and circuitmux
+      functionality. Code by Andrea; part of 9262.
+    - New tests for parse_transport_line(). Part of ticket 6456.
+    - In the unit tests, use chgrp() to change the group of the unit
+      test temporary directory to the current user, so that the sticky
+      bit doesn't interfere with tests that check directory groups.
+      Closes 13678.
+    - Add unit tests for resolve_my_addr(). Part of ticket 12376; patch
+      by 'rl1987'.
+
+
+Changes in version 0.2.6.1-alpha - 2014-10-30
+  Tor 0.2.6.1-alpha is the first release in the Tor 0.2.6.x series. It
+  includes numerous code cleanups and new tests, and fixes a large
+  number of annoying bugs. Out-of-memory conditions are handled better
+  than in 0.2.5, pluggable transports have improved proxy support, and
+  clients now use optimistic data for contacting hidden services. Also,
+  we are now more robust to changes in what we consider a parseable
+  directory object, so that tightening restrictions does not have a risk
+  of introducing infinite download loops.
+
+  This is the first alpha release in a new series, so expect there to be
+  bugs. Users who would rather test out a more stable branch should stay
+  with 0.2.5.x for now.
+
+  o New compiler and system requirements:
+    - Tor 0.2.6.x requires that your compiler support more of the C99
+      language standard than before. The 'configure' script now detects
+      whether your compiler supports C99 mid-block declarations and
+      designated initializers. If it does not, Tor will not compile.
+
+      We may revisit this requirement if it turns out that a significant
+      number of people need to build Tor with compilers that don't
+      bother implementing a 15-year-old standard. Closes ticket 13233.
+    - Tor no longer supports systems without threading support. When we
+      began working on Tor, there were several systems that didn't have
+      threads, or where the thread support wasn't able to run the
+      threads of a single process on multiple CPUs. That no longer
+      holds: every system where Tor needs to run well now has threading
+      support. Resolves ticket 12439.
+
+  o Removed platform support:
+    - We no longer include special code to build on Windows CE; as far
+      as we know, nobody has used Tor on Windows CE in a very long time.
+      Closes ticket 11446.
+
+  o Major features (bridges):
+    - Expose the outgoing upstream HTTP/SOCKS proxy to pluggable
+      transports if they are configured via the "TOR_PT_PROXY"
+      environment variable. Implements proposal 232. Resolves
+      ticket 8402.
+
+  o Major features (client performance, hidden services):
+    - Allow clients to use optimistic data when connecting to a hidden
+      service, which should remove a round-trip from hidden service
+      initialization. See proposal 181 for details. Implements
+      ticket 13211.
+
+  o Major features (directory system):
+    - Upon receiving an unparseable directory object, if its digest
+      matches what we expected, then don't try to download it again.
+      Previously, when we got a descriptor we didn't like, we would keep
+      trying to download it over and over. Closes ticket 11243.
+
+  o Major features (sample torrc):
+    - Add a new, infrequently-changed "torrc.minimal". This file is
+      similar to torrc.sample, but it will change as infrequently as
+      possible, for the benefit of users whose systems prompt them for
+      intervention whenever a default configuration file is changed.
+      Making this change allows us to update torrc.sample to be a more
+      generally useful "sample torrc".
+
+  o Major bugfixes (directory authorities):
+    - Do not assign the HSDir flag to relays if they are not Valid, or
+      currently hibernating. Fixes 12573; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (directory bandwidth performance):
+    - Don't flush the zlib buffer aggressively when compressing
+      directory information for clients. This should save about 7% of
+      the bandwidth currently used for compressed descriptors and
+      microdescriptors. Fixes bug 11787; bugfix on 0.1.1.23.
+
+  o Minor features (security, memory wiping):
+    - Ensure we securely wipe keys from memory after
+      crypto_digest_get_digest and init_curve25519_keypair_from_file
+      have finished using them. Resolves ticket 13477.
+
+  o Minor features (security, out-of-memory handling):
+    - When handling an out-of-memory condition, allocate less memory for
+      temporary data structures. Fixes issue 10115.
+    - When handling an out-of-memory condition, consider more types of
+      buffers, including those on directory connections, and zlib
+      buffers. Resolves ticket 11792.
+
+  o Minor features:
+    - When identity keypair is generated for first time, log a
+      congratulatory message that links to the new relay lifecycle
+      document. Implements feature 10427.
+
+  o Minor features (client):
+    - Clients are now willing to send optimistic data (before they
+      receive a 'connected' cell) to relays of any version. (Relays
+      without support for optimistic data are no longer supported on the
+      Tor network.) Resolves ticket 13153.
+
+  o Minor features (directory authorities):
+    - Don't list relays with a bandwidth estimate of 0 in the consensus.
+      Implements a feature proposed during discussion of bug 13000.
+    - In tor-gencert, report an error if the user provides the same
+      argument more than once.
+    - If a directory authority can't find a best consensus method in the
+      votes that it holds, it now falls back to its favorite consensus
+      method. Previously, it fell back to method 1. Neither of these is
+      likely to get enough signatures, but "fall back to favorite"
+      doesn't require us to maintain support an obsolete consensus
+      method. Implements part of proposal 215.
+
+  o Minor features (logging):
+    - On Unix-like systems, you can now use named pipes as the target of
+      the Log option, and other options that try to append to files.
+      Closes ticket 12061. Patch from "carlo von lynX".
+    - When opening a log file at startup, send it every log message that
+      we generated between startup and opening it. Previously, log
+      messages that were generated before opening the log file were only
+      logged to stdout. Closes ticket 6938.
+    - Add a TruncateLogFile option to overwrite logs instead of
+      appending to them. Closes ticket 5583.
+
+  o Minor features (portability, Solaris):
+    - Threads are no longer disabled by default on Solaris; we believe
+      that the versions of Solaris with broken threading support are all
+      obsolete by now. Resolves ticket 9495.
+
+  o Minor features (relay):
+    - Re-check our address after we detect a changed IP address from
+      getsockname(). This ensures that the controller command "GETINFO
+      address" will report the correct value. Resolves ticket 11582.
+      Patch from "ra".
+    - A new AccountingRule option lets Relays set whether they'd like
+      AccountingMax to be applied separately to inbound and outbound
+      traffic, or applied to the sum of inbound and outbound traffic.
+      Resolves ticket 961. Patch by "chobe".
+
+  o Minor features (testing networks):
+    - Add the TestingDirAuthVoteExit option, which lists nodes to assign
+      the "Exit" flag regardless of their uptime, bandwidth, or exit
+      policy. TestingTorNetwork must be set for this option to have any
+      effect. Previously, authorities would take up to 35 minutes to
+      give nodes the Exit flag in a test network. Partially implements
+      ticket 13161.
+
+  o Minor features (validation):
+    - Check all date/time values passed to tor_timegm and
+      parse_rfc1123_time for validity, taking leap years into account.
+      Improves HTTP header validation. Implemented with bug 13476.
+    - In correct_tm(), limit the range of values returned by system
+      localtime(_r) and gmtime(_r) to be between the years 1 and 8099.
+      This means we don't have to deal with negative or too large dates,
+      even if a clock is wrong. Otherwise we might fail to read a file
+      written by us which includes such a date. Fixes bug 13476.
+
+  o Minor bugfixes (bridge clients):
+    - When configured to use a bridge without an identity digest (not
+      recommended), avoid launching an extra channel to it when
+      bootstrapping. Fixes bug 7733; bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (bridges):
+    - When DisableNetwork is set, do not launch pluggable transport
+      plugins, and if any are running, terminate them. Fixes bug 13213;
+      bugfix on 0.2.3.6-alpha.
+
+  o Minor bugfixes (C correctness):
+    - Fix several instances of possible integer overflow/underflow/NaN.
+      Fixes bug 13104; bugfix on 0.2.3.1-alpha and later. Patches
+      from "teor".
+    - In circuit_build_times_calculate_timeout() in circuitstats.c,
+      avoid dividing by zero in the pareto calculations. This traps
+      under clang's "undefined-trap" sanitizer. Fixes bug 13290; bugfix
+      on 0.2.2.2-alpha.
+    - Fix an integer overflow in format_time_interval(). Fixes bug
+      13393; bugfix on 0.2.0.10-alpha.
+    - Set the correct day of year value when the system's localtime(_r)
+      or gmtime(_r) functions fail to set struct tm. Not externally
+      visible. Fixes bug 13476; bugfix on 0.0.2pre14.
+    - Avoid unlikely signed integer overflow in tor_timegm on systems
+      with 32-bit time_t. Fixes bug 13476; bugfix on 0.0.2pre14.
+
+  o Minor bugfixes (client):
+    - Fix smartlist_choose_node_by_bandwidth() so that relays with the
+      BadExit flag are not considered worthy candidates. Fixes bug
+      13066; bugfix on 0.1.2.3-alpha.
+    - Use the consensus schedule for downloading consensuses, and not
+      the generic schedule. Fixes bug 11679; bugfix on 0.2.2.6-alpha.
+    - Handle unsupported or malformed SOCKS5 requests properly by
+      responding with the appropriate error message before closing the
+      connection. Fixes bugs 12971 and 13314; bugfix on 0.0.2pre13.
+
+  o Minor bugfixes (client, torrc):
+    - Stop modifying the value of our DirReqStatistics torrc option just
+      because we're not a bridge or relay. This bug was causing Tor
+      Browser users to write "DirReqStatistics 0" in their torrc files
+      as if they had chosen to change the config. Fixes bug 4244; bugfix
+      on 0.2.3.1-alpha.
+    - When GeoIPExcludeUnknown is enabled, do not incorrectly decide
+      that our options have changed every time we SIGHUP. Fixes bug
+      9801; bugfix on 0.2.4.10-alpha. Patch from "qwerty1".
+
+  o Minor bugfixes (controller):
+    - Return an error when the second or later arguments of the
+      "setevents" controller command are invalid events. Previously we
+      would return success while silently skipping invalid events. Fixes
+      bug 13205; bugfix on 0.2.3.2-alpha. Reported by "fpxnns".
+
+  o Minor bugfixes (directory system):
+    - Always believe that v3 directory authorities serve extra-info
+      documents, whether they advertise "caches-extra-info" or not.
+      Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+    - When running as a v3 directory authority, advertise that you serve
+      extra-info documents so that clients who want them can find them
+      from you too. Fixes part of bug 11683; bugfix on 0.2.0.1-alpha.
+    - Check the BRIDGE_DIRINFO flag bitwise rather than using equality.
+      Previously, directories offering BRIDGE_DIRINFO and some other
+      flag (i.e. microdescriptors or extrainfo) would be ignored when
+      looking for bridges. Partially fixes bug 13163; bugfix
+      on 0.2.0.7-alpha.
+
+  o Minor bugfixes (networking):
+    - Check for orconns and use connection_or_close_for_error() rather
+      than connection_mark_for_close() directly in the getsockopt()
+      failure case of connection_handle_write_impl(). Fixes bug 11302;
+      bugfix on 0.2.4.4-alpha.
+
+  o Minor bugfixes (relay):
+    - When generating our family list, remove spaces from around the
+      entries. Fixes bug 12728; bugfix on 0.2.1.7-alpha.
+    - If our previous bandwidth estimate was 0 bytes, allow publishing a
+      new relay descriptor immediately. Fixes bug 13000; bugfix
+      on 0.1.1.6-alpha.
+
+  o Minor bugfixes (testing networks):
+    - Fix TestingDirAuthVoteGuard to properly give out Guard flags in a
+      testing network. Fixes bug 13064; bugfix on 0.2.5.2-alpha.
+    - Stop using the default authorities in networks which provide both
+      AlternateDirAuthority and AlternateBridgeAuthority. Partially
+      fixes bug 13163; bugfix on 0.2.0.13-alpha.
+
+  o Minor bugfixes (testing):
+    - Stop spawn test failures due to a race condition between the
+      SIGCHLD handler updating the process status, and the test reading
+      it. Fixes bug 13291; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes (testing, Windows):
+    - Avoid passing an extra backslash when creating a temporary
+      directory for running the unit tests on Windows. Fixes bug 12392;
+      bugfix on 0.2.2.25-alpha. Patch from Gisle Vanem.
+
+  o Minor bugfixes (windows):
+    - Remove code to special-case handling of NTE_BAD_KEYSET when
+      acquiring windows CryptoAPI context. This error can't actually
+      occur for the parameters we're providing. Fixes bug 10816; bugfix
+      on 0.0.2pre26.
+
+  o Minor bugfixes (zlib):
+    - Avoid truncating a zlib stream when trying to finalize it with an
+      empty output buffer. Fixes bug 11824; bugfix on 0.1.1.23.
+
+  o Build fixes:
+    - Allow our configure script to build correctly with autoconf 2.62
+      again. Fixes bug 12693; bugfix on 0.2.5.2-alpha.
+    - Improve the error message from ./configure to make it clear that
+      when asciidoc has not been found, the user will have to either add
+      --disable-asciidoc argument or install asciidoc. Resolves
+      ticket 13228.
+
+  o Code simplification and refactoring:
+    - Change the entry_is_live() function to take named bitfield
+      elements instead of an unnamed list of booleans. Closes
+      ticket 12202.
+    - Refactor and unit-test entry_is_time_to_retry() in entrynodes.c.
+      Resolves ticket 12205.
+    - Use calloc and reallocarray functions instead of multiply-
+      then-malloc. This makes it less likely for us to fall victim to an
+      integer overflow attack when allocating. Resolves ticket 12855.
+    - Use the standard macro name SIZE_MAX, instead of our
+      own SIZE_T_MAX.
+    - Document usage of the NO_DIRINFO and ALL_DIRINFO flags clearly in
+      functions which take them as arguments. Replace 0 with NO_DIRINFO
+      in a function call for clarity. Seeks to prevent future issues
+      like 13163.
+    - Avoid 4 null pointer errors under clang static analysis by using
+      tor_assert() to prove that the pointers aren't null. Fixes
+      bug 13284.
+    - Rework the API of policies_parse_exit_policy() to use a bitmask to
+      represent parsing options, instead of a confusing mess of
+      booleans. Resolves ticket 8197.
+    - Introduce a helper function to parse ExitPolicy in
+      or_options_t structure.
+
+  o Documentation:
+    - Add a doc/TUNING document with tips for handling large numbers of
+      TCP connections when running busy Tor relay. Update the warning
+      message to point to this file when running out of sockets
+      operating system is allowing to use simultaneously. Resolves
+      ticket 9708.
+
+  o Removed features:
+    - We no longer remind the user about configuration options that have
+      been obsolete since 0.2.3.x or earlier. Patch by Adrien Bak.
+    - Remove our old, non-weighted bandwidth-based node selection code.
+      Previously, we used it as a fallback when we couldn't perform
+      weighted bandwidth-based node selection. But that would only
+      happen in the cases where we had no consensus, or when we had a
+      consensus generated by buggy or ancient directory authorities. In
+      either case, it's better to use the more modern, better maintained
+      algorithm, with reasonable defaults for the weights. Closes
+      ticket 13126.
+    - Remove the --disable-curve25519 configure option. Relays and
+      clients now are required to support curve25519 and the
+      ntor handshake.
+    - The old "StrictEntryNodes" and "StrictExitNodes" options, which
+      used to be deprecated synonyms for "StrictNodes", are now marked
+      obsolete. Resolves ticket 12226.
+    - Clients don't understand the BadDirectory flag in the consensus
+      anymore, and ignore it.
+
+  o Testing:
+    - Refactor the function that chooses guard nodes so that it can more
+      easily be tested; write some tests for it.
+    - Fix and re-enable the fgets_eagain unit test. Fixes bug 12503;
+      bugfix on 0.2.3.1-alpha. Patch from "cypherpunks."
+    - Create unit tests for format_time_interval(). With bug 13393.
+    - Add unit tests for tor_timegm signed overflow, tor_timegm and
+      parse_rfc1123_time validity checks, correct_tm year clamping. Unit
+      tests (visible) fixes in bug 13476.
+    - Add a "coverage-html" make target to generate HTML-visualized
+      coverage results when building with --enable-coverage. (Requires
+      lcov.) Patch from Kevin Murray.
+    - Enable the backtrace handler (where supported) when running the
+      unit tests.
+    - Revise all unit tests that used the legacy test_* macros to
+      instead use the recommended tt_* macros. This patch was generated
+      with coccinelle, to avoid manual errors. Closes ticket 13119.
+
+  o Distribution (systemd):
+    - systemd unit file: only allow tor to write to /var/lib/tor and
+      /var/log/tor. The rest of the filesystem is accessible for reading
+      only. Patch by intrigeri; resolves ticket 12751.
+    - systemd unit file: ensure that the process and all its children
+      can never gain new privileges. Patch by intrigeri; resolves
+      ticket 12939.
+    - systemd unit file: set up /var/run/tor as writable for the Tor
+      service. Patch by intrigeri; resolves ticket 13196.
+
+  o Removed features (directory authorities):
+    - Remove code that prevented authorities from listing Tor relays
+      affected by CVE-2011-2769 as guards. These relays are already
+      rejected altogether due to the minimum version requirement of
+      0.2.3.16-alpha. Closes ticket 13152.
+    - The "AuthDirRejectUnlisted" option no longer has any effect, as
+      the fingerprints file (approved-routers) has been deprecated.
+    - Directory authorities do not support being Naming dirauths anymore.
+      The "NamingAuthoritativeDir" config option is now obsolete.
+    - Directory authorities do not support giving out the BadDirectory
+      flag anymore.
+    - Directory authorities no longer advertise or support consensus
+      methods 1 through 12 inclusive. These consensus methods were
+      obsolete and/or insecure: maintaining the ability to support them
+      served no good purpose. Implements part of proposal 215; closes
+      ticket 10163.
+
+  o Testing (test-network.sh):
+    - Stop using "echo -n", as some shells' built-in echo doesn't
+      support "-n". Instead, use "/bin/echo -n". Partially fixes
+      bug 13161.
+    - Stop an apparent test-network hang when used with make -j2. Fixes
+      bug 13331.
+    - Add a --delay option to test-network.sh, which configures the
+      delay before the chutney network tests for data transmission.
+      Partially implements ticket 13161.
+
+
+Changes in version 0.2.5.10 - 2014-10-24
+  Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
+
+  It adds several new security features, including improved
+  denial-of-service resistance for relays, new compiler hardening
+  options, and a system-call sandbox for hardened installations on Linux
+  (requires seccomp2). The controller protocol has several new features,
+  resolving IPv6 addresses should work better than before, and relays
+  should be a little more CPU-efficient. We've added support for more
+  OpenBSD and FreeBSD transparent proxy types. We've improved the build
+  system and testing infrastructure to allow unit testing of more parts
+  of the Tor codebase. Finally, we've addressed several nagging pluggable
+  transport usability issues, and included numerous other small bugfixes
+  and features mentioned below.
+
+  This release marks end-of-life for Tor 0.2.3.x; those Tor versions
+  have accumulated many known flaws; everyone should upgrade.
+
+  o Deprecated versions:
+    - Tor 0.2.3.x has reached end-of-life; it has received no patches or
+      attention for some while.
+
+
+Changes in version 0.2.5.9-rc - 2014-10-20
+  Tor 0.2.5.9-rc is the third release candidate for the Tor 0.2.5.x
+  series. It disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor). It also contains a few miscellaneous fixes.
+
+  o Major security fixes:
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+  o Minor bugfixes:
+    - Disable the sandbox name resolver cache when running tor-resolve:
+      tor-resolve doesn't use the sandbox code, and turning it on was
+      breaking attempts to do tor-resolve on a non-default server on
+      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
+
+  o Compilation fixes:
+    - Build and run correctly on systems like OpenBSD-current that have
+      patched OpenSSL to remove get_cipher_by_char and/or its
+      implementations. Fixes issue 13325.
+
+  o Downgraded warnings:
+    - Downgrade the severity of the 'unexpected sendme cell from client'
+      from 'warn' to 'protocol warning'. Closes ticket 8093.
+
+
+Changes in version 0.2.4.25 - 2014-10-20
+  Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor).
+
+  o Major security fixes (also in 0.2.5.9-rc):
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+
+Changes in version 0.2.5.8-rc - 2014-09-22
+  Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
+  series. It fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+
+Changes in version 0.2.4.24 - 2014-09-22
+  Tor 0.2.4.24 fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.7-rc - 2014-09-11
+  Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x
+  release series, and some long-standing bugs related to ORPort reachability
+  testing and failure to send CREATE cells. It is the first release
+  candidate for the Tor 0.2.5.x series.
+
+  o Major bugfixes (client, startup):
+    - Start making circuits as soon as DisabledNetwork is turned off.
+      When Tor started with DisabledNetwork set, it would correctly
+      conclude that it shouldn't build circuits, but it would mistakenly
+      cache this conclusion, and continue believing it even when
+      DisableNetwork is set to 0. Fixes the bug introduced by the fix
+      for bug 11200; bugfix on 0.2.5.4-alpha.
+    - Resume expanding abbreviations for command-line options. The fix
+      for bug 4647 accidentally removed our hack from bug 586 that
+      rewrote HashedControlPassword to __HashedControlSessionPassword
+      when it appears on the commandline (which allowed the user to set
+      her own HashedControlPassword in the torrc file while the
+      controller generates a fresh session password for each run). Fixes
+      bug 12948; bugfix on 0.2.5.1-alpha.
+    - Warn about attempts to run hidden services and relays in the same
+      process: that's probably not a good idea. Closes ticket 12908.
+
+  o Major bugfixes (relay):
+    - Avoid queuing or sending destroy cells for circuit ID zero when we
+      fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
+      Found and fixed by "cypherpunks".
+    - Fix ORPort reachability detection on relays running behind a
+      proxy, by correctly updating the "local" mark on the controlling
+      channel when changing the address of an or_connection_t after the
+      handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
+
+  o Minor features (bridge):
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (logging):
+    - Reduce the log severity of the "Pluggable transport proxy does not
+      provide any needed transports and will not be launched." message,
+      since Tor Browser includes several ClientTransportPlugin lines in
+      its torrc-defaults file, leading every Tor Browser user who looks
+      at her logs to see these notices and wonder if they're dangerous.
+      Resolves bug 13124; bugfix on 0.2.5.3-alpha.
+    - Downgrade "Unexpected onionskin length after decryption" warning
+      to a protocol-warn, since there's nothing relay operators can do
+      about a client that sends them a malformed create cell. Resolves
+      bug 12996; bugfix on 0.0.6rc1.
+    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
+      cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
+    - When logging information about an EXTEND2 or EXTENDED2 cell, log
+      their names correctly. Fixes part of bug 12700; bugfix
+      on 0.2.4.8-alpha.
+    - When logging information about a relay cell whose command we don't
+      recognize, log its command as an integer. Fixes part of bug 12700;
+      bugfix on 0.2.1.10-alpha.
+    - Escape all strings from the directory connection before logging
+      them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
+
+  o Minor bugfixes (controller):
+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes
+      bug 12864; bugfix on 0.2.5.1-alpha.
+    - Actually send TRANSPORT_LAUNCHED and HS_DESC events to
+      controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
+      by "teor".
+
+  o Minor bugfixes (compilation):
+    - Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
+      bugfix on 0.2.5.5-alpha.
+    - Make the nmake make files work again. Fixes bug 13081. Bugfix on
+      0.2.5.1-alpha. Patch from "NewEraCracker".
+    - In routerlist_assert_ok(), don't take the address of a
+      routerinfo's cache_info member unless that routerinfo is non-NULL.
+      Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
+    - Fix a large number of false positive warnings from the clang
+      analyzer static analysis tool. This should make real warnings
+      easier for clang analyzer to find. Patch from "teor". Closes
+      ticket 13036.
+
+  o Distribution (systemd):
+    - Verify configuration file via ExecStartPre in the systemd unit
+      file. Patch from intrigeri; resolves ticket 12730.
+    - Explicitly disable RunAsDaemon in the systemd unit file. Our
+      current systemd unit uses "Type = simple", so systemd does not
+      expect tor to fork. If the user has "RunAsDaemon 1" in their
+      torrc, then things won't work as expected. This is e.g. the case
+      on Debian (and derivatives), since there we pass "--defaults-torrc
+      /usr/share/tor/tor-service-defaults-torrc" (that contains
+      "RunAsDaemon 1") by default. Patch by intrigeri; resolves
+      ticket 12731.
+
+  o Documentation:
+    - Adjust the URLs in the README to refer to the new locations of
+      several documents on the website. Fixes bug 12830. Patch from
+      Matt Pagan.
+    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
+      ticket 12878.
+
+
+Changes in version 0.2.5.6-alpha - 2014-07-28
+  Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
+  risk from guard rotation, and fixes a variety of other issues to get
+  us closer to a release candidate.
+
+  o Major features (also in 0.2.4.23):
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes (also in 0.2.4.23):
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Major bugfixes:
+    - Perform circuit cleanup operations even when circuit
+      construction operations are disabled (because the network is
+      disabled, or because there isn't enough directory information).
+      Previously, when we were not building predictive circuits, we
+      were not closing expired circuits either. Fixes bug 8387; bugfix on
+      0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
+      became more strict about when we have "enough directory information
+      to build circuits".
+
+  o Minor features:
+    - Authorities now assign the Guard flag to the fastest 25% of the
+      network (it used to be the fastest 50%). Also raise the consensus
+      weight that guarantees the Guard flag from 250 to 2000. For the
+      current network, this results in about 1100 guards, down from 2500.
+      This step paves the way for moving the number of entry guards
+      down to 1 (proposal 236) while still providing reasonable expected
+      performance for most users. Implements ticket 12690.
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+    - Slightly enhance the diagnostic message for bug 12184.
+
+  o Minor bugfixes (also in 0.2.4.23):
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes:
+    - Fix compilation when building with bufferevents enabled. (This
+      configuration is still not expected to work, however.)
+      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
+      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
+      Gunasekaran.
+    - Compile correctly with builds and forks of OpenSSL (such as
+      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
+      0.2.1.1-alpha. Patch from "dhill".
+
+
+Changes in version 0.2.4.23 - 2014-07-28
+  Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
+  guard rotation, and also backports several important fixes from the
+  Tor 0.2.5 alpha release series.
+
+  o Major features:
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes:
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Minor bugfixes:
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+    - Avoid an illegal read from stack when initializing the TLS
+      module using a version of OpenSSL without all of the ciphers
+      used by the v2 link handshake. Fixes bug 12227; bugfix on
+      0.2.4.8-alpha.  Found by "starlight".
+
+  o Minor features:
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.5-alpha - 2014-06-18
+  Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
+  0.2.5.x release series, including a couple of DoS issues, some
+  performance regressions, a large number of bugs affecting the Linux
+  seccomp2 sandbox code, and various other bugfixes. It also adds
+  diagnostic bugfixes for a few tricky issues that we're trying to
+  track down.
+
+  o Major features (security, traffic analysis resistance):
+    - Several major improvements to the algorithm used to decide when to
+      close TLS connections. Previous versions of Tor closed connections
+      at a fixed interval after the last time a non-padding cell was
+      sent over the connection, regardless of the target of the
+      connection. Now, we randomize the intervals by adding up to 50% of
+      their base value, we measure the length of time since connection
+      last had at least one circuit, and we allow connections to known
+      ORs to remain open a little longer (15 minutes instead of 3
+      minutes minimum). These changes should improve Tor's resistance
+      against some kinds of traffic analysis, and lower some overhead
+      from needlessly closed connections. Fixes ticket 6799.
+      Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha.
+
+  o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
+    - Fix a memory leak that could occur if a microdescriptor parse
+      fails during the tokenizing step. This bug could enable a memory
+      exhaustion attack by directory servers. Fixes bug 11649; bugfix
+      on 0.2.2.6-alpha.
+
+  o Major bugfixes (security, directory authorities):
+    - Directory authorities now include a digest of each relay's
+      identity key as a part of its microdescriptor.
+
+      This is a workaround for bug 11743 (reported by "cypherpunks"),
+      where Tor clients do not support receiving multiple
+      microdescriptors with the same SHA256 digest in the same
+      consensus. When clients receive a consensus like this, they only
+      use one of the relays. Without this fix, a hostile relay could
+      selectively disable some client use of target relays by
+      constructing a router descriptor with a different identity and the
+      same microdescriptor parameters and getting the authorities to
+      list it in a microdescriptor consensus. This fix prevents an
+      attacker from causing a microdescriptor collision, because the
+      router's identity is not forgeable.
+
+  o Major bugfixes (relay):
+    - Use a direct dirport connection when uploading non-anonymous
+      descriptors to the directory authorities. Previously, relays would
+      incorrectly use tunnel connections under a fairly wide variety of
+      circumstances. Fixes bug 11469; bugfix on 0.2.4.3-alpha.
+    - When a circuit accidentally has the same circuit ID for its
+      forward and reverse direction, correctly detect the direction of
+      cells using that circuit. Previously, this bug made roughly one
+      circuit in a million non-functional. Fixes bug 12195; this is a
+      bugfix on every version of Tor.
+
+  o Major bugfixes (client, pluggable transports):
+    - When managing pluggable transports, use OS notification facilities
+      to learn if they have crashed, and don't attempt to kill any
+      process that has already exited. Fixes bug 8746; bugfix
+      on 0.2.3.6-alpha.
+
+  o Minor features (diagnostic):
+    - When logging a warning because of bug 7164, additionally check the
+      hash table for consistency (as proposed on ticket 11737). This may
+      help diagnose bug 7164.
+    - When we log a heartbeat, log how many one-hop circuits we have
+      that are at least 30 minutes old, and log status information about
+      a few of them. This is an attempt to track down bug 8387.
+    - When encountering an unexpected CR while writing text to a file on
+      Windows, log the name of the file. Should help diagnosing
+      bug 11233.
+    - Give more specific warnings when a client notices that an onion
+      handshake has failed. Fixes ticket 9635.
+    - Add significant new logging code to attempt to diagnose bug 12184,
+      where relays seem to run out of available circuit IDs.
+    - Improve the diagnostic log message for bug 8387 even further to
+      try to improve our odds of figuring out why one-hop directory
+      circuits sometimes do not get closed.
+
+  o Minor features (security, memory management):
+    - Memory allocation tricks (mempools and buffer freelists) are now
+      disabled by default. You can turn them back on with
+      --enable-mempools and --enable-buf-freelists respectively. We're
+      disabling these features because malloc performance is good enough
+      on most platforms, and a similar feature in OpenSSL exacerbated
+      exploitation of the Heartbleed attack. Resolves ticket 11476.
+
+  o Minor features (security):
+    - Apply the secure SipHash-2-4 function to the hash table mapping
+      circuit IDs and channels to circuits. We missed this one when we
+      were converting all the other hash functions to use SipHash back
+      in 0.2.5.3-alpha. Resolves ticket 11750.
+
+  o Minor features (build):
+    - The configure script has a --disable-seccomp option to turn off
+      support for libseccomp on systems that have it, in case it (or
+      Tor's use of it) is broken. Resolves ticket 11628.
+
+  o Minor features (other):
+    - Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (security, new since 0.2.5.4-alpha, also in 0.2.4.22):
+    - When running a hidden service, do not allow TunneledDirConns 0;
+      this will keep the hidden service from running, and also
+      make it publish its descriptors directly over HTTP. Fixes bug 10849;
+      bugfix on 0.2.1.1-alpha.
+
+  o Minor bugfixes (performance):
+    - Avoid a bug where every successful connection made us recompute
+      the flag telling us whether we have sufficient information to
+      build circuits. Previously, we would forget our cached value
+      whenever we successfully opened a channel (or marked a router as
+      running or not running for any other reason), regardless of
+      whether we had previously believed the router to be running. This
+      forced us to run an expensive update operation far too often.
+      Fixes bug 12170; bugfix on 0.1.2.1-alpha.
+    - Avoid using tor_memeq() for checking relay cell integrity. This
+      removes a possible performance bottleneck. Fixes part of bug
+      12169; bugfix on 0.2.1.31.
+
+  o Minor bugfixes (compilation):
+    - Fix compilation of test_status.c when building with MVSC. Bugfix
+      on 0.2.5.4-alpha. Patch from Gisle Vanem.
+    - Resolve GCC complaints on OpenBSD about discarding constness in
+      TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix
+      on 0.1.1.23. Patch from Dana Koch.
+    - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
+      treatment of long and time_t as comparable types. Fixes part of
+      bug 11633. Patch from Dana Koch.
+    - Make Tor compile correctly with --disable-buf-freelists. Fixes bug
+      11623; bugfix on 0.2.5.3-alpha.
+    - When deciding whether to build the 64-bit curve25519
+      implementation, detect platforms where we can compile 128-bit
+      arithmetic but cannot link it. Fixes bug 11729; bugfix on
+      0.2.4.8-alpha. Patch from "conradev".
+    - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
+      bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
+    - Fix compilation with dmalloc. Fixes bug 11605; bugfix
+      on 0.2.4.10-alpha.
+
+  o Minor bugfixes (Directory server):
+    - When sending a compressed set of descriptors or microdescriptors,
+      make sure to finalize the zlib stream. Previously, we would write
+      all the compressed data, but if the last descriptor we wanted to
+      send was missing or too old, we would not mark the stream as
+      finished. This caused problems for decompression tools. Fixes bug
+      11648; bugfix on 0.1.1.23.
+
+  o Minor bugfixes (Linux seccomp sandbox):
+    - Make the seccomp sandbox code compile under ARM Linux. Fixes bug
+      11622; bugfix on 0.2.5.1-alpha.
+    - Avoid crashing when re-opening listener ports with the seccomp
+      sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
+    - Avoid crashing with the seccomp sandbox enabled along with
+      ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha.
+    - When we receive a SIGHUP with the sandbox enabled, correctly
+      support rotating our log files. Fixes bug 12032; bugfix
+      on 0.2.5.1-alpha.
+    - Avoid crash when running with sandboxing enabled and
+      DirReqStatistics not disabled. Fixes bug 12035; bugfix
+      on 0.2.5.1-alpha.
+    - Fix a "BUG" warning when trying to write bridge-stats files with
+      the Linux syscall sandbox filter enabled. Fixes bug 12041; bugfix
+      on 0.2.5.1-alpha.
+    - Prevent the sandbox from crashing on startup when run with the
+      --enable-expensive-hardening configuration option. Fixes bug
+      11477; bugfix on 0.2.5.4-alpha.
+    - When running with DirPortFrontPage and sandboxing both enabled,
+      reload the DirPortFrontPage correctly when restarting. Fixes bug
+      12028; bugfix on 0.2.5.1-alpha.
+    - Don't try to enable the sandbox when using the Tor binary to check
+      its configuration, hash a passphrase, or so on. Doing so was
+      crashing on startup for some users. Fixes bug 11609; bugfix
+      on 0.2.5.1-alpha.
+    - Avoid warnings when running with sandboxing and node statistics
+      enabled at the same time. Fixes part of 12064; bugfix on
+      0.2.5.1-alpha. Patch from Michael Wolf.
+    - Avoid warnings when running with sandboxing enabled at the same
+      time as cookie authentication, hidden services, or directory
+      authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
+    - Do not allow options that require calls to exec to be enabled
+      alongside the seccomp2 sandbox: they will inevitably crash. Fixes
+      bug 12043; bugfix on 0.2.5.1-alpha.
+    - Handle failures in getpwnam()/getpwuid() when running with the
+      User option set and the Linux syscall sandbox enabled. Fixes bug
+      11946; bugfix on 0.2.5.1-alpha.
+    - Refactor the getaddrinfo workaround that the seccomp sandbox uses
+      to avoid calling getaddrinfo() after installing the sandbox
+      filters. Previously, it preloaded a cache with the IPv4 address
+      for our hostname, and nothing else. Now, it loads the cache with
+      every address that it used to initialize the Tor process. Fixes
+      bug 11970; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (pluggable transports):
+    - Enable the ExtORPortCookieAuthFile option, to allow changing the
+      default location of the authentication token for the extended OR
+      Port as used by sever-side pluggable transports. We had
+      implemented this option before, but the code to make it settable
+      had been omitted. Fixes bug 11635; bugfix on 0.2.5.1-alpha.
+    - Avoid another 60-second delay when starting Tor in a pluggable-
+      transport-using configuration when we already have cached
+      descriptors for our bridges. Fixes bug 11965; bugfix
+      on 0.2.3.6-alpha.
+
+  o Minor bugfixes (client):
+    - Avoid "Tried to open a socket with DisableNetwork set" warnings
+      when starting a client with bridges configured and DisableNetwork
+      set. (Tor launcher starts Tor with DisableNetwork set the first
+      time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
+
+  o Minor bugfixes (testing):
+    - The Python parts of the test scripts now work on Python 3 as well
+      as Python 2, so systems where '/usr/bin/python' is Python 3 will
+      no longer have the tests break. Fixes bug 11608; bugfix
+      on 0.2.5.2-alpha.
+    - When looking for versions of python that we could run the tests
+      with, check for "python2.7" and "python3.3"; previously we were
+      only looking for "python", "python2", and "python3". Patch from
+      Dana Koch. Fixes bug 11632; bugfix on 0.2.5.2-alpha.
+    - Fix all valgrind warnings produced by the unit tests. There were
+      over a thousand memory leak warnings previously, mostly produced
+      by forgetting to free things in the unit test code. Fixes bug
+      11618, bugfixes on many versions of Tor.
+
+  o Minor bugfixes (tor-fw-helper):
+    - Give a correct log message when tor-fw-helper fails to launch.
+      (Previously, we would say something like "tor-fw-helper sent us a
+      string we could not parse".) Fixes bug 9781; bugfix
+      on 0.2.4.2-alpha.
+
+  o Minor bugfixes (relay, threading):
+    - Check return code on spawn_func() in cpuworker code, so that we
+      don't think we've spawned a nonworking cpuworker and write junk to
+      it forever. Fix related to bug 4345; bugfix on all released Tor
+      versions. Found by "skruffy".
+    - Use a pthread_attr to make sure that spawn_func() cannot return an
+      error while at the same time launching a thread. Fix related to
+      bug 4345; bugfix on all released Tor versions. Reported
+      by "cypherpunks".
+
+  o Minor bugfixes (relay, oom prevention):
+    - Correctly detect the total available system memory. We tried to do
+      this in 0.2.5.4-alpha, but the code was set up to always return an
+      error value, even on success. Fixes bug 11805; bugfix
+      on 0.2.5.4-alpha.
+
+  o Minor bugfixes (relay, other):
+    - We now drop CREATE cells for already-existent circuit IDs and for
+      zero-valued circuit IDs, regardless of other factors that might
+      otherwise have called for DESTROY cells. Fixes bug 12191; bugfix
+      on 0.0.8pre1.
+    - Avoid an illegal read from stack when initializing the TLS module
+      using a version of OpenSSL without all of the ciphers used by the
+      v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
+      by "starlight".
+    - When rejecting DATA cells for stream_id zero, still count them
+      against the circuit's deliver window so that we don't fail to send
+      a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (logging):
+    - Fix a misformatted log message about delayed directory fetches.
+      Fixes bug 11654; bugfix on 0.2.5.3-alpha.
+    - Squelch a spurious LD_BUG message "No origin circuit for
+      successful SOCKS stream" in certain hidden service failure cases;
+      fixes bug 10616.
+
+  o Distribution:
+    - Include a tor.service file in contrib/dist for use with systemd.
+      Some distributions will be able to use this file unmodified;
+      others will need to tweak it, or write their own. Patch from Jamie
+      Nguyen; resolves ticket 8368.
+
+  o Documentation:
+    - Clean up several option names in the manpage to match their real
+      names, add the missing documentation for a couple of testing and
+      directory authority options, remove the documentation for a
+      V2-directory fetching option that no longer exists. Resolves
+      ticket 11634.
+    - Correct the documentation so that it lists the correct directory
+      for the stats files. (They are in a subdirectory called "stats",
+      not "status".)
+    - In the manpage, move more authority-only options into the
+      directory authority section so that operators of regular directory
+      caches don't get confused.
+
+  o Package cleanup:
+    - The contrib directory has been sorted and tidied. Before, it was
+      an unsorted dumping ground for useful and not-so-useful things.
+      Now, it is divided based on functionality, and the items which
+      seemed to be nonfunctional or useless have been removed. Resolves
+      ticket 8966; based on patches from "rl1987".
+
+  o Removed code:
+    - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
+      and MTBF calculations, but that nobody was using. Fixes ticket 11742.
+    - The TunnelDirConns and PreferTunnelledDirConns options no longer
+      exist; tunneled directory connections have been available since
+      0.1.2.5-alpha, and turning them off is not a good idea. This is a
+      brute-force fix for 10849, where "TunnelDirConns 0" would break
+      hidden services.
+
+
+Changes in version 0.2.4.22 - 2014-05-16
+  Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
+  alpha release series. These include blocking all authority signing
+  keys that may have been affected by the OpenSSL "heartbleed" bug,
+  choosing a far more secure set of TLS ciphersuites by default, closing
+  a couple of memory leaks that could be used to run a target relay out
+  of RAM, and several others.
+
+  o Major features (security, backport from 0.2.5.4-alpha):
+    - Block authority signing keys that were used on authorities
+      vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
+      don't have any evidence that these keys _were_ compromised; we're
+      doing this to be prudent.) Resolves ticket 11464.
+
+  o Major bugfixes (security, OOM):
+    - Fix a memory leak that could occur if a microdescriptor parse
+      fails during the tokenizing step. This bug could enable a memory
+      exhaustion attack by directory servers. Fixes bug 11649; bugfix
+      on 0.2.2.6-alpha.
+
+  o Major bugfixes (TLS cipher selection, backport from 0.2.5.4-alpha):
+    - The relay ciphersuite list is now generated automatically based on
+      uniform criteria, and includes all OpenSSL ciphersuites with
+      acceptable strength and forward secrecy. Previously, we had left
+      some perfectly fine ciphersuites unsupported due to omission or
+      typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
+      'cypherpunks'. Bugfix on 0.2.4.8-alpha.
+    - Relays now trust themselves to have a better view than clients of
+      which TLS ciphersuites are better than others. (Thanks to bug
+      11513, the relay list is now well-considered, whereas the client
+      list has been chosen mainly for anti-fingerprinting purposes.)
+      Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
+      CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
+      AES128. Resolves ticket 11528.
+    - Clients now try to advertise the same list of ciphersuites as
+      Firefox 28. This change enables selection of (fast) GCM
+      ciphersuites, disables some strange old ciphers, and stops
+      advertising the ECDH (not to be confused with ECDHE) ciphersuites.
+      Resolves ticket 11438.
+
+  o Minor bugfixes (configuration, security):
+    - When running a hidden service, do not allow TunneledDirConns 0:
+      trying to set that option together with a hidden service would
+      otherwise prevent the hidden service from running, and also make
+      it publish its descriptors directly over HTTP. Fixes bug 10849;
+      bugfix on 0.2.1.1-alpha.
+
+  o Minor bugfixes (controller, backport from 0.2.5.4-alpha):
+    - Avoid sending a garbage value to the controller when a circuit is
+      cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
+
+  o Minor bugfixes (exit relay, backport from 0.2.5.4-alpha):
+    - Stop leaking memory when we successfully resolve a PTR record.
+      Fixes bug 11437; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (bridge client, backport from 0.2.5.4-alpha):
+    - Avoid 60-second delays in the bootstrapping process when Tor is
+      launching for a second time while using bridges. Fixes bug 9229;
+      bugfix on 0.2.0.3-alpha.
+
+  o Minor bugfixes (relays and bridges, backport from 0.2.5.4-alpha):
+    - Give the correct URL in the warning message when trying to run a
+      relay on an ancient version of Windows. Fixes bug 9393.
+
+  o Minor bugfixes (compilation):
+    - Fix a compilation error when compiling with --disable-curve25519.
+      Fixes bug 9700; bugfix on 0.2.4.17-rc.
+
+  o Minor bugfixes:
+    - Downgrade the warning severity for the the "md was still
+      referenced 1 node(s)" warning. Tor 0.2.5.4-alpha has better code
+      for trying to diagnose this bug, and the current warning in
+      earlier versions of tor achieves nothing useful. Addresses warning
+      from bug 7164.
+
+  o Minor features (log verbosity, backport from 0.2.5.4-alpha):
+    - When we run out of usable circuit IDs on a channel, log only one
+      warning for the whole channel, and describe how many circuits
+      there were on the channel. Fixes part of ticket 11553.
+
+  o Minor features (security, backport from 0.2.5.4-alpha):
+    - Decrease the lower limit of MaxMemInCellQueues to 256 MBytes (but
+      leave the default at 8GBytes), to better support Raspberry Pi
+      users. Fixes bug 9686; bugfix on 0.2.4.14-alpha.
+
+  o Documentation (backport from 0.2.5.4-alpha):
+    - Correctly document that we search for a system torrc file before
+      looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
+      0.2.3.18-rc.
+
+
+Changes in version 0.2.5.4-alpha - 2014-04-25
+  Tor 0.2.5.4-alpha includes several security and performance
+  improvements for clients and relays, including blacklisting authority
+  signing keys that were used while susceptible to the OpenSSL
+  "heartbleed" bug, fixing two expensive functions on busy relays,
+  improved TLS ciphersuite preference lists, support for run-time
+  hardening on compilers that support AddressSanitizer, and more work on
+  the Linux sandbox code.
+
+  There are also several usability fixes for clients (especially clients
+  that use bridges), two new TransPort protocols supported (one on
+  OpenBSD, one on FreeBSD), and various other bugfixes.
+
+  This release marks end-of-life for Tor 0.2.2.x; those Tor versions
+  have accumulated many known flaws; everyone should upgrade.
+
+  o Major features (security):
+    - If you don't specify MaxMemInQueues yourself, Tor now tries to
+      pick a good value based on your total system memory. Previously,
+      the default was always 8 GB. You can still override the default by
+      setting MaxMemInQueues yourself. Resolves ticket 11396.
+    - Block authority signing keys that were used on authorities
+      vulnerable to the "heartbleed" bug in OpenSSL (CVE-2014-0160). (We
+      don't have any evidence that these keys _were_ compromised; we're
+      doing this to be prudent.) Resolves ticket 11464.
+
+  o Major features (relay performance):
+    - Speed up server-side lookups of rendezvous and introduction point
+      circuits by using hashtables instead of linear searches. These
+      functions previously accounted between 3 and 7% of CPU usage on
+      some busy relays. Resolves ticket 9841.
+    - Avoid wasting CPU when extending a circuit over a channel that is
+      nearly out of circuit IDs. Previously, we would do a linear scan
+      over possible circuit IDs before finding one or deciding that we
+      had exhausted our possibilities. Now, we try at most 64 random
+      circuit IDs before deciding that we probably won't succeed. Fixes
+      a possible root cause of ticket 11553.
+
+  o Major features (seccomp2 sandbox, Linux only):
+    - The seccomp2 sandbox can now run a test network for multiple hours
+      without crashing. The sandbox is still experimental, and more bugs
+      will probably turn up. To try it, enable "Sandbox 1" on a Linux
+      host. Resolves ticket 11351.
+    - Strengthen sandbox code: the sandbox can now test the arguments
+      for rename(), and blocks _sysctl() entirely. Resolves another part
+      of ticket 11351.
+    - When the sandbox blocks a system call, it now tries to log a stack
+      trace before exiting. Resolves ticket 11465.
+
+  o Major bugfixes (TLS cipher selection):
+    - The relay ciphersuite list is now generated automatically based on
+      uniform criteria, and includes all OpenSSL ciphersuites with
+      acceptable strength and forward secrecy. Previously, we had left
+      some perfectly fine ciphersuites unsupported due to omission or
+      typo. Resolves bugs 11513, 11492, 11498, 11499. Bugs reported by
+      'cypherpunks'. Bugfix on 0.2.4.8-alpha.
+    - Relays now trust themselves to have a better view than clients of
+      which TLS ciphersuites are better than others. (Thanks to bug
+      11513, the relay list is now well-considered, whereas the client
+      list has been chosen mainly for anti-fingerprinting purposes.)
+      Relays prefer: AES over 3DES; then ECDHE over DHE; then GCM over
+      CBC; then SHA384 over SHA256 over SHA1; and last, AES256 over
+      AES128. Resolves ticket 11528.
+    - Clients now try to advertise the same list of ciphersuites as
+      Firefox 28. This change enables selection of (fast) GCM
+      ciphersuites, disables some strange old ciphers, and stops
+      advertising the ECDH (not to be confused with ECDHE) ciphersuites.
+      Resolves ticket 11438.
+
+  o Major bugfixes (bridge client):
+    - Avoid 60-second delays in the bootstrapping process when Tor is
+      launching for a second time while using bridges. Fixes bug 9229;
+      bugfix on 0.2.0.3-alpha.
+
+  o Minor features (transparent proxy, *BSD):
+    - Support FreeBSD's ipfw firewall interface for TransPort ports on
+      FreeBSD. To enable it, set "TransProxyType ipfw". Resolves ticket
+      10267; patch from "yurivict".
+    - Support OpenBSD's divert-to rules with the pf firewall for
+      transparent proxy ports. To enable it, set "TransProxyType
+      pf-divert". This allows Tor to run a TransPort transparent proxy
+      port on OpenBSD 4.4 or later without root privileges. See the
+      pf.conf(5) manual page for information on configuring pf to use
+      divert-to rules. Closes ticket 10896; patch from Dana Koch.
+
+  o Minor features (security):
+    - New --enable-expensive-hardening option to enable security
+      hardening options that consume nontrivial amounts of CPU and
+      memory. Right now, this includes AddressSanitizer and UbSan, which
+      are supported in newer versions of GCC and Clang. Closes ticket
+      11477.
+
+  o Minor features (log verbosity):
+    - Demote the message that we give when a flushing connection times
+      out for too long from NOTICE to INFO. It was usually meaningless.
+      Resolves ticket 5286.
+    - Don't log so many notice-level bootstrapping messages at startup
+      about downloading descriptors. Previously, we'd log a notice
+      whenever we learned about more routers. Now, we only log a notice
+      at every 5% of progress. Fixes bug 9963.
+    - Warn less verbosely when receiving a malformed
+      ESTABLISH_RENDEZVOUS cell. Fixes ticket 11279.
+    - When we run out of usable circuit IDs on a channel, log only one
+      warning for the whole channel, and describe how many circuits
+      there were on the channel. Fixes part of ticket 11553.
+
+  o Minor features (relay):
+    - If a circuit timed out for at least 3 minutes, check if we have a
+      new external IP address, and publish a new descriptor with the new
+      IP address if it changed. Resolves ticket 2454.
+
+  o Minor features (controller):
+    - Make the entire exit policy available from the control port via
+      GETINFO exit-policy/*. Implements enhancement 7952. Patch from
+      "rl1987".
+    - Because of the fix for ticket 11396, the real limit for memory
+      usage may no longer match the configured MaxMemInQueues value. The
+      real limit is now exposed via GETINFO limits/max-mem-in-queues.
+
+  o Minor features (bridge client):
+    - Report a more useful failure message when we can't connect to a
+      bridge because we don't have the right pluggable transport
+      configured. Resolves ticket 9665. Patch from Fábio J. Bertinatto.
+
+  o Minor features (diagnostic):
+    - Add more log messages to diagnose bug 7164, which causes
+      intermittent "microdesc_free() called but md was still referenced"
+      warnings. We now include more information, to figure out why we
+      might be cleaning a microdescriptor for being too old if it's
+      still referenced by a live node_t object.
+
+  o Minor bugfixes (client, DNSPort):
+    - When using DNSPort, try to respond to AAAA requests with AAAA
+      answers. Previously, we hadn't looked at the request type when
+      deciding which answer type to prefer. Fixes bug 10468; bugfix on
+      0.2.4.7-alpha.
+    - When receiving a DNS query for an unsupported record type, reply
+      with no answer rather than with a NOTIMPL error. This behavior
+      isn't correct either, but it will break fewer client programs, we
+      hope. Fixes bug 10268; bugfix on 0.2.0.1-alpha. Original patch
+      from "epoch".
+
+  o Minor bugfixes (exit relay):
+    - Stop leaking memory when we successfully resolve a PTR record.
+      Fixes bug 11437; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (bridge client):
+    - Stop accepting bridge lines containing hostnames. Doing so would
+      cause clients to perform DNS requests on the hostnames, which was
+      not sensible behavior. Fixes bug 10801; bugfix on 0.2.0.1-alpha.
+    - Avoid a 60-second delay in the bootstrapping process when a Tor
+      client with pluggable transports re-reads its configuration at
+      just the wrong time. Re-fixes bug 11156; bugfix on 0.2.5.3-alpha.
+
+  o Minor bugfixes (client, logging during bootstrap):
+    - Warn only once if we start logging in an unsafe way. Previously,
+      we complain as many times as we had problems. Fixes bug 9870;
+      bugfix on 0.2.5.1-alpha.
+    - Only report the first fatal bootstrap error on a given OR
+      connection. This stops us from telling the controller bogus error
+      messages like "DONE". Fixes bug 10431; bugfix on 0.2.1.1-alpha.
+    - Be more helpful when trying to run sandboxed on Linux without
+      libseccomp. Instead of saying "Sandbox is not implemented on this
+      platform", we now explain that we need to be built with
+      libseccomp. Fixes bug 11543; bugfix on 0.2.5.1-alpha.
+    - Avoid generating spurious warnings when starting with
+      DisableNetwork enabled. Fixes bug 11200 and bug 10405; bugfix on
+      0.2.3.9-alpha.
+
+  o Minor bugfixes (closing OR connections):
+    - If write_to_buf() in connection_write_to_buf_impl_() ever fails,
+      check if it's an or_connection_t and correctly call
+      connection_or_close_for_error() rather than
+      connection_mark_for_close() directly. Fixes bug 11304; bugfix on
+      0.2.4.4-alpha.
+    - When closing all connections on setting DisableNetwork to 1, use
+      connection_or_close_normally() rather than closing OR connections
+      out from under the channel layer. Fixes bug 11306; bugfix on
+      0.2.4.4-alpha.
+
+  o Minor bugfixes (controller):
+    - Avoid sending a garbage value to the controller when a circuit is
+      cannibalized. Fixes bug 11519; bugfix on 0.2.3.11-alpha.
+
+  o Minor bugfixes (tor-fw-helper):
+    - Allow tor-fw-helper to build again by adding src/ext to its
+      CPPFLAGS. Fixes bug 11296; bugfix on 0.2.5.3-alpha.
+
+  o Minor bugfixes (bridges):
+    - Avoid potential crashes or bad behavior when launching a
+      server-side managed proxy with ORPort or ExtORPort temporarily
+      disabled. Fixes bug 9650; bugfix on 0.2.3.16-alpha.
+
+  o Minor bugfixes (platform-specific):
+    - Fix compilation on Solaris, which does not have . Fixes
+      bug 11426; bugfix on 0.2.5.3-alpha.
+    - When dumping a malformed directory object to disk, save it in
+      binary mode on Windows, not text mode. Fixes bug 11342; bugfix on
+      0.2.2.1-alpha.
+    - Don't report failures from make_socket_reuseable() on incoming
+      sockets on OSX: this can happen when incoming connections close
+      early. Fixes bug 10081.
+
+  o Minor bugfixes (trivial memory leaks):
+    - Fix a small memory leak when signing a directory object. Fixes bug
+      11275; bugfix on 0.2.4.13-alpha.
+    - Free placeholder entries in our circuit table at exit; fixes a
+      harmless memory leak. Fixes bug 11278; bugfix on 0.2.5.1-alpha.
+    - Don't re-initialize a second set of OpenSSL mutexes when starting
+      up. Previously, we'd make one set of mutexes, and then immediately
+      replace them with another. Fixes bug 11726; bugfix on
+      0.2.5.3-alpha.
+    - Resolve some memory leaks found by coverity in the unit tests, on
+      exit in tor-gencert, and on a failure to compute digests for our
+      own keys when generating a v3 networkstatus vote. These leaks
+      should never have affected anyone in practice.
+
+  o Minor bugfixes (hidden service):
+    - Only retry attempts to connect to a chosen rendezvous point 8
+      times, not 30. Fixes bug 4241; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (misc code correctness):
+    - Fix various instances of undefined behavior in channeltls.c,
+      tor_memmem(), and eventdns.c that would cause us to construct
+      pointers to memory outside an allocated object. (These invalid
+      pointers were not accessed, but C does not even allow them to
+      exist.) Fixes bug 10363; bugfixes on 0.1.1.1-alpha, 0.1.2.1-alpha,
+      0.2.0.10-alpha, and 0.2.3.6-alpha. Reported by "bobnomnom".
+    - Use the AddressSanitizer and Ubsan sanitizers (in clang-3.4) to
+      fix some miscellaneous errors in our tests and codebase. Fixes bug
+      11232. Bugfixes on versions back as far as 0.2.1.11-alpha.
+    - Always check return values for unlink, munmap, UnmapViewOfFile;
+      check strftime return values more often. In some cases all we can
+      do is report a warning, but this may help prevent deeper bugs from
+      going unnoticed. Closes ticket 8787; bugfixes on many, many tor
+      versions.
+    - Fix numerous warnings from the clang "scan-build" static analyzer.
+      Some of these are programming style issues; some of them are false
+      positives that indicated awkward code; some are undefined behavior
+      cases related to constructing (but not using) invalid pointers;
+      some are assumptions about API behavior; some are (harmlessly)
+      logging sizeof(ptr) bytes from a token when sizeof(*ptr) would be
+      correct; and one or two are genuine bugs that weren't reachable
+      from the rest of the program. Fixes bug 8793; bugfixes on many,
+      many tor versions.
+
+  o Documentation:
+    - Build the torify.1 manpage again. Previously, we were only trying
+      to build it when also building tor-fw-helper. That's why we didn't
+      notice that we'd broken the ability to build it. Fixes bug 11321;
+      bugfix on 0.2.5.1-alpha.
+    - Fix the layout of the SOCKSPort flags in the manpage. Fixes bug
+      11061; bugfix on 0.2.4.7-alpha.
+    - Correctly document that we search for a system torrc file before
+      looking in ~/.torrc. Fixes documentation side of 9213; bugfix on
+      0.2.3.18-rc.
+    - Resolve warnings from Doxygen.
+
+  o Code simplifications and refactoring:
+    - Remove is_internal_IP() function. Resolves ticket 4645.
+    - Remove unused function circuit_dump_by_chan from circuitlist.c.
+      Closes issue 9107; patch from "marek".
+    - Change our use of the ENUM_BF macro to avoid declarations that
+      confuse Doxygen.
+
+  o Deprecated versions:
+    - Tor 0.2.2.x has reached end-of-life; it has received no patches or
+      attention for some while. Directory authorities no longer accept
+      descriptors from relays running any version of Tor prior to Tor
+      0.2.3.16-alpha. Resolves ticket 11149.
+
+  o Testing:
+    - New macros in test.h to simplify writing mock-functions for unit
+      tests. Part of ticket 11507. Patch from Dana Koch.
+    - Complete tests for the status.c module. Resolves ticket 11507.
+      Patch from Dana Koch.
+
+  o Removed code:
+    - Remove all code for the long unused v1 directory protocol.
+      Resolves ticket 11070.
+
+
+Changes in version 0.2.5.3-alpha - 2014-03-22
+  Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
+  two new anti-DoS features for Tor relays, resolves a bug that kept
+  SOCKS5 support for IPv6 from working, fixes several annoying usability
+  issues for bridge users, and removes more old code for unused
+  directory formats.
+
+  The Tor 0.2.5.x release series is now in patch-freeze: no feature
+  patches not already written will be considered for inclusion in 0.2.5.x.
+
+  o Major features (relay security, DoS-resistance):
+    - When deciding whether we have run out of memory and we need to
+      close circuits, also consider memory allocated in buffers for
+      streams attached to each circuit.
+
+      This change, which extends an anti-DoS feature introduced in
+      0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit relays
+      better resist more memory-based DoS attacks than before. Since the
+      MaxMemInCellQueues option now applies to all queues, it is renamed
+      to MaxMemInQueues. This feature fixes bug 10169.
+    - Avoid hash-flooding denial-of-service attacks by using the secure
+      SipHash-2-4 hash function for our hashtables. Without this
+      feature, an attacker could degrade performance of a targeted
+      client or server by flooding their data structures with a large
+      number of entries to be stored at the same hash table position,
+      thereby slowing down the Tor instance. With this feature, hash
+      table positions are derived from a randomized cryptographic key,
+      and an attacker cannot predict which entries will collide. Closes
+      ticket 4900.
+    - Decrease the lower limit of MaxMemInQueues to 256 MBytes (but leave
+      the default at 8GBytes), to better support Raspberry Pi users. Fixes
+      bug 9686; bugfix on 0.2.4.14-alpha.
+
+  o Minor features (bridges, pluggable transports):
+    - Bridges now write the SHA1 digest of their identity key
+      fingerprint (that is, a hash of a hash of their public key) to
+      notice-level logs, and to a new hashed-fingerprint file. This
+      information will help bridge operators look up their bridge in
+      Globe and similar tools. Resolves ticket 10884.
+    - Improve the message that Tor displays when running as a bridge
+      using pluggable transports without an Extended ORPort listener.
+      Also, log the message in the log file too. Resolves ticket 11043.
+
+  o Minor features (other):
+    - Add a new option, PredictedPortsRelevanceTime, to control how long
+      after having received a request to connect to a given port Tor
+      will try to keep circuits ready in anticipation of future requests
+      for that port. Patch from "unixninja92"; implements ticket 9176.
+    - Generate a warning if any ports are listed in the SocksPolicy,
+      DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
+      AuthDirBadExit options. (These options only support address
+      ranges.) Fixes part of ticket 11108.
+    - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (new since 0.2.5.2-alpha, also in 0.2.4.21):
+    - Build without warnings under clang 3.4. (We have some macros that
+      define static functions only some of which will get used later in
+      the module. Starting with clang 3.4, these give a warning unless the
+      unused attribute is set on them.) Resolves ticket 10904.
+    - Fix build warnings about missing "a2x" comment when building the
+      manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
+      Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
+
+  o Minor bugfixes (client):
+    - Improve the log message when we can't connect to a hidden service
+      because all of the hidden service directory nodes hosting its
+      descriptor are excluded. Improves on our fix for bug 10722, which
+      was a bugfix on 0.2.0.10-alpha.
+    - Raise a control port warning when we fail to connect to all of
+      our bridges. Previously, we didn't inform the controller, and
+      the bootstrap process would stall. Fixes bug 11069; bugfix on
+      0.2.1.2-alpha.
+    - Exit immediately when a process-owning controller exits.
+      Previously, tor relays would wait for a little while after their
+      controller exited, as if they had gotten an INT signal -- but this
+      was problematic, since there was no feedback for the user. To do a
+      clean shutdown, controllers should send an INT signal and give Tor
+      a chance to clean up. Fixes bug 10449; bugfix on 0.2.2.28-beta.
+    - Stop attempting to connect to bridges before our pluggable
+      transports are configured (harmless but resulted in some erroneous
+      log messages). Fixes bug 11156; bugfix on 0.2.3.2-alpha.
+    - Fix connections to IPv6 addresses over SOCKS5. Previously, we were
+      generating incorrect SOCKS5 responses, and confusing client
+      applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (relays and bridges):
+    - Avoid crashing on a malformed resolv.conf file when running a
+      relay using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
+    - Non-exit relays no longer launch mock DNS requests to check for
+      DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when
+      non-exit relays stopped servicing DNS requests. Fixes bug 965;
+      bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
+    - Bridges now report complete directory request statistics. Related
+      to bug 5824; bugfix on 0.2.2.1-alpha.
+    - Bridges now never collect statistics that were designed for
+      relays. Fixes bug 5824; bugfix on 0.2.3.8-alpha.
+    - Stop giving annoying warning messages when we decide not to launch
+      a pluggable transport proxy that we don't need (because there are
+      no bridges configured to use it). Resolves ticket 5018; bugfix
+      on 0.2.5.2-alpha.
+    - Give the correct URL in the warning message when trying to run a
+      relay on an ancient version of Windows. Fixes bug 9393.
+
+  o Minor bugfixes (backtrace support):
+    - Support automatic backtraces on more platforms by using the
+      "-fasynchronous-unwind-tables" compiler option. This option is
+      needed for platforms like 32-bit Intel where "-fomit-frame-pointer"
+      is on by default and table generation is not. This doesn't yet
+      add Windows support; only Linux, OSX, and some BSDs are affected.
+      Reported by 'cypherpunks'; fixes bug 11047; bugfix on 0.2.5.2-alpha.
+    - Avoid strange behavior if two threads hit failed assertions at the
+      same time and both try to log backtraces at once. (Previously, if
+      this had happened, both threads would have stored their intermediate
+      results in the same buffer, and generated junk outputs.) Reported by
+      "cypherpunks". Fixes bug 11048; bugfix on 0.2.5.2-alpha.
+    - Fix a compiler warning in format_number_sigsafe(). Bugfix on
+      0.2.5.2-alpha; patch from Nick Hopper.
+
+  o Minor bugfixes (unit tests):
+    - Fix a small bug in the unit tests that might have made the tests
+      call 'chmod' with an uninitialized bitmask. Fixes bug 10928;
+      bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
+
+  o Removed code:
+    - Remove all remaining code related to version-0 hidden service
+      descriptors: they have not been in use since 0.2.2.1-alpha. Fixes
+      the rest of bug 10841.
+
+  o Documentation:
+    - Document in the manpage that "KBytes" may also be written as
+      "kilobytes" or "KB", that "Kbits" may also be written as
+      "kilobits", and so forth. Closes ticket 9222.
+    - Document that the ClientOnly config option overrides ORPort.
+      Our old explanation made ClientOnly sound as though it did
+      nothing at all. Resolves bug 9059.
+    - Explain that SocksPolicy, DirPolicy, and similar options don't
+      take port arguments. Fixes the other part of ticket 11108.
+    - Fix a comment about the rend_server_descriptor_t.protocols field
+      to more accurately describe its range. Also, make that field
+      unsigned, to more accurately reflect its usage. Fixes bug 9099;
+      bugfix on 0.2.1.5-alpha.
+    - Fix the manpage's description of HiddenServiceAuthorizeClient:
+      the maximum client name length is 16, not 19. Fixes bug 11118;
+      bugfix on 0.2.1.6-alpha.
+
+  o Code simplifications and refactoring:
+    - Get rid of router->address, since in all cases it was just the
+      string representation of router->addr. Resolves ticket 5528.
+
+  o Test infrastructure:
+    - Update to the latest version of tinytest.
+    - Improve the tinytest implementation of string operation tests so
+      that comparisons with NULL strings no longer crash the tests; they
+      now just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha.
+
+
+Changes in version 0.2.4.21 - 2014-02-28
+  Tor 0.2.4.21 further improves security against potential adversaries who
+  find breaking 1024-bit crypto doable, and backports several stability
+  and robustness patches from the 0.2.5 branch.
+
+  o Major features (client security):
+    - When we choose a path for a 3-hop circuit, make sure it contains
+      at least one relay that supports the NTor circuit extension
+      handshake. Otherwise, there is a chance that we're building
+      a circuit that's worth attacking by an adversary who finds
+      breaking 1024-bit crypto doable, and that chance changes the game
+      theory. Implements ticket 9777.
+
+  o Major bugfixes:
+    - Do not treat streams that fail with reason
+      END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
+      since it could also indicate an ENETUNREACH connection error. Fixes
+      part of bug 10777; bugfix on 0.2.4.8-alpha.
+
+  o Code simplification and refactoring:
+    - Remove data structures which were introduced to implement the
+      CellStatistics option: they are now redundant with the new timestamp
+      field in the regular packed_cell_t data structure, which we did
+      in 0.2.4.18-rc in order to resolve bug 9093. Resolves ticket 10870.
+
+  o Minor features:
+    - Always clear OpenSSL bignums before freeing them -- even bignums
+      that don't contain secrets. Resolves ticket 10793. Patch by
+      Florent Daigniere.
+    - Build without warnings under clang 3.4. (We have some macros that
+      define static functions only some of which will get used later in
+      the module. Starting with clang 3.4, these give a warning unless the
+      unused attribute is set on them.) Resolves ticket 10904.
+    - Update geoip and geoip6 files to the February 7 2014 Maxmind
+      GeoLite2 Country database.
+
+  o Minor bugfixes:
+    - Set the listen() backlog limit to the largest actually supported
+      on the system, not to the value in a header file. Fixes bug 9716;
+      bugfix on every released Tor.
+    - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
+      exit node as a NOROUTE error, not an INTERNAL error, since they
+      can apparently happen when trying to connect to the wrong sort
+      of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
+    - Fix build warnings about missing "a2x" comment when building the
+      manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
+      Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
+    - Avoid a segfault on SIGUSR1, where we had freed a connection but did
+      not entirely remove it from the connection lists. Fixes bug 9602;
+      bugfix on 0.2.4.4-alpha.
+    - Fix a segmentation fault in our benchmark code when running with
+      Fedora's OpenSSL package, or any other OpenSSL that provides
+      ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
+    - Turn "circuit handshake stats since last time" log messages into a
+      heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
+
+  o Documentation fixes:
+    - Document that all but one DirPort entry must have the NoAdvertise
+      flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
+
+
+Changes in version 0.2.5.2-alpha - 2014-02-13
+  Tor 0.2.5.2-alpha includes all the fixes from 0.2.4.18-rc and 0.2.4.20,
+  like the "poor random number generation" fix and the "building too many
+  circuits" fix. It also further improves security against potential
+  adversaries who find breaking 1024-bit crypto doable, and launches
+  pluggable transports on demand (which gets us closer to integrating
+  pluggable transport support by default -- not to be confused with Tor
+  bundles enabling pluggable transports and bridges by default).
+
+  o Major features (client security):
+    - When we choose a path for a 3-hop circuit, make sure it contains
+      at least one relay that supports the NTor circuit extension
+      handshake. Otherwise, there is a chance that we're building
+      a circuit that's worth attacking by an adversary who finds
+      breaking 1024-bit crypto doable, and that chance changes the game
+      theory. Implements ticket 9777.
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+
+  o Major features (bridges):
+    - Don't launch pluggable transport proxies if we don't have any
+      bridges configured that would use them. Now we can list many
+      pluggable transports, and Tor will dynamically start one when it
+      hears a bridge address that needs it. Resolves ticket 5018.
+    - The bridge directory authority now assigns status flags (Stable,
+      Guard, etc) to bridges based on thresholds calculated over all
+      Running bridges. Now bridgedb can finally make use of its features
+      to e.g. include at least one Stable bridge in its answers. Fixes
+      bug 9859.
+
+  o Major features (other):
+    - Extend ORCONN controller event to include an "ID" parameter,
+      and add four new controller event types CONN_BW, CIRC_BW,
+      CELL_STATS, and TB_EMPTY that show connection and circuit usage.
+      The new events are emitted in private Tor networks only, with the
+      goal of being able to better track performance and load during
+      full-network simulations. Implements proposal 218 and ticket 7359.
+    - On some platforms (currently: recent OSX versions, glibc-based
+      platforms that support the ELF format, and a few other
+      Unix-like operating systems), Tor can now dump stack traces
+      when a crash occurs or an assertion fails. By default, traces
+      are dumped to stderr (if possible) and to any logs that are
+      reporting errors. Implements ticket 9299.
+
+  o Major bugfixes:
+    - Avoid a segfault on SIGUSR1, where we had freed a connection but did
+      not entirely remove it from the connection lists. Fixes bug 9602;
+      bugfix on 0.2.4.4-alpha.
+    - Do not treat streams that fail with reason
+      END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
+      since it could also indicate an ENETUNREACH connection error. Fixes
+      part of bug 10777; bugfix on 0.2.4.8-alpha.
+
+  o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20):
+    - Do not allow OpenSSL engines to replace the PRNG, even when
+      HardwareAccel is set. The only default builtin PRNG engine uses
+      the Intel RDRAND instruction to replace the entire PRNG, and
+      ignores all attempts to seed it with more entropy. That's
+      cryptographically stupid: the right response to a new alleged
+      entropy source is never to discard all previously used entropy
+      sources. Fixes bug 10402; works around behavior introduced in
+      OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
+      and "rl1987".
+    - Fix assertion failure when AutomapHostsOnResolve yields an IPv6
+      address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
+    - Avoid launching spurious extra circuits when a stream is pending.
+      This fixes a bug where any circuit that _wasn't_ unusable for new
+      streams would be treated as if it were, causing extra circuits to
+      be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
+
+  o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
+    - No longer stop reading or writing on cpuworker connections when
+      our rate limiting buckets go empty. Now we should handle circuit
+      handshake requests more promptly. Resolves bug 9731.
+    - Stop trying to bootstrap all our directory information from
+      only our first guard. Discovered while fixing bug 9946; bugfix
+      on 0.2.4.8-alpha.
+
+  o Minor features (bridges, pluggable transports):
+    - Add threshold cutoffs to the networkstatus document created by
+      the Bridge Authority. Fixes bug 1117.
+    - On Windows, spawn background processes using the CREATE_NO_WINDOW
+      flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
+      doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
+      Vidalia set this option for us.) Implements ticket 10297.
+
+  o Minor features (security):
+    - Always clear OpenSSL bignums before freeing them -- even bignums
+      that don't contain secrets. Resolves ticket 10793. Patch by
+      Florent Daignière.
+
+  o Minor features (config options and command line):
+    - Add an --allow-missing-torrc commandline option that tells Tor to
+      run even if the configuration file specified by -f is not available.
+      Implements ticket 10060.
+    - Add support for the TPROXY transparent proxying facility on Linux.
+      See documentation for the new TransProxyType option for more
+      details. Implementation by "thomo". Closes ticket 10582.
+
+  o Minor features (controller):
+    - Add a new "HS_DESC" controller event that reports activities
+      related to hidden service descriptors. Resolves ticket 8510.
+    - New "DROPGUARDS" controller command to forget all current entry
+      guards. Not recommended for ordinary use, since replacing guards
+      too frequently makes several attacks easier. Resolves ticket 9934;
+      patch from "ra".
+
+  o Minor features (build):
+    - Assume that a user using ./configure --host wants to cross-compile,
+      and give an error if we cannot find a properly named
+      tool-chain. Add a --disable-tool-name-check option to proceed
+      nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.
+    - If we run ./configure and the compiler recognizes -fstack-protector
+      but the linker rejects it, warn the user about a potentially missing
+      libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.
+
+  o Minor features (testing):
+    - If Python is installed, "make check" now runs extra tests beyond
+      the unit test scripts.
+    - When bootstrapping a test network, sometimes very few relays get
+      the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
+      specify a set of relays which should be voted Guard regardless of
+      their uptime or bandwidth. Addresses ticket 9206.
+
+  o Minor features (log messages):
+    - When ServerTransportPlugin is set on a bridge, Tor can write more
+      useful statistics about bridge use in its extrainfo descriptors,
+      but only if the Extended ORPort ("ExtORPort") is set too. Add a
+      log message to inform the user in this case. Resolves ticket 9651.
+    - When receiving a new controller connection, log the origin address.
+      Resolves ticket 9698; patch from "sigpipe".
+    - When logging OpenSSL engine status at startup, log the status of
+      more engines. Fixes ticket 10043; patch from Joshua Datko.
+    - Turn "circuit handshake stats since last time" log messages into a
+      heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
+
+  o Minor features (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
+    - Improve the circuit queue out-of-memory handler. Previously, when
+      we ran low on memory, we'd close whichever circuits had the most
+      queued cells. Now, we close those that have the *oldest* queued
+      cells, on the theory that those are most responsible for us
+      running low on memory. Based on analysis from a forthcoming paper
+      by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
+    - Generate bootstrapping status update events correctly when fetching
+      microdescriptors. Fixes bug 9927.
+    - Update to the October 2 2013 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (clients):
+    - When closing a channel that has already been open, do not close
+      pending circuits that were waiting to connect to the same relay.
+      Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for
+      finding this bug.
+
+  o Minor bugfixes (relays):
+    - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
+      exit node as a NOROUTE error, not an INTERNAL error, since they
+      can apparently happen when trying to connect to the wrong sort
+      of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (bridges):
+    - Fix a bug where the first connection works to a bridge that uses a
+      pluggable transport with client-side parameters, but we don't send
+      the client-side parameters on subsequent connections. (We don't
+      use any pluggable transports with client-side parameters yet,
+      but ScrambleSuit will soon become the first one.) Fixes bug 9162;
+      bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
+
+  o Minor bugfixes (node selection):
+    - If ExcludeNodes is set, consider non-excluded hidden service
+      directory servers before excluded ones. Do not consider excluded
+      hidden service directory servers at all if StrictNodes is
+      set. (Previously, we would sometimes decide to connect to those
+      servers, and then realize before we initiated a connection that
+      we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
+      Reported by "mr-4".
+    - If we set the ExitNodes option but it doesn't include any nodes
+      that have the Exit flag, we would choose not to bootstrap. Now we
+      bootstrap so long as ExitNodes includes nodes which can exit to
+      some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (controller and command-line):
+    - If changing a config option via "setconf" fails in a recoverable
+      way, we used to nonetheless write our new control ports to the
+      file described by the "ControlPortWriteToFile" option. Now we only
+      write out that file if we successfully switch to the new config
+      option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
+    - When a command-line option such as --version or --help that
+      ordinarily implies --hush appears on the command line along with
+      --quiet, then actually obey --quiet. Previously, we obeyed --quiet
+      only if it appeared later on the command line. Fixes bug 9578;
+      bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (code correctness):
+    - Previously we used two temporary files when writing descriptors to
+      disk; now we only use one. Fixes bug 1376.
+    - Remove an erroneous (but impossible and thus harmless) pointer
+      comparison that would have allowed compilers to skip a bounds
+      check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
+      0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
+    - Fix an always-true assertion in pluggable transports code so it
+      actually checks what it was trying to check. Fixes bug 10046;
+      bugfix on 0.2.3.9-alpha. Found by "dcb".
+
+  o Minor bugfixes (protocol correctness):
+    - When receiving a VERSIONS cell with an odd number of bytes, close
+      the connection immediately since the cell is malformed. Fixes bug
+      10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
+      "rl1987".
+
+  o Minor bugfixes (build):
+    - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
+      turned off (that is, without support for v2 link handshakes). Fixes
+      bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
+    - Fix compilation warnings and startup issues when running with
+      "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on
+      0.2.5.1-alpha.
+    - Fix compilation on Solaris 9, which didn't like us having an
+      identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.
+
+  o Minor bugfixes (testing):
+    - Fix a segmentation fault in our benchmark code when running with
+      Fedora's OpenSSL package, or any other OpenSSL that provides
+      ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
+
+  o Minor bugfixes (log messages):
+    - Fix a bug where clients using bridges would report themselves
+      as 50% bootstrapped even without a live consensus document.
+      Fixes bug 9922; bugfix on 0.2.1.1-alpha.
+    - Suppress a warning where, if there's only one directory authority
+      in the network, we would complain that votes and signatures cannot
+      be uploaded to other directory authorities. Fixes bug 10842;
+      bugfix on 0.2.2.26-beta.
+    - Report bootstrapping progress correctly when we're downloading
+      microdescriptors. We had updated our "do we have enough microdescs
+      to begin building circuits?" logic most recently in 0.2.4.10-alpha
+      (see bug 5956), but we left the bootstrap status event logic at
+      "how far through getting 1/4 of them are we?" Fixes bug 9958;
+      bugfix on 0.2.2.36, which is where they diverged (see bug 5343).
+
+  o Minor bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20):
+    - Avoid a crash bug when starting with a corrupted microdescriptor
+      cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
+    - If we fail to dump a previously cached microdescriptor to disk, avoid
+      freeing duplicate data later on. Fixes bug 10423; bugfix on
+      0.2.4.13-alpha. Spotted by "bobnomnom".
+
+  o Minor bugfixes on 0.2.4.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
+    - Correctly log long IPv6 exit policies, instead of truncating them
+      or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
+    - Our default TLS ecdhe groups were backwards: we meant to be using
+      P224 for relays (for performance win) and P256 for bridges (since
+      it is more common in the wild). Instead we had it backwards. After
+      reconsideration, we decided that the default should be P256 on all
+      hosts, since its security is probably better, and since P224 is
+      reportedly used quite little in the wild.  Found by "skruffy" on
+      IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
+    - Free directory authority certificate download statuses on exit
+      rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
+
+  o Minor bugfixes on 0.2.3.x (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
+    - If the guard we choose first doesn't answer, we would try the
+      second guard, but once we connected to the second guard we would
+      abandon it and retry the first one, slowing down bootstrapping.
+      The fix is to treat all our initially chosen guards as acceptable
+      to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
+    - Fix an assertion failure that would occur when disabling the
+      ORPort setting on a running Tor process while accounting was
+      enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
+    - When examining the list of network interfaces to find our address,
+      do not consider non-running or disabled network interfaces. Fixes
+      bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
+    - Avoid an off-by-one error when checking buffer boundaries when
+      formatting the exit status of a pluggable transport helper.
+      This is probably not an exploitable bug, but better safe than
+      sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
+      Pedro Ribeiro.
+
+  o Removed code and features:
+    - Clients now reject any directory authority certificates lacking
+      a dir-key-crosscert element. These have been included since
+      0.2.1.9-alpha, so there's no real reason for them to be optional
+      any longer. Completes proposal 157. Resolves ticket 10162.
+    - Remove all code that existed to support the v2 directory system,
+      since there are no longer any v2 directory authorities. Resolves
+      ticket 10758.
+    - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
+      options, which were used for designating authorities as "Hidden
+      service authorities". There has been no use of hidden service
+      authorities since 0.2.2.1-alpha, when we stopped uploading or
+      downloading v0 hidden service descriptors. Fixes bug 10881; also
+      part of a fix for bug 10841.
+
+  o Code simplification and refactoring:
+    - Remove some old fallback code designed to keep Tor clients working
+      in a network with only two working relays. Elsewhere in the code we
+      have long since stopped supporting such networks, so there wasn't
+      much point in keeping it around. Addresses ticket 9926.
+    - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
+      bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
+    - Remove data structures which were introduced to implement the
+      CellStatistics option: they are now redundant with the addition
+      of a timestamp to the regular packed_cell_t data structure, which
+      we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements
+      ticket 10870.
+
+  o Documentation (man page) fixes:
+    - Update manpage to describe some of the files you can expect to
+      find in Tor's DataDirectory. Addresses ticket 9839.
+    - Document that all but one DirPort entry must have the NoAdvertise
+      flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
+
+  o Documentation fixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
+    - Clarify the usage and risks of setting the ContactInfo torrc line
+      for your relay or bridge. Resolves ticket 9854.
+    - Add anchors to the manpage so we can link to the html version of
+      the documentation for specific options. Resolves ticket 9866.
+    - Replace remaining references to DirServer in man page and
+      log entries. Resolves ticket 10124.
+
+  o Tool changes:
+    - Make the "tor-gencert" tool used by directory authority operators
+      create 2048-bit signing keys by default (rather than 1024-bit, since
+      1024-bit is uncomfortably small these days). Addresses ticket 10324.
+
+
+Changes in version 0.2.4.20 - 2013-12-22
+  Tor 0.2.4.20 fixes potentially poor random number generation for users
+  who 1) use OpenSSL 1.0.0 or later, 2) set "HardwareAccel 1" in their
+  torrc file, 3) have "Sandy Bridge" or "Ivy Bridge" Intel processors,
+  and 4) have no state file in their DataDirectory (as would happen on
+  first start). Users who generated relay or hidden service identity
+  keys in such a situation should discard them and generate new ones.
+
+  This release also fixes a logic error that caused Tor clients to build
+  many more preemptive circuits than they actually need.
+
+  o Major bugfixes:
+    - Do not allow OpenSSL engines to replace the PRNG, even when
+      HardwareAccel is set. The only default builtin PRNG engine uses
+      the Intel RDRAND instruction to replace the entire PRNG, and
+      ignores all attempts to seed it with more entropy. That's
+      cryptographically stupid: the right response to a new alleged
+      entropy source is never to discard all previously used entropy
+      sources. Fixes bug 10402; works around behavior introduced in
+      OpenSSL 1.0.0. Diagnosis and investigation thanks to "coderman"
+      and "rl1987".
+    - Fix assertion failure when AutomapHostsOnResolve yields an IPv6
+      address. Fixes bug 10465; bugfix on 0.2.4.7-alpha.
+    - Avoid launching spurious extra circuits when a stream is pending.
+      This fixes a bug where any circuit that _wasn't_ unusable for new
+      streams would be treated as if it were, causing extra circuits to
+      be launched. Fixes bug 10456; bugfix on 0.2.4.12-alpha.
+
+  o Minor bugfixes:
+    - Avoid a crash bug when starting with a corrupted microdescriptor
+      cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
+    - If we fail to dump a previously cached microdescriptor to disk, avoid
+      freeing duplicate data later on. Fixes bug 10423; bugfix on
+      0.2.4.13-alpha. Spotted by "bobnomnom".
+
+
+Changes in version 0.2.4.19 - 2013-12-11
+  The Tor 0.2.4 release series is dedicated to the memory of Aaron Swartz
+  (1986-2013). Aaron worked on diverse projects including helping to guide
+  Creative Commons, playing a key role in stopping SOPA/PIPA, bringing
+  transparency to the U.S government's PACER documents, and contributing
+  design and development for Tor and Tor2Web. Aaron was one of the latest
+  martyrs in our collective fight for civil liberties and human rights,
+  and his death is all the more painful because he was one of us.
+
+  Tor 0.2.4.19, the first stable release in the 0.2.4 branch, features
+  a new circuit handshake and link encryption that use ECC to provide
+  better security and efficiency; makes relays better manage circuit
+  creation requests; uses "directory guards" to reduce client enumeration
+  risks; makes bridges collect and report statistics about the pluggable
+  transports they support; cleans up and improves our geoip database;
+  gets much closer to IPv6 support for clients, bridges, and relays; makes
+  directory authorities use measured bandwidths rather than advertised
+  ones when computing flags and thresholds; disables client-side DNS
+  caching to reduce tracking risks; and fixes a big bug in bridge
+  reachability testing. This release introduces two new design
+  abstractions in the code: a new "channel" abstraction between circuits
+  and or_connections to allow for implementing alternate relay-to-relay
+  transports, and a new "circuitmux" abstraction storing the queue of
+  circuits for a channel. The release also includes many stability,
+  security, and privacy fixes.
+
+
+Changes in version 0.2.4.18-rc - 2013-11-16
+  Tor 0.2.4.18-rc is the fourth release candidate for the Tor 0.2.4.x
+  series. It takes a variety of fixes from the 0.2.5.x branch to improve
+  stability, performance, and better handling of edge cases.
+
+  o Major features:
+    - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
+      Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
+      1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
+      renegotiation from working with TLS 1.1 or 1.2, so we had disabled
+      them to solve bug 6033.)
+
+  o Major bugfixes:
+    - No longer stop reading or writing on cpuworker connections when
+      our rate limiting buckets go empty. Now we should handle circuit
+      handshake requests more promptly. Resolves bug 9731.
+    - If we are unable to save a microdescriptor to the journal, do not
+      drop it from memory and then reattempt downloading it. Fixes bug
+      9645; bugfix on 0.2.2.6-alpha.
+    - Stop trying to bootstrap all our directory information from
+      only our first guard. Discovered while fixing bug 9946; bugfix
+      on 0.2.4.8-alpha.
+    - The new channel code sometimes lost track of in-progress circuits,
+      causing long-running clients to stop building new circuits. The
+      fix is to always call circuit_n_chan_done(chan, 0) from
+      channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
+
+  o Minor bugfixes (on 0.2.4.x):
+    - Correctly log long IPv6 exit policies, instead of truncating them
+      or reporting an error. Fixes bug 9596; bugfix on 0.2.4.7-alpha.
+    - Our default TLS ecdhe groups were backwards: we meant to be using
+      P224 for relays (for performance win) and P256 for bridges (since
+      it is more common in the wild). Instead we had it backwards. After
+      reconsideration, we decided that the default should be P256 on all
+      hosts, since its security is probably better, and since P224 is
+      reportedly used quite little in the wild.  Found by "skruffy" on
+      IRC. Fix for bug 9780; bugfix on 0.2.4.8-alpha.
+    - Free directory authority certificate download statuses on exit
+      rather than leaking them. Fixes bug 9644; bugfix on 0.2.4.13-alpha.
+
+  o Minor bugfixes (on 0.2.3.x and earlier):
+    - If the guard we choose first doesn't answer, we would try the
+      second guard, but once we connected to the second guard we would
+      abandon it and retry the first one, slowing down bootstrapping.
+      The fix is to treat all our initially chosen guards as acceptable
+      to use. Fixes bug 9946; bugfix on 0.1.1.11-alpha.
+    - Fix an assertion failure that would occur when disabling the
+      ORPort setting on a running Tor process while accounting was
+      enabled. Fixes bug 6979; bugfix on 0.2.2.18-alpha.
+    - When examining the list of network interfaces to find our address,
+      do not consider non-running or disabled network interfaces. Fixes
+      bug 9904; bugfix on 0.2.3.11-alpha. Patch from "hantwister".
+    - Avoid an off-by-one error when checking buffer boundaries when
+      formatting the exit status of a pluggable transport helper.
+      This is probably not an exploitable bug, but better safe than
+      sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
+      Pedro Ribeiro.
+
+  o Minor features (protecting client timestamps):
+    - Clients no longer send timestamps in their NETINFO cells. These were
+      not used for anything, and they provided one small way for clients
+      to be distinguished from each other as they moved from network to
+      network or behind NAT. Implements part of proposal 222.
+    - Clients now round timestamps in INTRODUCE cells down to the nearest
+      10 minutes. If a new Support022HiddenServices option is set to 0, or
+      if it's set to "auto" and the feature is disabled in the consensus,
+      the timestamp is sent as 0 instead. Implements part of proposal 222.
+    - Stop sending timestamps in AUTHENTICATE cells. This is not such
+      a big deal from a security point of view, but it achieves no actual
+      good purpose, and isn't needed. Implements part of proposal 222.
+    - Reduce down accuracy of timestamps in hidden service descriptors.
+      Implements part of proposal 222.
+
+  o Minor features (other):
+    - Improve the circuit queue out-of-memory handler. Previously, when
+      we ran low on memory, we'd close whichever circuits had the most
+      queued cells. Now, we close those that have the *oldest* queued
+      cells, on the theory that those are most responsible for us
+      running low on memory. Based on analysis from a forthcoming paper
+      by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
+    - Generate bootstrapping status update events correctly when fetching
+      microdescriptors. Fixes bug 9927.
+    - Update to the October 2 2013 Maxmind GeoLite Country database.
+
+  o Documentation fixes:
+    - Clarify the usage and risks of setting the ContactInfo torrc line
+      for your relay or bridge. Resolves ticket 9854.
+    - Add anchors to the manpage so we can link to the html version of
+      the documentation for specific options. Resolves ticket 9866.
+    - Replace remaining references to DirServer in man page and
+      log entries. Resolves ticket 10124.
+
+
+Changes in version 0.2.5.1-alpha - 2013-10-02
+  Tor 0.2.5.1-alpha introduces experimental support for syscall sandboxing
+  on Linux, allows bridges that offer pluggable transports to report usage
+  statistics, fixes many issues to make testing easier, and provides
+  a pile of minor features and bugfixes that have been waiting for a
+  release of the new branch.
+
+  This is the first alpha release in a new series, so expect there to
+  be bugs. Users who would rather test out a more stable branch should
+  stay with 0.2.4.x for now.
+
+  o Major features (security):
+    - Use the seccomp2 syscall filtering facility on Linux to limit
+      which system calls Tor can invoke. This is an experimental,
+      Linux-only feature to provide defense-in-depth against unknown
+      attacks. To try turning it on, set "Sandbox 1" in your torrc
+      file. Please be ready to report bugs. We hope to add support
+      for better sandboxing in the future, including more fine-grained
+      filters, better division of responsibility, and support for more
+      platforms. This work has been done by Cristian-Matei Toader for
+      Google Summer of Code.
+    - Re-enable TLS 1.1 and 1.2 when built with OpenSSL 1.0.1e or later.
+      Resolves ticket 6055. (OpenSSL before 1.0.1 didn't have TLS 1.1 or
+      1.2, and OpenSSL from 1.0.1 through 1.0.1d had bugs that prevented
+      renegotiation from working with TLS 1.1 or 1.2, so we had disabled
+      them to solve bug 6033.)
+
+  o Major features (other):
+    - Add support for passing arguments to managed pluggable transport
+      proxies. Implements ticket 3594.
+    - Bridges now track GeoIP information and the number of their users
+      even when pluggable transports are in use, and report usage
+      statistics in their extra-info descriptors. Resolves tickets 4773
+      and 5040.
+    - Make testing Tor networks bootstrap better: lower directory fetch
+      retry schedules and maximum interval without directory requests,
+      and raise maximum download tries. Implements ticket 6752.
+    - Add make target 'test-network' to run tests on a Chutney network.
+      Implements ticket 8530.
+    - The ntor handshake is now on-by-default, no matter what the
+      directory authorities recommend. Implements ticket 8561.
+
+  o Major bugfixes:
+    - Instead of writing destroy cells directly to outgoing connection
+      buffers, queue them and intersperse them with other outgoing cells.
+      This can prevent a set of resource starvation conditions where too
+      many pending destroy cells prevent data cells from actually getting
+      delivered. Reported by "oftc_must_be_destroyed". Fixes bug 7912;
+      bugfix on 0.2.0.1-alpha.
+    - If we are unable to save a microdescriptor to the journal, do not
+      drop it from memory and then reattempt downloading it. Fixes bug
+      9645; bugfix on 0.2.2.6-alpha.
+    - The new channel code sometimes lost track of in-progress circuits,
+      causing long-running clients to stop building new circuits. The
+      fix is to always call circuit_n_chan_done(chan, 0) from
+      channel_closed(). Fixes bug 9776; bugfix on 0.2.4.17-rc.
+
+  o Build features:
+    - Tor now builds each source file in two modes: a mode that avoids
+      exposing identifiers needlessly, and another mode that exposes
+      more identifiers for testing. This lets the compiler do better at
+      optimizing the production code, while enabling us to take more
+      radical measures to let the unit tests test things.
+    - The production builds no longer include functions used only in
+      the unit tests; all functions exposed from a module only for
+      unit-testing are now static in production builds.
+    - Add an --enable-coverage configuration option to make the unit
+      tests (and a new src/or/tor-cov target) to build with gcov test
+      coverage support.
+
+  o Testing:
+    - We now have rudimentary function mocking support that our unit
+      tests can use to test functions in isolation. Function mocking
+      lets the tests temporarily replace a function's dependencies with
+      stub functions, so that the tests can check the function without
+      invoking the other functions it calls.
+    - Add more unit tests for the ->circuit map, and
+      the destroy-cell-tracking code to fix bug 7912.
+    - Unit tests for failing cases of the TAP onion handshake.
+    - More unit tests for address-manipulation functions.
+
+  o Minor features (protecting client timestamps):
+    - Clients no longer send timestamps in their NETINFO cells. These were
+      not used for anything, and they provided one small way for clients
+      to be distinguished from each other as they moved from network to
+      network or behind NAT. Implements part of proposal 222.
+    - Clients now round timestamps in INTRODUCE cells down to the nearest
+      10 minutes. If a new Support022HiddenServices option is set to 0, or
+      if it's set to "auto" and the feature is disabled in the consensus,
+      the timestamp is sent as 0 instead. Implements part of proposal 222.
+    - Stop sending timestamps in AUTHENTICATE cells. This is not such
+      a big deal from a security point of view, but it achieves no actual
+      good purpose, and isn't needed. Implements part of proposal 222.
+    - Reduce down accuracy of timestamps in hidden service descriptors.
+      Implements part of proposal 222.
+
+  o Minor features (config options):
+    - Config (torrc) lines now handle fingerprints which are missing
+      their initial '$'. Resolves ticket 4341; improvement over 0.0.9pre5.
+    - Support a --dump-config option to print some or all of the
+      configured options. Mainly useful for debugging the command-line
+      option parsing code. Helps resolve ticket 4647.
+    - Raise awareness of safer logging: notify user of potentially
+      unsafe config options, like logging more verbosely than severity
+      "notice" or setting SafeLogging to 0. Resolves ticket 5584.
+    - Add a new configuration option TestingV3AuthVotingStartOffset
+      that bootstraps a network faster by changing the timing for
+      consensus votes. Addresses ticket 8532.
+    - Add a new torrc option "ServerTransportOptions" that allows
+      bridge operators to pass configuration parameters to their
+      pluggable transports. Resolves ticket 8929.
+    - The config (torrc) file now accepts bandwidth and space limits in
+      bits as well as bytes. (Anywhere that you can say "2 Kilobytes",
+      you can now say "16 kilobits", and so on.) Resolves ticket 9214.
+      Patch by CharlieB.
+
+  o Minor features (build):
+    - Add support for `--library-versions` flag. Implements ticket 6384.
+    - Return the "unexpected sendme" warnings to a warn severity, but make
+      them rate limited, to help diagnose ticket 8093.
+    - Detect a missing asciidoc, and warn the user about it, during
+      configure rather than at build time. Fixes issue 6506. Patch from
+      Arlo Breault.
+
+  o Minor features (other):
+    - Use the SOCK_NONBLOCK socket type, if supported, to open nonblocking
+      sockets in a single system call. Implements ticket 5129.
+    - Log current accounting state (bytes sent and received + remaining
+      time for the current accounting period) in the relay's heartbeat
+      message. Implements ticket 5526; patch from Peter Retzlaff.
+    - Implement the TRANSPORT_LAUNCHED control port event that
+      notifies controllers about new launched pluggable
+      transports. Resolves ticket 5609.
+    - If we're using the pure-C 32-bit curve25519_donna implementation
+      of curve25519, build it with the -fomit-frame-pointer option to
+      make it go faster on register-starved hosts. This improves our
+      handshake performance by about 6% on i386 hosts without nacl.
+      Closes ticket 8109.
+    - Update to the September 4 2013 Maxmind GeoLite Country database.
+
+  o Minor bugfixes:
+    - Set the listen() backlog limit to the largest actually supported
+      on the system, not to the value in a header file. Fixes bug 9716;
+      bugfix on every released Tor.
+    - No longer accept malformed http headers when parsing urls from
+      headers. Now we reply with Bad Request ("400"). Fixes bug 2767;
+      bugfix on 0.0.6pre1.
+    - In munge_extrainfo_into_routerinfo(), check the return value of
+      memchr(). This would have been a serious issue if we ever passed
+      it a non-extrainfo. Fixes bug 8791; bugfix on 0.2.0.6-alpha. Patch
+      from Arlo Breault.
+    - On the chance that somebody manages to build Tor on a
+      platform where time_t is unsigned, correct the way that
+      microdesc_add_to_cache() handles negative time arguments.
+      Fixes bug 8042; bugfix on 0.2.3.1-alpha.
+    - Reject relative control socket paths and emit a warning. Previously,
+      single-component control socket paths would be rejected, but Tor
+      would not log why it could not validate the config. Fixes bug 9258;
+      bugfix on 0.2.3.16-alpha.
+
+  o Minor bugfixes (command line):
+    - Use a single command-line parser for parsing torrc options on the
+      command line and for finding special command-line options to avoid
+      inconsistent behavior for torrc option arguments that have the same
+      names as command-line options. Fixes bugs 4647 and 9578; bugfix on
+      0.0.9pre5.
+    - No longer allow 'tor --hash-password' with no arguments. Fixes bug
+      9573; bugfix on 0.0.9pre5.
+
+  o Minor fixes (build, auxiliary programs):
+    - Stop preprocessing the "torify" script with autoconf, since
+      it no longer refers to LOCALSTATEDIR. Fixes bug 5505; patch
+      from Guilhem.
+    - The tor-fw-helper program now follows the standard convention and
+      exits with status code "0" on success. Fixes bug 9030; bugfix on
+      0.2.3.1-alpha. Patch by Arlo Breault.
+    - Corrected ./configure advice for what openssl dev package you should
+      install on Debian. Fixes bug 9207; bugfix on 0.2.0.1-alpha.
+
+  o Minor code improvements:
+    - Remove constants and tests for PKCS1 padding; it's insecure and
+      shouldn't be used for anything new. Fixes bug 8792; patch
+      from Arlo Breault.
+    - Remove instances of strcpy() from the unit tests. They weren't
+      hurting anything, since they were only in the unit tests, but it's
+      embarrassing to have strcpy() in the code at all, and some analysis
+      tools don't like it. Fixes bug 8790; bugfix on 0.2.3.6-alpha and
+      0.2.3.8-alpha. Patch from Arlo Breault.
+
+  o Removed features:
+    - Remove migration code from when we renamed the "cached-routers"
+      file to "cached-descriptors" back in 0.2.0.8-alpha. This
+      incidentally resolves ticket 6502 by cleaning up the related code
+      a bit. Patch from Akshay Hebbar.
+
+  o Code simplification and refactoring:
+    - Extract the common duplicated code for creating a subdirectory
+      of the data directory and writing to a file in it. Fixes ticket
+      4282; patch from Peter Retzlaff.
+    - Since OpenSSL 0.9.7, the i2d_*() functions support allocating output
+      buffer. Avoid calling twice: i2d_RSAPublicKey(), i2d_DHparams(),
+      i2d_X509(), and i2d_PublicKey(). Resolves ticket 5170.
+    - Add a set of accessor functions for the circuit timeout data
+      structure. Fixes ticket 6153; patch from "piet".
+    - Clean up exit paths from connection_listener_new(). Closes ticket
+      8789. Patch from Arlo Breault.
+    - Since we rely on OpenSSL 0.9.8 now, we can use EVP_PKEY_cmp()
+      and drop our own custom pkey_eq() implementation. Fixes bug 9043.
+    - Use a doubly-linked list to implement the global circuit list.
+      Resolves ticket 9108. Patch from Marek Majkowski.
+    - Remove contrib/id_to_fp.c since it wasn't used anywhere.
+
+
+Changes in version 0.2.4.17-rc - 2013-09-05
+  Tor 0.2.4.17-rc is the third release candidate for the Tor 0.2.4.x
+  series. It adds an emergency step to help us tolerate the massive
+  influx of users: 0.2.4 clients using the new (faster and safer) "NTor"
+  circuit-level handshakes now effectively jump the queue compared to
+  the 0.2.3 clients using "TAP" handshakes. This release also fixes a
+  big bug hindering bridge reachability tests.
+
+  o Major features:
+    - Relays now process the new "NTor" circuit-level handshake requests
+      with higher priority than the old "TAP" circuit-level handshake
+      requests. We still process some TAP requests to not totally starve
+      0.2.3 clients when NTor becomes popular. A new consensus parameter
+      "NumNTorsPerTAP" lets us tune the balance later if we need to.
+      Implements ticket 9574.
+
+  o Major bugfixes:
+    - If the circuit build timeout logic is disabled (via the consensus,
+      or because we are an authority), then don't build testing circuits.
+      Fixes bug 9657; bugfix on 0.2.2.14-alpha.
+    - Bridges now send AUTH_CHALLENGE cells during their v3 handshakes;
+      previously they did not, which prevented them from receiving
+      successful connections from relays for self-test or bandwidth
+      testing. Also, when a relay is extending a circuit to a bridge,
+      it needs to send a NETINFO cell, even when the bridge hasn't sent
+      an AUTH_CHALLENGE cell. Fixes bug 9546; bugfix on 0.2.3.6-alpha.
+    - If the time to download the next old-style networkstatus is in
+      the future, do not decline to consider whether to download the
+      next microdescriptor networkstatus. Fixes bug 9564; bugfix on
+      0.2.3.14-alpha.
+
+  o Minor bugfixes:
+    - Avoid double-closing the listener socket in our socketpair()
+      replacement (used on Windows) in the case where the addresses on
+      our opened sockets don't match what we expected. Fixes bug 9400;
+      bugfix on 0.0.2pre7. Found by Coverity.
+
+  o Minor fixes (config options):
+    - Avoid overflows when the user sets MaxCircuitDirtiness to a
+      ridiculously high value, by imposing a (ridiculously high) 30-day
+      maximum on MaxCircuitDirtiness.
+    - Fix the documentation of HeartbeatPeriod to say that the heartbeat
+      message is logged at notice, not at info.
+    - Warn and fail if a server is configured not to advertise any
+      ORPorts at all. (We need *something* to put in our descriptor,
+      or we just won't work.)
+
+  o Minor features:
+    - Track how many "TAP" and "NTor" circuit handshake requests we get,
+      and how many we complete, and log it every hour to help relay
+      operators follow trends in network load. Addresses ticket 9658.
+    - Update to the August 7 2013 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.4.16-rc - 2013-08-10
+  Tor 0.2.4.16-rc is the second release candidate for the Tor 0.2.4.x
+  series. It fixes several crash bugs in the 0.2.4 branch.
+
+  o Major bugfixes:
+    - Fix a bug in the voting algorithm that could yield incorrect results
+      when a non-naming authority declared too many flags. Fixes bug 9200;
+      bugfix on 0.2.0.3-alpha.
+    - Fix an uninitialized read that could in some cases lead to a remote
+      crash while parsing INTRODUCE2 cells. Bugfix on 0.2.4.1-alpha.
+      Anybody running a hidden service on the experimental 0.2.4.x
+      branch should upgrade. (This is, so far as we know, unrelated to
+      the recent news.)
+    - Avoid an assertion failure when processing DNS replies without the
+      answer types we expected. Fixes bug 9337; bugfix on 0.2.4.7-alpha.
+    - Avoid a crash when using --hash-password. Fixes bug 9295; bugfix on
+      0.2.4.15-rc. Found by stem integration tests.
+
+  o Minor bugfixes:
+    - Fix an invalid memory read that occurred when a pluggable
+      transport proxy failed its configuration protocol.
+      Fixes bug 9288; bugfix on 0.2.4.1-alpha.
+    - When evaluating whether to use a connection that we haven't
+      decided is canonical using a recent link protocol version,
+      decide that it's canonical only if it used address _does_
+      match the desired address. Fixes bug 9309; bugfix on
+      0.2.4.4-alpha. Reported by skruffy.
+    - Make the default behavior of NumDirectoryGuards be to track
+      NumEntryGuards. Now a user who changes only NumEntryGuards will get
+      the behavior she expects. Fixes bug 9354; bugfix on 0.2.4.8-alpha.
+    - Fix a spurious compilation warning with some older versions of
+      GCC on FreeBSD. Fixes bug 9254; bugfix on 0.2.4.14-alpha.
+
+  o Minor features:
+    - Update to the July 3 2013 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.4.15-rc - 2013-07-01
+  Tor 0.2.4.15-rc is the first release candidate for the Tor 0.2.4.x
+  series. It fixes a few smaller bugs, but generally appears stable.
+  Please test it and let us know whether it is!
+
+  o Major bugfixes:
+    - When receiving a new configuration file via the control port's
+      LOADCONF command, do not treat the defaults file as absent.
+      Fixes bug 9122; bugfix on 0.2.3.9-alpha.
+
+  o Minor features:
+    - Issue a warning when running with the bufferevents backend enabled.
+      It's still not stable, and people should know that they're likely
+      to hit unexpected problems. Closes ticket 9147.
+
+
+Changes in version 0.2.4.14-alpha - 2013-06-18
+  Tor 0.2.4.14-alpha fixes a pair of client guard enumeration problems
+  present in 0.2.4.13-alpha.
+
+  o Major bugfixes:
+    - When we have too much memory queued in circuits (according to a new
+      MaxMemInCellQueues option), close the circuits consuming the most
+      memory. This prevents us from running out of memory as a relay if
+      circuits fill up faster than they can be drained. Fixes bug 9063;
+      bugfix on the 54th commit of Tor. This bug is a further fix beyond
+      bug 6252, whose fix was merged into 0.2.3.21-rc.
+
+      This change also fixes an earlier approach taken in 0.2.4.13-alpha,
+      where we tried to solve this issue simply by imposing an upper limit
+      on the number of queued cells for a single circuit. That approach
+      proved to be problematic, since there are ways to provoke clients to
+      send a number of cells in excess of any such reasonable limit. Fixes
+      bug 9072; bugfix on 0.2.4.13-alpha.
+
+    - Limit hidden service descriptors to at most ten introduction
+      points, to slow one kind of guard enumeration. Fixes bug 9002;
+      bugfix on 0.1.1.11-alpha.
+
+
+Changes in version 0.2.4.13-alpha - 2013-06-14
+  Tor 0.2.4.13-alpha fixes a variety of potential remote crash
+  vulnerabilities, makes socks5 username/password circuit isolation
+  actually actually work (this time for sure!), and cleans up a bunch
+  of other issues in preparation for a release candidate.
+
+  o Major bugfixes (robustness):
+    - Close any circuit that has too many cells queued on it. Fixes
+      bug 9063; bugfix on the 54th commit of Tor. This bug is a further
+      fix beyond bug 6252, whose fix was merged into 0.2.3.21-rc.
+    - Prevent the get_freelists() function from running off the end of
+      the list of freelists if it somehow gets an unrecognized
+      allocation. Fixes bug 8844; bugfix on 0.2.0.16-alpha. Reported by
+      eugenis.
+    - Avoid an assertion failure on OpenBSD (and perhaps other BSDs)
+      when an exit connection with optimistic data succeeds immediately
+      rather than returning EINPROGRESS. Fixes bug 9017; bugfix on
+      0.2.3.1-alpha.
+    - Fix a directory authority crash bug when building a consensus
+      using an older consensus as its basis. Fixes bug 8833. Bugfix
+      on 0.2.4.12-alpha.
+
+  o Major bugfixes:
+    - Avoid a memory leak where we would leak a consensus body when we
+      find that a consensus which we couldn't previously verify due to
+      missing certificates is now verifiable. Fixes bug 8719; bugfix
+      on 0.2.0.10-alpha.
+    - We used to always request authority certificates by identity digest,
+      meaning we'd get the newest one even when we wanted one with a
+      different signing key. Then we would complain about being given
+      a certificate we already had, and never get the one we really
+      wanted. Now we use the "fp-sk/" resource as well as the "fp/"
+      resource to request the one we want. Fixes bug 5595; bugfix on
+      0.2.0.8-alpha.
+    - Follow the socks5 protocol when offering username/password
+      authentication. The fix for bug 8117 exposed this bug, and it
+      turns out real-world applications like Pidgin do care. Bugfix on
+      0.2.3.2-alpha; fixes bug 8879.
+    - Prevent failures on Windows Vista and later when rebuilding the
+      microdescriptor cache. Diagnosed by Robert Ransom. Fixes bug 8822;
+      bugfix on 0.2.4.12-alpha.
+
+  o Minor bugfixes:
+    - Fix an impossible buffer overrun in the AES unit tests. Fixes
+      bug 8845; bugfix on 0.2.0.7-alpha. Found by eugenis.
+    - If for some reason we fail to write a microdescriptor while
+      rebuilding the cache, do not let the annotations from that
+      microdescriptor linger in the cache file, and do not let the
+      microdescriptor stay recorded as present in its old location.
+      Fixes bug 9047; bugfix on 0.2.2.6-alpha.
+    - Fix a memory leak that would occur whenever a configuration
+      option changed. Fixes bug 8718; bugfix on 0.2.3.3-alpha.
+    - Paste the description for PathBias parameters from the man
+      page into or.h, so the code documents them too. Fixes bug 7982;
+      bugfix on 0.2.3.17-beta and 0.2.4.8-alpha.
+    - Relays now treat a changed IPv6 ORPort as sufficient reason to
+      publish an updated descriptor. Fixes bug 6026; bugfix on
+      0.2.4.1-alpha.
+    - When launching a resolve request on behalf of an AF_UNIX control
+      socket, omit the address field of the new entry connection, used in
+      subsequent controller events, rather than letting tor_dup_addr()
+      set it to "". Fixes bug 8639; bugfix on
+      0.2.4.12-alpha.
+
+  o Minor bugfixes (log messages):
+    - Fix a scaling issue in the path bias accounting code that
+      resulted in "Bug:" log messages from either
+      pathbias_scale_close_rates() or pathbias_count_build_success().
+      This represents a bugfix on a previous bugfix: the original fix
+      attempted in 0.2.4.10-alpha was incomplete. Fixes bug 8235; bugfix
+      on 0.2.4.1-alpha.
+    - Give a less useless error message when the user asks for an IPv4
+      address on an IPv6-only port, or vice versa. Fixes bug 8846; bugfix
+      on 0.2.4.7-alpha.
+
+  o Minor features:
+    - Downgrade "unexpected SENDME" warnings to protocol-warn for 0.2.4.x,
+      to tolerate bug 8093 for now.
+    - Add an "ignoring-advertised-bws" boolean to the flag-threshold lines
+      in directory authority votes to describe whether they have enough
+      measured bandwidths to ignore advertised (relay descriptor)
+      bandwidth claims. Resolves ticket 8711.
+    - Update to the June 5 2013 Maxmind GeoLite Country database.
+
+  o Removed documentation:
+    - Remove some of the older contents of doc/ as obsolete; move others
+      to torspec.git. Fixes bug 8965.
+
+  o Code simplification and refactoring:
+    - Avoid using character buffers when constructing most directory
+      objects: this approach was unwieldy and error-prone. Instead,
+      build smartlists of strings, and concatenate them when done.
+
+
+Changes in version 0.2.4.12-alpha - 2013-04-18
+  Tor 0.2.4.12-alpha moves Tor forward on several fronts: it starts the
+  process for lengthening the guard rotation period, makes directory
+  authority opinions in the consensus a bit less gameable, makes socks5
+  username/password circuit isolation actually work, and fixes a wide
+  variety of other issues.
+
+  o Major features:
+    - Raise the default time that a client keeps an entry guard from
+      "1-2 months" to "2-3 months", as suggested by Tariq Elahi's WPES
+      2012 paper. (We would make it even longer, but we need better client
+      load balancing first.) Also, make the guard lifetime controllable
+      via a new GuardLifetime torrc option and a GuardLifetime consensus
+      parameter. Start of a fix for bug 8240; bugfix on 0.1.1.11-alpha.
+    - Directory authorities now prefer using measured bandwidths to
+      advertised ones when computing flags and thresholds. Resolves
+      ticket 8273.
+    - Directory authorities that have more than a threshold number
+      of relays with measured bandwidths now treat relays with unmeasured
+      bandwidths as having bandwidth 0. Resolves ticket 8435.
+
+  o Major bugfixes (assert / resource use):
+    - Avoid a bug where our response to TLS renegotiation under certain
+      network conditions could lead to a busy-loop, with 100% CPU
+      consumption. Fixes bug 5650; bugfix on 0.2.0.16-alpha.
+    - Avoid an assertion when we discover that we'd like to write a cell
+      onto a closing connection: just discard the cell. Fixes another
+      case of bug 7350; bugfix on 0.2.4.4-alpha.
+
+  o Major bugfixes (client-side privacy):
+    - When we mark a circuit as unusable for new circuits, have it
+      continue to be unusable for new circuits even if MaxCircuitDirtiness
+      is increased too much at the wrong time, or the system clock jumps
+      backwards. Fixes bug 6174; bugfix on 0.0.2pre26.
+    - If ClientDNSRejectInternalAddresses ("do not believe DNS queries
+      which have resolved to internal addresses") is set, apply that
+      rule to IPv6 as well. Fixes bug 8475; bugfix on 0.2.0.7-alpha.
+    - When an exit relay rejects a stream with reason "exit policy", but
+      we only know an exit policy summary (e.g. from the microdesc
+      consensus) for it, do not mark the relay as useless for all exiting.
+      Instead, mark just the circuit as unsuitable for that particular
+      address. Fixes part of bug 7582; bugfix on 0.2.3.2-alpha.
+    - Allow applications to get proper stream isolation with
+      IsolateSOCKSAuth. Many SOCKS5 clients that want to offer
+      username/password authentication also offer "no authentication". Tor
+      had previously preferred "no authentication", so the applications
+      never actually sent Tor their auth details. Now Tor selects
+      username/password authentication if it's offered. You can disable
+      this behavior on a per-SOCKSPort basis via PreferSOCKSNoAuth. Fixes
+      bug 8117; bugfix on 0.2.3.3-alpha.
+
+  o Major bugfixes (other):
+    - When unable to find any working directory nodes to use as a
+      directory guard, give up rather than adding the same non-working
+      nodes to the directory guard list over and over. Fixes bug 8231;
+      bugfix on 0.2.4.8-alpha.
+
+  o Minor features:
+    - Reject as invalid most directory objects containing a NUL.
+      Belt-and-suspender fix for bug 8037.
+    - In our testsuite, create temporary directories with a bit more
+      entropy in their name to make name collisions less likely. Fixes
+      bug 8638.
+    - Add CACHED keyword to ADDRMAP events in the control protocol
+      to indicate whether a DNS result will be cached or not. Resolves
+      ticket 8596.
+    - Update to the April 3 2013 Maxmind GeoLite Country database.
+
+  o Minor features (build):
+    - Detect and reject attempts to build Tor with threading support
+      when OpenSSL has been compiled without threading support.
+      Fixes bug 6673.
+    - Clarify that when autoconf is checking for nacl, it is checking
+      specifically for nacl with a fast curve25519 implementation.
+      Fixes bug 8014.
+    - Warn if building on a platform with an unsigned time_t: there
+      are too many places where Tor currently assumes that time_t can
+      hold negative values. We'd like to fix them all, but probably
+      some will remain.
+
+  o Minor bugfixes (build):
+    - Fix some bugs in tor-fw-helper-natpmp when trying to build and
+      run it on Windows. More bugs likely remain. Patch from Gisle Vanem.
+      Fixes bug 7280; bugfix on 0.2.3.1-alpha.
+    - Add the old src/or/micro-revision.i filename to CLEANFILES.
+      On the off chance that somebody has one, it will go away as soon
+      as they run "make clean". Fix for bug 7143; bugfix on 0.2.4.1-alpha.
+    - Build Tor correctly on 32-bit platforms where the compiler can build
+      but not run code using the "uint128_t" construction. Fixes bug 8587;
+      bugfix on 0.2.4.8-alpha.
+    - Fix compilation warning with some versions of clang that would
+      prefer the -Wswitch-enum compiler flag to warn about switch
+      statements with missing enum values, even if those switch
+      statements have a "default:" statement. Fixes bug 8598; bugfix
+      on 0.2.4.10-alpha.
+
+  o Minor bugfixes (protocol):
+    - Fix the handling of a TRUNCATE cell when it arrives while the
+      circuit extension is in progress. Fixes bug 7947; bugfix on 0.0.7.1.
+    - Fix a misframing issue when reading the version numbers in a
+      VERSIONS cell. Previously we would recognize [00 01 00 02] as
+      'version 1, version 2, and version 0x100', when it should have
+      only included versions 1 and 2. Fixes bug 8059; bugfix on
+      0.2.0.10-alpha. Reported pseudonymously.
+    - Make the format and order of STREAM events for DNS lookups
+      consistent among the various ways to launch DNS lookups. Fixes
+      bug 8203; bugfix on 0.2.0.24-rc. Patch by "Desoxy".
+    - Correct our check for which versions of Tor support the EXTEND2
+      cell. We had been willing to send it to Tor 0.2.4.7-alpha and
+      later, when support was really added in version 0.2.4.8-alpha.
+      Fixes bug 8464; bugfix on 0.2.4.8-alpha.
+
+  o Minor bugfixes (other):
+    - Correctly store microdescriptors and extrainfo descriptors with
+      an internal NUL byte. Fixes bug 8037; bugfix on 0.2.0.1-alpha.
+      Bug reported by "cypherpunks".
+    - Increase the width of the field used to remember a connection's
+      link protocol version to two bytes. Harmless for now, since the
+      only currently recognized versions are one byte long. Reported
+      pseudonymously. Fixes bug 8062; bugfix on 0.2.0.10-alpha.
+    - If the state file's path bias counts are invalid (presumably from a
+      buggy Tor prior to 0.2.4.10-alpha), make them correct. Also add
+      additional checks and log messages to the scaling of Path Bias
+      counts, in case there still are remaining issues with scaling.
+      Should help resolve bug 8235.
+    - Eliminate several instances where we use "Nickname=ID" to refer to
+      nodes in logs. Use "Nickname (ID)" instead. (Elsewhere, we still use
+      "$ID=Nickname", which is also acceptable.) Fixes bug 7065. Bugfix
+      on 0.2.3.21-rc, 0.2.4.5-alpha, 0.2.4.8-alpha, and 0.2.4.10-alpha.
+
+  o Minor bugfixes (syscalls):
+    - Always check the return values of functions fcntl() and
+      setsockopt(). We don't believe these are ever actually failing in
+      practice, but better safe than sorry. Also, checking these return
+      values should please analysis tools like Coverity. Patch from
+      'flupzor'. Fixes bug 8206; bugfix on all versions of Tor.
+    - Use direct writes rather than stdio when building microdescriptor
+      caches, in an attempt to mitigate bug 8031, or at least make it
+      less common.
+
+  o Minor bugfixes (config):
+    - When rejecting a configuration because we were unable to parse a
+      quoted string, log an actual error message. Fixes bug 7950; bugfix
+      on 0.2.0.16-alpha.
+    - Behave correctly when the user disables LearnCircuitBuildTimeout
+      but doesn't tell us what they would like the timeout to be. Fixes
+      bug 6304; bugfix on 0.2.2.14-alpha.
+    - When autodetecting the number of CPUs, use the number of available
+      CPUs in preference to the number of configured CPUs. Inform the
+      user if this reduces the number of available CPUs. Fixes bug 8002;
+      bugfix on 0.2.3.1-alpha.
+    - Make it an error when you set EntryNodes but disable UseGuardNodes,
+      since it will (surprisingly to some users) ignore EntryNodes. Fixes
+      bug 8180; bugfix on 0.2.3.11-alpha.
+    - Allow TestingTorNetworks to override the 4096-byte minimum for
+      the Fast threshold. Otherwise they can't bootstrap until they've
+      observed more traffic. Fixes bug 8508; bugfix on 0.2.4.10-alpha.
+    - Fix some logic errors when the user manually overrides the
+      PathsNeededToBuildCircuits option in torrc. Fixes bug 8599; bugfix
+      on 0.2.4.10-alpha.
+
+  o Minor bugfixes (log messages to help diagnose bugs):
+    - If we fail to free a microdescriptor because of bug 7164, log
+      the filename and line number from which we tried to free it.
+    - Add another diagnostic to the heartbeat message: track and log
+      overhead that TLS is adding to the data we write. If this is
+      high, we are sending too little data to SSL_write at a time.
+      Diagnostic for bug 7707.
+    - Add more detail to a log message about relaxed timeouts, to help
+      track bug 7799.
+    - Warn more aggressively when flushing microdescriptors to a
+      microdescriptor cache fails, in an attempt to mitigate bug 8031,
+      or at least make it more diagnosable.
+    - Improve debugging output to help track down bug 8185 ("Bug:
+      outgoing relay cell has n_chan==NULL. Dropping.")
+    - Log the purpose of a path-bias testing circuit correctly.
+      Improves a log message from bug 8477; bugfix on 0.2.4.8-alpha.
+
+  o Minor bugfixes (0.2.4.x log messages that were too noisy):
+    - Don't attempt to relax the timeout of already opened 1-hop circuits.
+      They might never timeout. This should eliminate some/all cases of
+      the relaxed timeout log message.
+    - Use circuit creation time for network liveness evaluation. This
+      should eliminate warning log messages about liveness caused
+      by changes in timeout evaluation. Fixes bug 6572; bugfix on
+      0.2.4.8-alpha.
+    - Reduce a path bias length check from notice to info. The message
+      is triggered when creating controller circuits. Fixes bug 8196;
+      bugfix on 0.2.4.8-alpha.
+    - Fix a path state issue that triggered a notice during relay startup.
+      Fixes bug 8320; bugfix on 0.2.4.10-alpha.
+    - Reduce occurrences of warns about circuit purpose in
+      connection_ap_expire_building(). Fixes bug 8477; bugfix on
+      0.2.4.11-alpha.
+
+  o Minor bugfixes (pre-0.2.4.x log messages that were too noisy):
+    - If we encounter a write failure on a SOCKS connection before we
+      finish our SOCKS handshake, don't warn that we closed the
+      connection before we could send a SOCKS reply. Fixes bug 8427;
+      bugfix on 0.1.0.1-rc.
+    - Correctly recognize that [::1] is a loopback address. Fixes
+      bug 8377; bugfix on 0.2.1.3-alpha.
+    - Fix a directory authority warn caused when we have a large amount
+      of badexit bandwidth. Fixes bug 8419; bugfix on 0.2.2.10-alpha.
+    - Don't log inappropriate heartbeat messages when hibernating: a
+      hibernating node is _expected_ to drop out of the consensus,
+      decide it isn't bootstrapped, and so forth. Fixes bug 7302;
+      bugfix on 0.2.3.1-alpha.
+    - Don't complain about bootstrapping problems while hibernating.
+      These complaints reflect a general code problem, but not one
+      with any problematic effects (no connections are actually
+      opened). Fixes part of bug 7302; bugfix on 0.2.3.2-alpha.
+
+  o Documentation fixes:
+    - Update tor-fw-helper.1.txt and tor-fw-helper.c to make option
+      names match. Fixes bug 7768.
+    - Make the torify manpage no longer refer to tsocks; torify hasn't
+      supported tsocks since 0.2.3.14-alpha.
+    - Make the tor manpage no longer reference tsocks.
+    - Fix the GeoIPExcludeUnknown documentation to refer to
+      ExcludeExitNodes rather than the currently nonexistent
+      ExcludeEntryNodes. Spotted by "hamahangi" on tor-talk.
+
+  o Removed files:
+    - The tor-tsocks.conf is no longer distributed or installed. We
+      recommend that tsocks users use torsocks instead. Resolves
+      ticket 8290.
+
+
+Changes in version 0.2.4.11-alpha - 2013-03-11
+  Tor 0.2.4.11-alpha makes relay measurement by directory authorities
+  more robust, makes hidden service authentication work again, and
+  resolves a DPI fingerprint for Tor's SSL transport.
+
+  o Major features (directory authorities):
+    - Directory authorities now support a new consensus method (17)
+      where they cap the published bandwidth of servers for which
+      insufficient bandwidth measurements exist. Fixes part of bug 2286.
+    - Directory authorities that set "DisableV2DirectoryInfo_ 1" no longer
+      serve any v2 directory information. Now we can test disabling the
+      old deprecated v2 directory format, and see whether doing so has
+      any effect on network load. Begins to fix bug 6783.
+    - Directory authorities now include inside each vote a statement of
+      the performance thresholds they used when assigning flags.
+      Implements ticket 8151.
+
+  o Major bugfixes (directory authorities):
+    - Stop marking every relay as having been down for one hour every
+      time we restart a directory authority. These artificial downtimes
+      were messing with our Stable and Guard flag calculations. Fixes
+      bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.
+
+  o Major bugfixes (hidden services):
+    - Allow hidden service authentication to succeed again. When we
+      refactored the hidden service introduction code back
+      in 0.2.4.1-alpha, we didn't update the code that checks
+      whether authentication information is present, causing all
+      authentication checks to return "false". Fix for bug 8207; bugfix
+      on 0.2.4.1-alpha. Found by Coverity; this is CID 718615.
+
+  o Minor features (relays, bridges):
+    - Make bridge relays check once a minute for whether their IP
+      address has changed, rather than only every 15 minutes. Resolves
+      bugs 1913 and 1992.
+    - Refactor resolve_my_address() so it returns the method by which we
+      decided our public IP address (explicitly configured, resolved from
+      explicit hostname, guessed from interfaces, learned by gethostname).
+      Now we can provide more helpful log messages when a relay guesses
+      its IP address incorrectly (e.g. due to unexpected lines in
+      /etc/hosts). Resolves ticket 2267.
+    - Teach bridge-using clients to avoid 0.2.2 bridges when making
+      microdescriptor-related dir requests, and only fall back to normal
+      descriptors if none of their bridges can handle microdescriptors
+      (as opposed to the fix in ticket 4013, which caused them to fall
+      back to normal descriptors if *any* of their bridges preferred
+      them). Resolves ticket 4994.
+    - Randomize the lifetime of our SSL link certificate, so censors can't
+      use the static value for filtering Tor flows. Resolves ticket 8443;
+      related to ticket 4014 which was included in 0.2.2.33.
+    - Support a new version of the link protocol that allows 4-byte circuit
+      IDs. Previously, circuit IDs were limited to 2 bytes, which presented
+      a possible resource exhaustion issue. Closes ticket 7351; implements
+      proposal 214.
+
+  o Minor features (portability):
+    - Tweak the curve25519-donna*.c implementations to tolerate systems
+      that lack stdint.h. Fixes bug 3894; bugfix on 0.2.4.8-alpha.
+    - Use Ville Laurikari's implementation of AX_CHECK_SIGN() to determine
+      the signs of types during autoconf. This is better than our old
+      approach, which didn't work when cross-compiling.
+    - Detect the sign of enum values, rather than assuming that MSC is the
+      only compiler where enum types are all signed. Fixes bug 7727;
+      bugfix on 0.2.4.10-alpha.
+
+  o Minor features (other):
+    - Say "KBytes" rather than "KB" in the man page (for various values
+      of K), to further reduce confusion about whether Tor counts in
+      units of memory or fractions of units of memory. Resolves ticket 7054.
+    - Clear the high bit on curve25519 public keys before passing them to
+      our backend, in case we ever wind up using a backend that doesn't do
+      so itself. If we used such a backend, and *didn't* clear the high bit,
+      we could wind up in a situation where users with such backends would
+      be distinguishable from users without. Fixes bug 8121; bugfix on
+      0.2.4.8-alpha.
+    - Update to the March 6 2013 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (clients):
+    - When we receive a RELAY_END cell with the reason DONE, or with no
+      reason, before receiving a RELAY_CONNECTED cell, report the SOCKS
+      status as "connection refused". Previously we reported these cases
+      as success but then immediately closed the connection. Fixes bug
+      7902; bugfix on 0.1.0.1-rc. Reported by "oftc_must_be_destroyed".
+    - Downgrade an assertion in connection_ap_expire_beginning to an
+      LD_BUG message. The fix for bug 8024 should prevent this message
+      from displaying, but just in case, a warn that we can diagnose
+      is better than more assert crashes. Fixes bug 8065; bugfix on
+      0.2.4.8-alpha.
+    - Lower path use bias thresholds to .80 for notice and .60 for warn.
+      Also make the rate limiting flags for the path use bias log messages
+      independent from the original path bias flags. Fixes bug 8161;
+      bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (relays):
+    - Stop trying to resolve our hostname so often (e.g. every time we
+      think about doing a directory fetch). Now we reuse the cached
+      answer in some cases. Fixes bugs 1992 (bugfix on 0.2.0.20-rc)
+      and 2410 (bugfix on 0.1.2.2-alpha).
+    - Stop sending a stray "(null)" in some cases for the server status
+      "EXTERNAL_ADDRESS" controller event. Resolves bug 8200; bugfix
+      on 0.1.2.6-alpha.
+    - When choosing which stream on a formerly stalled circuit to wake
+      first, make better use of the platform's weak RNG. Previously,
+      we had been using the % ("modulo") operator to try to generate a
+      1/N chance of picking each stream, but this behaves badly with
+      many platforms' choice of weak RNG. Fixes bug 7801; bugfix on
+      0.2.2.20-alpha.
+    - Use our own weak RNG when we need a weak RNG. Windows's rand() and
+      Irix's random() only return 15 bits; Solaris's random() returns more
+      bits but its RAND_MAX says it only returns 15, and so on. Motivated
+      by the fix for bug 7801; bugfix on 0.2.2.20-alpha.
+
+  o Minor bugfixes (directory authorities):
+    - Directory authorities now use less space when formatting identical
+      microdescriptor lines in directory votes. Fixes bug 8158; bugfix
+      on 0.2.4.1-alpha.
+
+  o Minor bugfixes (memory leaks spotted by Coverity -- bug 7816):
+    - Avoid leaking memory if we fail to compute a consensus signature
+      or we generate a consensus we can't parse. Bugfix on 0.2.0.5-alpha.
+    - Fix a memory leak when receiving headers from an HTTPS proxy. Bugfix
+      on 0.2.1.1-alpha.
+    - Fix a memory leak during safe-cookie controller authentication.
+      Bugfix on 0.2.3.13-alpha.
+    - Avoid memory leak of IPv6 policy content if we fail to format it into
+      a router descriptor. Bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (other code correctness issues):
+    - Avoid a crash if we fail to generate an extrainfo descriptor.
+      Fixes bug 8208; bugfix on 0.2.3.16-alpha. Found by Coverity;
+      this is CID 718634.
+    - When detecting the largest possible file descriptor (in order to
+      close all file descriptors when launching a new program), actually
+      use _SC_OPEN_MAX. The old code for doing this was very, very broken.
+      Fixes bug 8209; bugfix on 0.2.3.1-alpha. Found by Coverity; this
+      is CID 743383.
+    - Fix a copy-and-paste error when adding a missing A1 to a routerset
+      because of GeoIPExcludeUnknown. Fix for Coverity CID 980650.
+      Bugfix on 0.2.4.10-alpha.
+    - Fix an impossible-to-trigger integer overflow when estimating how
+      long our onionskin queue would take. (This overflow would require us
+      to accept 4 million onionskins before processing 100 of them.) Fixes
+      bug 8210; bugfix on 0.2.4.10-alpha.
+
+  o Code simplification and refactoring:
+    - Add a wrapper function for the common "log a message with a
+      rate-limit" case.
+
+
+Changes in version 0.2.4.10-alpha - 2013-02-04
+  Tor 0.2.4.10-alpha adds defenses at the directory authority level from
+  certain attacks that flood the network with relays; changes the queue
+  for circuit create requests from a sized-based limit to a time-based
+  limit; resumes building with MSVC on Windows; and fixes a wide variety
+  of other issues.
+
+  o Major bugfixes (directory authority):
+    - When computing directory thresholds, ignore any rejected-as-sybil
+      nodes during the computation so that they can't influence Fast,
+      Guard, etc. (We should have done this for proposal 109.) Fixes
+      bug 8146.
+    - When marking a node as a likely sybil, reset its uptime metrics
+      to zero, so that it cannot time towards getting marked as Guard,
+      Stable, or HSDir. (We should have done this for proposal 109.) Fixes
+      bug 8147.
+
+  o Major bugfixes:
+    - When a TLS write is partially successful but incomplete, remember
+      that the flushed part has been flushed, and notice that bytes were
+      actually written. Reported and fixed pseudonymously. Fixes bug
+      7708; bugfix on Tor 0.1.0.5-rc.
+    - Reject bogus create and relay cells with 0 circuit ID or 0 stream
+      ID: these could be used to create unexpected streams and circuits
+      which would count as "present" to some parts of Tor but "absent"
+      to others, leading to zombie circuits and streams or to a bandwidth
+      denial-of-service. Fixes bug 7889; bugfix on every released version
+      of Tor. Reported by "oftc_must_be_destroyed".
+    - Rename all macros in our local copy of queue.h to begin with "TOR_".
+      This change seems the only good way to permanently prevent conflicts
+      with queue.h on various operating systems. Fixes bug 8107; bugfix
+      on 0.2.4.6-alpha.
+
+  o Major features (relay):
+    - Instead of limiting the number of queued onionskins (aka circuit
+      create requests) to a fixed, hard-to-configure number, we limit
+      the size of the queue based on how many we expect to be able to
+      process in a given amount of time. We estimate the time it will
+      take to process an onionskin based on average processing time
+      of previous onionskins. Closes ticket 7291. You'll never have to
+      configure MaxOnionsPending again.
+
+  o Major features (portability):
+    - Resume building correctly with MSVC and Makefile.nmake. This patch
+      resolves numerous bugs and fixes reported by ultramage, including
+      7305, 7308, 7309, 7310, 7312, 7313, 7315, 7316, and 7669.
+    - Make the ntor and curve25519 code build correctly with MSVC.
+      Fix on 0.2.4.8-alpha.
+
+  o Minor features:
+    - When directory authorities are computing thresholds for flags,
+      never let the threshold for the Fast flag fall below 4096
+      bytes. Also, do not consider nodes with extremely low bandwidths
+      when deciding thresholds for various directory flags. This change
+      should raise our threshold for Fast relays, possibly in turn
+      improving overall network performance; see ticket 1854. Resolves
+      ticket 8145.
+    - The Tor client now ignores sub-domain components of a .onion
+      address. This change makes HTTP "virtual" hosting
+      possible: http://foo.aaaaaaaaaaaaaaaa.onion/ and
+      http://bar.aaaaaaaaaaaaaaaa.onion/ can be two different websites
+      hosted on the same hidden service. Implements proposal 204.
+    - We compute the overhead from passing onionskins back and forth to
+      cpuworkers, and report it when dumping statistics in response to
+      SIGUSR1. Supports ticket 7291.
+
+  o Minor features (path selection):
+    - When deciding whether we have enough descriptors to build circuits,
+      instead of looking at raw relay counts, look at which fraction
+      of (bandwidth-weighted) paths we're able to build. This approach
+      keeps clients from building circuits if their paths are likely to
+      stand out statistically. The default fraction of paths needed is
+      taken from the consensus directory; you can override it with the
+      new PathsNeededToBuildCircuits option. Fixes ticket 5956.
+    - When any country code is listed in ExcludeNodes or ExcludeExitNodes,
+      and we have GeoIP information, also exclude all nodes with unknown
+      countries "??" and "A1". This behavior is controlled by the
+      new GeoIPExcludeUnknown option: you can make such nodes always
+      excluded with "GeoIPExcludeUnknown 1", and disable the feature
+      with "GeoIPExcludeUnknown 0". Setting "GeoIPExcludeUnknown auto"
+      gets you the default behavior. Implements feature 7706.
+    - Path Use Bias: Perform separate accounting for successful circuit
+      use. Keep separate statistics on stream attempt rates versus stream
+      success rates for each guard. Provide configurable thresholds to
+      determine when to emit log messages or disable use of guards that
+      fail too many stream attempts. Resolves ticket 7802.
+
+  o Minor features (log messages):
+    - When learning a fingerprint for a bridge, log its corresponding
+      transport type. Implements ticket 7896.
+    - Improve the log message when "Bug/attack: unexpected sendme cell
+      from client" occurs, to help us track bug 8093.
+
+  o Minor bugfixes:
+    - Remove a couple of extraneous semicolons that were upsetting the
+      cparser library. Patch by Christian Grothoff. Fixes bug 7115;
+      bugfix on 0.2.2.1-alpha.
+    - Remove a source of rounding error during path bias count scaling;
+      don't count cannibalized circuits as used for path bias until we
+      actually try to use them; and fix a circuit_package_relay_cell()
+      warning message about n_chan==NULL. Fixes bug 7802.
+    - Detect nacl when its headers are in a nacl/ subdirectory. Also,
+      actually link against nacl when we're configured to use it. Fixes
+      bug 7972; bugfix on 0.2.4.8-alpha.
+    - Compile correctly with the --disable-curve25519 option. Fixes
+      bug 8153; bugfix on 0.2.4.8-alpha.
+
+  o Build improvements:
+    - Do not report status verbosely from autogen.sh unless the -v flag
+      is specified. Fixes issue 4664. Patch from Onizuka.
+    - Replace all calls to snprintf() outside of src/ext with
+      tor_snprintf(). Also remove the #define to replace snprintf with
+      _snprintf on Windows; they have different semantics, and all of
+      our callers should be using tor_snprintf() anyway. Fixes bug 7304.
+    - Try to detect if we are ever building on a platform where
+      memset(...,0,...) does not set the value of a double to 0.0. Such
+      platforms are permitted by the C standard, though in practice
+      they're pretty rare (since IEEE 754 is nigh-ubiquitous). We don't
+      currently support them, but it's better to detect them and fail
+      than to perform erroneously.
+
+  o Removed features:
+    - Stop exporting estimates of v2 and v3 directory traffic shares
+      in extrainfo documents. They were unneeded and sometimes inaccurate.
+      Also stop exporting any v2 directory request statistics. Resolves
+      ticket 5823.
+    - Drop support for detecting and warning about versions of Libevent
+      before 1.3e. Nothing reasonable ships with them any longer;
+      warning the user about them shouldn't be needed. Resolves ticket
+      6826.
+
+  o Code simplifications and refactoring:
+    - Rename "isin" functions to "contains", for grammar. Resolves
+      ticket 5285.
+    - Rename Tor's logging function log() to tor_log(), to avoid conflicts
+      with the natural logarithm function from the system libm. Resolves
+      ticket 7599.
+
+
+Changes in version 0.2.4.9-alpha - 2013-01-15
+  Tor 0.2.4.9-alpha provides a quick fix to make the new ntor handshake
+  work more robustly.
+
+  o Major bugfixes:
+    - Fix backward compatibility logic when receiving an embedded ntor
+      handshake tunneled in a CREATE cell. This clears up the "Bug:
+      couldn't format CREATED cell" warning. Fixes bug 7959; bugfix
+      on 0.2.4.8-alpha.
+
+
+Changes in version 0.2.4.8-alpha - 2013-01-14
+  Tor 0.2.4.8-alpha introduces directory guards to reduce user enumeration
+  risks, adds a new stronger and faster circuit handshake, and offers
+  stronger and faster link encryption when both sides support it.
+
+  o Major features:
+    - Preliminary support for directory guards (proposal 207): when
+      possible, clients now use their entry guards for non-anonymous
+      directory requests. This can help prevent client enumeration. Note
+      that this behavior only works when we have a usable consensus
+      directory, and when options about what to download are more or less
+      standard. In the future we should re-bootstrap from our guards,
+      rather than re-bootstrapping from the preconfigured list of
+      directory sources that ships with Tor. Resolves ticket 6526.
+    - Tor relays and clients now support a better CREATE/EXTEND cell
+      format, allowing the sender to specify multiple address, identity,
+      and handshake types. Implements Robert Ransom's proposal 200;
+      closes ticket 7199.
+
+  o Major features (new circuit handshake):
+    - Tor now supports a new circuit extension handshake designed by Ian
+      Goldberg, Douglas Stebila, and Berkant Ustaoglu. Our original
+      circuit extension handshake, later called "TAP", was a bit slow
+      (especially on the relay side), had a fragile security proof, and
+      used weaker keys than we'd now prefer. The new circuit handshake
+      uses Dan Bernstein's "curve25519" elliptic-curve Diffie-Hellman
+      function, making it significantly more secure than the older
+      handshake, and significantly faster. Tor can use one of two built-in
+      pure-C curve25519-donna implementations by Adam Langley, or it
+      can link against the "nacl" library for a tuned version if present.
+
+      The built-in version is very fast for 64-bit systems when building
+      with GCC. The built-in 32-bit version is still faster than the
+      old TAP protocol, but using libnacl is better on most such hosts.
+
+      Clients don't currently use this protocol by default, since
+      comparatively few clients support it so far. To try it, set
+      UseNTorHandshake to 1.
+
+      Implements proposal 216; closes ticket 7202.
+
+  o Major features (better link encryption):
+    - Relays can now enable the ECDHE TLS ciphersuites when available
+      and appropriate. These ciphersuites let us negotiate forward-secure
+      TLS secret keys more safely and more efficiently than with our
+      previous use of Diffie-Hellman modulo a 1024-bit prime. By default,
+      public relays prefer the (faster) P224 group, and bridges prefer
+      the (more common) P256 group; you can override this with the
+      TLSECGroup option.
+
+      Enabling these ciphers was a little tricky, since for a long time,
+      clients had been claiming to support them without actually doing
+      so, in order to foil fingerprinting. But with the client-side
+      implementation of proposal 198 in 0.2.3.17-beta, clients can now
+      match the ciphers from recent Firefox versions *and* list the
+      ciphers they actually mean, so relays can believe such clients
+      when they advertise ECDHE support in their TLS ClientHello messages.
+
+      This feature requires clients running 0.2.3.17-beta or later,
+      and requires both sides to be running OpenSSL 1.0.0 or later
+      with ECC support. OpenSSL 1.0.1, with the compile-time option
+      "enable-ec_nistp_64_gcc_128", is highly recommended.
+
+      Implements the relay side of proposal 198; closes ticket 7200.
+
+  o Major bugfixes:
+    - Avoid crashing when, as a relay without IPv6-exit support, a
+      client insists on getting an IPv6 address or nothing. Fixes bug
+      7814; bugfix on 0.2.4.7-alpha.
+
+  o Minor features:
+    - Improve circuit build timeout handling for hidden services.
+      In particular: adjust build timeouts more accurately depending
+      upon the number of hop-RTTs that a particular circuit type
+      undergoes. Additionally, launch intro circuits in parallel
+      if they timeout, and take the first one to reply as valid.
+    - Work correctly on Unix systems where EAGAIN and EWOULDBLOCK are
+      separate error codes; or at least, don't break for that reason.
+      Fixes bug 7935. Reported by "oftc_must_be_destroyed".
+    - Update to the January 2 2013 Maxmind GeoLite Country database.
+
+  o Minor features (testing):
+    - Add benchmarks for DH (1024-bit multiplicative group) and ECDH
+      (P-256) Diffie-Hellman handshakes to src/or/bench.
+    - Add benchmark functions to test onion handshake performance.
+
+  o Minor features (path bias detection):
+    - Alter the Path Bias log messages to be more descriptive in terms
+      of reporting timeouts and other statistics.
+    - Create three levels of Path Bias log messages, as opposed to just
+      two. These are configurable via consensus as well as via the torrc
+      options PathBiasNoticeRate, PathBiasWarnRate, PathBiasExtremeRate.
+      The default values are 0.70, 0.50, and 0.30 respectively.
+    - Separate the log message levels from the decision to drop guards,
+      which also is available via torrc option PathBiasDropGuards.
+      PathBiasDropGuards still defaults to 0 (off).
+    - Deprecate PathBiasDisableRate in favor of PathBiasDropGuards
+      in combination with PathBiasExtremeRate.
+    - Increase the default values for PathBiasScaleThreshold and
+      PathBiasCircThreshold from (200, 20) to (300, 150).
+    - Add in circuit usage accounting to path bias. If we try to use a
+      built circuit but fail for any reason, it counts as path bias.
+      Certain classes of circuits where the adversary gets to pick your
+      destination node are exempt from this accounting. Usage accounting
+      can be specifically disabled via consensus parameter or torrc.
+    - Convert all internal path bias state to double-precision floating
+      point, to avoid roundoff error and other issues.
+    - Only record path bias information for circuits that have completed
+      *two* hops. Assuming end-to-end tagging is the attack vector, this
+      makes us more resilient to ambient circuit failure without any
+      detection capability loss.
+
+  o Minor bugfixes (log messages):
+    - Rate-limit the "No circuits are opened. Relaxed timeout for a
+      circuit with channel state open..." message to once per hour to
+      keep it from filling the notice logs. Mitigates bug 7799 but does
+      not fix the underlying cause. Bugfix on 0.2.4.7-alpha.
+    - Avoid spurious warnings when configuring multiple client ports of
+      which only some are nonlocal. Previously, we had claimed that some
+      were nonlocal when in fact they weren't. Fixes bug 7836; bugfix on
+      0.2.3.3-alpha.
+
+  o Code simplifications and refactoring:
+    - Get rid of a couple of harmless clang warnings, where we compared
+      enums to ints. These warnings are newly introduced in clang 3.2.
+    - Split the onion.c file into separate modules for the onion queue
+      and the different handshakes it supports.
+    - Remove the marshalling/unmarshalling code for sending requests to
+      cpuworkers over a socket, and instead just send structs. The
+      recipient will always be the same Tor binary as the sender, so
+      any encoding is overkill.
+
+
+Changes in version 0.2.4.7-alpha - 2012-12-24
+  Tor 0.2.4.7-alpha introduces a new approach to providing fallback
+  directory mirrors for more robust bootstrapping; fixes more issues where
+  clients with changing network conditions refuse to make any circuits;
+  adds initial support for exiting to IPv6 addresses; resumes being able
+  to update our GeoIP database, and includes the geoip6 file this time;
+  turns off the client-side DNS cache by default due to privacy risks;
+  and fixes a variety of other issues.
+
+  o Major features (client resilience):
+    - Add a new "FallbackDir" torrc option to use when we can't use
+      a directory mirror from the consensus (either because we lack a
+      consensus, or because they're all down). Currently, all authorities
+      are fallbacks by default, and there are no other default fallbacks,
+      but that will change. This option will allow us to give clients a
+      longer list of servers to try to get a consensus from when first
+      connecting to the Tor network, and thereby reduce load on the
+      directory authorities. Implements proposal 206, "Preconfigured
+      directory sources for bootstrapping". We also removed the old
+      "FallbackNetworkstatus" option, since we never got it working well
+      enough to use it. Closes bug 572.
+    - If we have no circuits open, use a relaxed timeout (the
+      95-percentile cutoff) until a circuit succeeds. This heuristic
+      should allow Tor to succeed at building circuits even when the
+      network connection drastically changes. Should help with bug 3443.
+
+  o Major features (IPv6):
+    - Relays can now exit to IPv6 addresses: make sure that you have IPv6
+      connectivity, then set the IPv6Exit flag to 1. Also make sure your
+      exit policy reads as you would like: the address * applies to all
+      address families, whereas *4 is IPv4 address only, and *6 is IPv6
+      addresses only. On the client side, you'll need to wait until the
+      authorities have upgraded, wait for enough exits to support IPv6,
+      apply the "IPv6Traffic" flag to a SocksPort, and use Socks5. Closes
+      ticket 5547, implements proposal 117 as revised in proposal 208.
+
+      We DO NOT recommend that clients with actual anonymity needs start
+      using IPv6 over Tor yet, since not enough exits support it yet.
+
+  o Major features (geoip database):
+    - Maxmind began labelling Tor relays as being in country "A1",
+      which breaks by-country node selection inside Tor. Now we use a
+      script to replace "A1" ("Anonymous Proxy") entries in our geoip
+      file with real country codes. This script fixes about 90% of "A1"
+      entries automatically and uses manual country code assignments to
+      fix the remaining 10%. See src/config/README.geoip for details.
+      Fixes bug 6266. Also update to the December 5 2012 Maxmind GeoLite
+      Country database, as modified above.
+
+  o Major bugfixes (client-side DNS):
+    - Turn off the client-side DNS cache by default. Updating and using
+      the DNS cache is now configurable on a per-client-port
+      level. SOCKSPort, DNSPort, etc lines may now contain
+      {No,}Cache{IPv4,IPv6,}DNS lines to indicate that we shouldn't
+      cache these types of DNS answers when we receive them from an
+      exit node in response to an application request on this port, and
+      {No,}UseCached{IPv4,IPv6,DNS} lines to indicate that if we have
+      cached DNS answers of these types, we shouldn't use them. It's
+      potentially risky to use cached DNS answers at the client, since
+      doing so can indicate to one exit what answers we've gotten
+      for DNS lookups in the past. With IPv6, this becomes especially
+      problematic. Using cached DNS answers for requests on the same
+      circuit would present less linkability risk, since all traffic
+      on a circuit is already linkable, but it would also provide
+      little performance benefit: the exit node caches DNS replies
+      too. Implements a simplified version of Proposal 205. Implements
+      ticket 7570.
+
+  o Major bugfixes (other):
+    - Alter circuit build timeout measurement to start at the point
+      where we begin the CREATE/CREATE_FAST step (as opposed to circuit
+      initialization). This should make our timeout measurements more
+      uniform. Previously, we were sometimes including ORconn setup time
+      in our circuit build time measurements. Should resolve bug 3443.
+    - Fix an assertion that could trigger in hibernate_go_dormant() when
+      closing an or_connection_t: call channel_mark_for_close() rather
+      than connection_mark_for_close(). Fixes bug 7267. Bugfix on
+      0.2.4.4-alpha.
+    - Include the geoip6 IPv6 GeoIP database in the tarball. Fixes bug
+      7655; bugfix on 0.2.4.6-alpha.
+
+  o Minor features:
+    - Add a new torrc option "ServerTransportListenAddr" to let bridge
+      operators select the address where their pluggable transports will
+      listen for connections. Resolves ticket 7013.
+    - Allow an optional $ before the node identity digest in the
+      controller command GETINFO ns/id/, for consistency with
+      md/id/ and desc/id/. Resolves ticket 7059.
+    - Log packaged cell fullness as part of the heartbeat message.
+      Diagnosis to try to determine the extent of bug 7743.
+
+  o Minor features (IPv6):
+    - AutomapHostsOnResolve now supports IPv6 addresses. By default, we
+      prefer to hand out virtual IPv6 addresses, since there are more of
+      them and we can't run out. To override this behavior and make IPv4
+      addresses preferred, set NoPreferIPv6Automap on whatever SOCKSPort
+      or DNSPort you're using for resolving. Implements ticket 7571.
+    - AutomapHostsOnResolve responses are now randomized, to avoid
+      annoying situations where Tor is restarted and applications
+      connect to the wrong addresses.
+    - Never try more than 1000 times to pick a new virtual address when
+      AutomapHostsOnResolve is set. That's good enough so long as we
+      aren't close to handing out our entire virtual address space;
+      if you're getting there, it's best to switch to IPv6 virtual
+      addresses anyway.
+
+  o Minor bugfixes:
+    - The ADDRMAP command can no longer generate an ill-formed error
+      code on a failed MAPADDRESS. It now says "internal" rather than
+      an English sentence fragment with spaces in the middle. Bugfix on
+      Tor 0.2.0.19-alpha.
+    - Fix log messages and comments to avoid saying "GMT" when we mean
+      "UTC". Fixes bug 6113.
+    - Compile on win64 using mingw64. Fixes bug 7260; patches from
+      "yayooo".
+    - Fix a crash when debugging unit tests on Windows: deallocate a
+      shared library with FreeLibrary, not CloseHandle. Fixes bug 7306;
+      bugfix on 0.2.2.17-alpha. Reported by "ultramage".
+
+  o Renamed options:
+    - The DirServer option is now DirAuthority, for consistency with
+      current naming patterns. You can still use the old DirServer form.
+
+  o Code simplification and refactoring:
+    - Move the client-side address-map/virtual-address/DNS-cache code
+      out of connection_edge.c into a new addressmap.c module.
+    - Remove unused code for parsing v1 directories and "running routers"
+      documents. Fixes bug 6887.
+
+
+Changes in version 0.2.3.25 - 2012-11-19
+  The Tor 0.2.3 release series is dedicated to the memory of Len "rabbi"
+  Sassaman (1980-2011), a long-time cypherpunk, anonymity researcher,
+  Mixmaster maintainer, Pynchon Gate co-designer, CodeCon organizer,
+  programmer, and friend. Unstinting in his dedication to the cause of
+  freedom, he inspired and helped many of us as we began our work on
+  anonymity, and inspires us still. Please honor his memory by writing
+  software to protect people's freedoms, and by helping others to do so.
+
+  Tor 0.2.3.25, the first stable release in the 0.2.3 branch, features
+  significantly reduced directory overhead (via microdescriptors),
+  enormous crypto performance improvements for fast relays on new
+  enough hardware, a new v3 TLS handshake protocol that can better
+  resist fingerprinting, support for protocol obfuscation plugins (aka
+  pluggable transports), better scalability for hidden services, IPv6
+  support for bridges, performance improvements like allowing clients
+  to skip the first round-trip on the circuit ("optimistic data") and
+  refilling token buckets more often, a new "stream isolation" design
+  to isolate different applications on different circuits, and many
+  stability, security, and privacy fixes.
+
+  o Major bugfixes:
+    - Tor tries to wipe potentially sensitive data after using it, so
+      that if some subsequent security failure exposes Tor's memory,
+      the damage will be limited. But we had a bug where the compiler
+      was eliminating these wipe operations when it decided that the
+      memory was no longer visible to a (correctly running) program,
+      hence defeating our attempt at defense in depth. We fix that
+      by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
+      is unlikely to optimize away. Future versions of Tor may use
+      a less ridiculously heavy approach for this. Fixes bug 7352.
+      Reported in an article by Andrey Karpov.
+
+  o Minor bugfixes:
+    - Fix a harmless bug when opting against publishing a relay descriptor
+      because DisableNetwork is set. Fixes bug 7464; bugfix on
+      0.2.3.9-alpha.
+
+
+Changes in version 0.2.4.6-alpha - 2012-11-13
+  Tor 0.2.4.6-alpha fixes an assert bug that has been plaguing relays,
+  makes our defense-in-depth memory wiping more reliable, and begins to
+  count IPv6 addresses in bridge statistics,
+
+  o Major bugfixes:
+    - Fix an assertion failure that could occur when closing a connection
+      with a spliced rendezvous circuit. Fix for bug 7212; bugfix on
+      Tor 0.2.4.4-alpha.
+    - Tor tries to wipe potentially sensitive data after using it, so
+      that if some subsequent security failure exposes Tor's memory,
+      the damage will be limited. But we had a bug where the compiler
+      was eliminating these wipe operations when it decided that the
+      memory was no longer visible to a (correctly running) program,
+      hence defeating our attempt at defense in depth. We fix that
+      by using OpenSSL's OPENSSL_cleanse() operation, which a compiler
+      is unlikely to optimize away. Future versions of Tor may use
+      a less ridiculously heavy approach for this. Fixes bug 7352.
+      Reported in an article by Andrey Karpov.
+
+  o Minor features:
+    - Add GeoIP database for IPv6 addresses. The new config option
+      is GeoIPv6File.
+    - Bridge statistics now count bridge clients connecting over IPv6:
+      bridge statistics files now list "bridge-ip-versions" and
+      extra-info documents list "geoip6-db-digest". The control protocol
+      "CLIENTS_SEEN" and "ip-to-country" queries now support IPv6. Initial
+      implementation by "shkoo", addressing ticket 5055.
+
+  o Minor bugfixes:
+    - Warn when we are binding low ports when hibernation is enabled;
+      previously we had warned when we were _advertising_ low ports with
+      hibernation enabled. Fixes bug 7285; bugfix on 0.2.3.9-alpha.
+    - Fix a harmless bug when opting against publishing a relay descriptor
+      because DisableNetwork is set. Fixes bug 7464; bugfix on
+      0.2.3.9-alpha.
+    - Add warning message when a managed proxy dies during configuration.
+      Fixes bug 7195; bugfix on 0.2.4.2-alpha.
+    - Fix a linking error when building tor-fw-helper without miniupnp.
+      Fixes bug 7235; bugfix on 0.2.4.2-alpha. Fix by Anthony G. Basile.
+    - Check for closing an or_connection_t without going through correct
+      channel functions; emit a warning and then call
+      connection_or_close_for_error() so we don't assert as in bugs 7212
+      and 7267.
+    - Compile correctly on compilers without C99 designated initializer
+      support. Fixes bug 7286; bugfix on 0.2.4.4-alpha.
+    - Avoid a possible assert that can occur when channel_send_destroy() is
+      called on a channel in CHANNEL_STATE_CLOSING, CHANNEL_STATE_CLOSED,
+      or CHANNEL_STATE_ERROR when the Tor process is resumed after being
+      blocked for a long interval. Fixes bug 7350; bugfix on 0.2.4.4-alpha.
+    - Fix a memory leak on failing cases of channel_tls_process_certs_cell.
+      Fixes bug 7422; bugfix on 0.2.4.4-alpha.
+
+  o Code simplification and refactoring:
+    - Start using OpenBSD's implementation of queue.h, so that we don't
+      need to hand-roll our own pointer and list structures whenever we
+      need them. (We can't rely on a sys/queue.h, since some operating
+      systems don't have them, and the ones that do have them don't all
+      present the same extensions.)
+
+
+Changes in version 0.2.4.5-alpha - 2012-10-25
+  Tor 0.2.4.5-alpha comes hard at the heels of 0.2.4.4-alpha, to fix
+  two important security vulnerabilities that could lead to remotely
+  triggerable relay crashes, fix a major bug that was preventing clients
+  from choosing suitable exit nodes, and refactor some of our code.
+
+  o Major bugfixes (security, also in 0.2.3.24-rc):
+    - Fix a group of remotely triggerable assertion failures related to
+      incorrect link protocol negotiation. Found, diagnosed, and fixed
+      by "some guy from France". Fix for CVE-2012-2250; bugfix on
+      0.2.3.6-alpha.
+    - Fix a denial of service attack by which any directory authority
+      could crash all the others, or by which a single v2 directory
+      authority could crash everybody downloading v2 directory
+      information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (also in 0.2.3.24-rc):
+    - When parsing exit policy summaries from microdescriptors, we had
+      previously been ignoring the last character in each one, so that
+      "accept 80,443,8080" would be treated by clients as indicating
+      a node that allows access to ports 80, 443, and 808. That would
+      lead to clients attempting connections that could never work,
+      and ignoring exit nodes that would support their connections. Now
+      clients parse these exit policy summaries correctly. Fixes bug 7192;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (also in 0.2.3.24-rc):
+    - Clients now consider the ClientRejectInternalAddresses config option
+      when using a microdescriptor consensus stanza to decide whether
+      an exit relay would allow exiting to an internal address. Fixes
+      bug 7190; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes:
+    - Only disable TLS session ticket support when running as a TLS
+      server. Now clients will blend better with regular Firefox
+      connections. Fixes bug 7189; bugfix on Tor 0.2.3.23-rc.
+
+  o Code simplification and refactoring:
+    - Start using OpenBSD's implementation of queue.h (originally by
+      Niels Provos).
+    - Move the entry node code from circuitbuild.c to its own file.
+    - Move the circuit build timeout tracking code from circuitbuild.c
+      to its own file.
+
+
+Changes in version 0.2.3.24-rc - 2012-10-25
+  Tor 0.2.3.24-rc fixes two important security vulnerabilities that
+  could lead to remotely triggerable relay crashes, and fixes
+  a major bug that was preventing clients from choosing suitable exit
+  nodes.
+
+  o Major bugfixes (security):
+    - Fix a group of remotely triggerable assertion failures related to
+      incorrect link protocol negotiation. Found, diagnosed, and fixed
+      by "some guy from France". Fix for CVE-2012-2250; bugfix on
+      0.2.3.6-alpha.
+    - Fix a denial of service attack by which any directory authority
+      could crash all the others, or by which a single v2 directory
+      authority could crash everybody downloading v2 directory
+      information. Fixes bug 7191; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes:
+    - When parsing exit policy summaries from microdescriptors, we had
+      previously been ignoring the last character in each one, so that
+      "accept 80,443,8080" would be treated by clients as indicating
+      a node that allows access to ports 80, 443, and 808. That would
+      lead to clients attempting connections that could never work,
+      and ignoring exit nodes that would support their connections. Now
+      clients parse these exit policy summaries correctly. Fixes bug 7192;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes:
+    - Clients now consider the ClientRejectInternalAddresses config option
+      when using a microdescriptor consensus stanza to decide whether
+      an exit relay would allow exiting to an internal address. Fixes
+      bug 7190; bugfix on 0.2.3.1-alpha.
+
+
+Changes in version 0.2.4.4-alpha - 2012-10-20
+  Tor 0.2.4.4-alpha adds a new v3 directory authority, fixes a privacy
+  vulnerability introduced by a change in OpenSSL, fixes a remotely
+  triggerable assert, and adds new channel_t and circuitmux_t abstractions
+  that will make it easier to test new connection transport and cell
+  scheduling algorithms.
+
+  o New directory authorities (also in 0.2.3.23-rc):
+    - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
+      authority. Closes ticket 5749.
+
+  o Major bugfixes (security/privacy, also in 0.2.3.23-rc):
+    - Disable TLS session tickets. OpenSSL's implementation was giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection
+      was closed. Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by Florent Daignière.
+    - Discard extraneous renegotiation attempts once the V3 link
+      protocol has been initiated. Failure to do so left us open to
+      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
+
+  o Internal abstraction features:
+    - Introduce new channel_t abstraction between circuits and
+      or_connection_t to allow for implementing alternate OR-to-OR
+      transports. A channel_t is an abstract object which can either be a
+      cell-bearing channel, which is responsible for authenticating and
+      handshaking with the remote OR and transmitting cells to and from
+      it, or a listening channel, which spawns new cell-bearing channels
+      at the request of remote ORs. Implements part of ticket 6465.
+    - Also new is the channel_tls_t subclass of channel_t, adapting it
+      to the existing or_connection_t code. The V2/V3 protocol handshaking
+      code which formerly resided in command.c has been moved below the
+      channel_t abstraction layer and may be found in channeltls.c now.
+      Implements the rest of ticket 6465.
+    - Introduce new circuitmux_t storing the queue of circuits for
+      a channel; this encapsulates and abstracts the queue logic and
+      circuit selection policy, and allows the latter to be overridden
+      easily by switching out a policy object. The existing EWMA behavior
+      is now implemented as a circuitmux_policy_t. Resolves ticket 6816.
+
+  o Required libraries:
+    - Tor now requires OpenSSL 0.9.8 or later. OpenSSL 1.0.0 or later is
+      strongly recommended.
+
+  o Minor features:
+    - Warn users who run hidden services on a Tor client with
+      UseEntryGuards disabled that their hidden services will be
+      vulnerable to http://freehaven.net/anonbib/#hs-attack06 (the
+      attack which motivated Tor to support entry guards in the first
+      place). Resolves ticket 6889.
+    - Tor now builds correctly on Bitrig, an OpenBSD fork. Patch from
+      dhill. Resolves ticket 6982.
+    - Option OutboundBindAddress can be specified multiple times and
+      accepts IPv6 addresses. Resolves ticket 6876.
+
+  o Minor bugfixes (also in 0.2.3.23-rc):
+    - Don't serve or accept v2 hidden service descriptors over a
+      relay's DirPort. It's never correct to do so, and disabling it
+      might make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
+    - Fix two cases in src/or/transports.c where we were calling
+      fmt_addr() twice in a parameter list. Bug found by David
+      Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
+    - Fix memory leaks whenever we logged any message about the "path
+      bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
+    - When relays refuse a "create" cell because their queue of pending
+      create cells is too big (typically because their cpu can't keep up
+      with the arrival rate), send back reason "resource limit" rather
+      than reason "internal", so network measurement scripts can get a
+      more accurate picture. Fixes bug 7037; bugfix on 0.1.1.11-alpha.
+
+  o Minor bugfixes:
+    - Command-line option "--version" implies "--quiet". Fixes bug 6997.
+    - Free some more still-in-use memory at exit, to make hunting for
+      memory leaks easier. Resolves bug 7029.
+    - When a Tor client gets a "truncated" relay cell, the first byte of
+      its payload specifies why the circuit was truncated. We were
+      ignoring this 'reason' byte when tearing down the circuit, resulting
+      in the controller not being told why the circuit closed. Now we
+      pass the reason from the truncated cell to the controller. Bugfix
+      on 0.1.2.3-alpha; fixes bug 7039.
+    - Downgrade "Failed to hand off onionskin" messages to "debug"
+      severity, since they're typically redundant with the "Your computer
+      is too slow" messages. Fixes bug 7038; bugfix on 0.2.2.16-alpha.
+    - Make clients running with IPv6 bridges connect over IPv6 again,
+      even without setting new config options ClientUseIPv6 and
+      ClientPreferIPv6ORPort. Fixes bug 6757; bugfix on 0.2.4.1-alpha.
+    - Use square brackets around IPv6 addresses in numerous places
+      that needed them, including log messages, HTTPS CONNECT proxy
+      requests, TransportProxy statefile entries, and pluggable transport
+      extra-info lines. Fixes bug 7011; patch by David Fifield.
+
+  o Code refactoring and cleanup:
+    - Source files taken from other packages now reside in src/ext;
+      previously they were scattered around the rest of Tor.
+    - Avoid use of reserved identifiers in our C code. The C standard
+      doesn't like us declaring anything that starts with an
+      underscore, so let's knock it off before we get in trouble. Fix
+      for bug 1031; bugfix on the first Tor commit.
+
+
+Changes in version 0.2.3.23-rc - 2012-10-20
+  Tor 0.2.3.23-rc adds a new v3 directory authority, fixes a privacy
+  vulnerability introduced by a change in OpenSSL, and fixes a variety
+  of smaller bugs in preparation for the release.
+
+  o New directory authorities:
+    - Add Faravahar (run by Sina Rabbani) as the ninth v3 directory
+      authority. Closes ticket 5749.
+
+  o Major bugfixes (security/privacy):
+    - Disable TLS session tickets. OpenSSL's implementation was giving
+      our TLS session keys the lifetime of our TLS context objects, when
+      perfect forward secrecy would want us to discard anything that
+      could decrypt a link connection as soon as the link connection
+      was closed. Fixes bug 7139; bugfix on all versions of Tor linked
+      against OpenSSL 1.0.0 or later. Found by Florent Daignière.
+    - Discard extraneous renegotiation attempts once the V3 link
+      protocol has been initiated. Failure to do so left us open to
+      a remotely triggerable assertion failure. Fixes CVE-2012-2249;
+      bugfix on 0.2.3.6-alpha. Reported by "some guy from France".
+
+  o Major bugfixes:
+    - Fix a possible crash bug when checking for deactivated circuits
+      in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
+      bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
+
+  o Minor bugfixes (on 0.2.3.x):
+    - Fix two cases in src/or/transports.c where we were calling
+      fmt_addr() twice in a parameter list. Bug found by David
+      Fifield. Fixes bug 7014; bugfix on 0.2.3.9-alpha.
+    - Convert an assert in the pathbias code to a log message. The assert
+      appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
+      bugfix on 0.2.3.17-beta.
+    - Fix memory leaks whenever we logged any message about the "path
+      bias" detection. Fixes bug 7022; bugfix on 0.2.3.21-rc.
+
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - Don't serve or accept v2 hidden service descriptors over a relay's
+      DirPort. It's never correct to do so, and disabling it might
+      make it more annoying to exploit any bugs that turn up in the
+      descriptor-parsing code. Fixes bug 7149.
+    - When relays refuse a "create" cell because their queue of pending
+      create cells is too big (typically because their cpu can't keep up
+      with the arrival rate), send back reason "resource limit" rather
+      than reason "internal", so network measurement scripts can get a
+      more accurate picture. Bugfix on 0.1.1.11-alpha; fixes bug 7037.
+    - Correct file sizes when reading binary files on Cygwin, to avoid
+      a bug where Tor would fail to read its state file. Fixes bug 6844;
+      bugfix on 0.1.2.7-alpha.
+    - Avoid undefined behavior when parsing the list of supported
+      rendezvous/introduction protocols in a hidden service descriptor.
+      Previously, Tor would have confused (as-yet-unused) protocol version
+      numbers greater than 32 with lower ones on many platforms. Fixes
+      bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis.
+
+  o Documentation fixes:
+    - Clarify that hidden services are TCP only. Fixes bug 6024.
+
+
+Changes in version 0.2.4.3-alpha - 2012-09-22
+  Tor 0.2.4.3-alpha fixes another opportunity for a remotely triggerable
+  assertion, resumes letting relays test reachability of their DirPort,
+  and cleans up a bunch of smaller bugs.
+
+  o Security fixes:
+    - Fix an assertion failure in tor_timegm() that could be triggered
+      by a badly formatted directory object. Bug found by fuzzing with
+      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
+
+  o Major bugfixes:
+    - Fix a possible crash bug when checking for deactivated circuits
+      in connection_or_flush_from_first_active_circuit(). Fixes bug 6341;
+      bugfix on 0.2.2.7-alpha. Bug report and fix received pseudonymously.
+    - Allow routers to detect that their own DirPorts are running. When
+      we removed support for versions_supports_begindir, we also
+      accidentally removed the mechanism we used to self-test our
+      DirPort. Diagnosed with help from kargig. Fixes bugs 6814 and 6815;
+      bugfix on 0.2.4.2-alpha.
+
+  o Security features:
+    - Switch to a completely time-invariant approach for picking nodes
+      weighted by bandwidth. Our old approach would run through the
+      part of the loop after it had made its choice slightly slower
+      than it ran through the part of the loop before it had made its
+      choice. Addresses ticket 6538.
+    - Disable the use of Guard nodes when in Tor2WebMode. Guard usage
+      by tor2web clients allows hidden services to identify tor2web
+      clients through their repeated selection of the same rendezvous
+      and introduction point circuit endpoints (their guards). Resolves
+      ticket 6888.
+
+  o Minor features:
+    - Enable Tor to read configuration, state, and key information from
+      a FIFO. Previously Tor would only read from files with a positive
+      stat.st_size. Code from meejah; fixes bug 6044.
+
+  o Minor bugfixes:
+    - Correct file sizes when reading binary files on Cygwin, to avoid
+      a bug where Tor would fail to read its state file. Fixes bug 6844;
+      bugfix on 0.1.2.7-alpha.
+    - Correctly handle votes with more than 31 flags. Fixes bug 6853;
+      bugfix on 0.2.0.3-alpha.
+    - When complaining about a client port on a public address, log
+      which address we're complaining about. Fixes bug 4020; bugfix on
+      0.2.3.3-alpha. Patch by Tom Fitzhenry.
+    - Convert an assert in the pathbias code to a log message. The assert
+      appears to only be triggerable by Tor2Web mode. Fixes bug 6866;
+      bugfix on 0.2.3.17-beta.
+    - Our new buildsystem was overzealous about rebuilding manpages: it
+      would rebuild them all whenever any one of them changed. Now our
+      dependency checking should be correct. Fixes bug 6843; bugfix on
+      0.2.4.1-alpha.
+    - Don't do reachability testing over IPv6 unless AuthDirPublishIPv6
+      is set. Fixes bug 6880. Bugfix on 0.2.4.1-alpha.
+    - Correct log printout about which address family is preferred
+      when connecting to a bridge with both an IPv4 and IPv6 OR port.
+      Fixes bug 6884; bugfix on 0.2.4.1-alpha.
+
+  o Minor bugfixes (code cleanliness):
+    - Fix round_to_power_of_2() so it doesn't invoke undefined behavior
+      with large values. This situation was untriggered, but nevertheless
+      incorrect. Fixes bug 6831; bugfix on 0.2.0.1-alpha.
+    - Reject consensus votes with more than 64 known-flags. We aren't even
+      close to that limit yet, and our code doesn't handle it correctly.
+      Fixes bug 6833; bugfix on 0.2.0.1-alpha.
+    - Avoid undefined behavior when parsing the list of supported
+      rendezvous/introduction protocols in a hidden service descriptor.
+      Previously, Tor would have confused (as-yet-unused) protocol version
+      numbers greater than 32 with lower ones on many platforms. Fixes
+      bug 6827; bugfix on 0.2.0.10-alpha. Found by George Kadianakis.
+    - Fix handling of rendezvous client authorization types over 8.
+      Fixes bug 6861; bugfix on 0.2.1.5-alpha.
+    - Fix building with older versions of GCC (2.95, for one) that don't
+      like preprocessor directives inside macro arguments. Found by
+      grarpamp. Fixes bug 6842; bugfix on 0.2.4.2-alpha.
+    - Switch weighted node selection rule from using a list of doubles
+      to using a list of int64_t. This change should make the process
+      slightly easier to debug and maintain. Needed to finish ticket 6538.
+
+  o Code simplification and refactoring:
+    - Move the generic "config" code into a new file, and have "config.c"
+      hold only torrc- and state-related code. Resolves ticket 6823.
+    - Move the core of our "choose a weighted element at random" logic
+      into its own function, and give it unit tests. Now the logic is
+      testable, and a little less fragile too.
+    - Removed the testing_since field of node_t, which hasn't been used
+      for anything since 0.2.0.9-alpha.
+
+  o Documentation fixes:
+    - Clarify that hidden services are TCP only. Fixes bug 6024.
+    - Resolve a typo in torrc.sample.in. Fixes bug 6819; bugfix on
+      0.2.3.14-alpha.
+
+
+Changes in version 0.2.3.22-rc - 2012-09-11
+  Tor 0.2.3.22-rc fixes another opportunity for a remotely triggerable
+  assertion.
+
+  o Security fixes:
+    - Fix an assertion failure in tor_timegm() that could be triggered
+      by a badly formatted directory object. Bug found by fuzzing with
+      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
+
+  o Minor bugfixes:
+    - Avoid segfault when starting up having run with an extremely old
+      version of Tor and parsing its state file. Fixes bug 6801; bugfix
+      on 0.2.2.23-alpha.
+
+
+Changes in version 0.2.2.39 - 2012-09-11
+  Tor 0.2.2.39 fixes two more opportunities for remotely triggerable
+  assertions.
+
+  o Security fixes:
+    - Fix an assertion failure in tor_timegm() that could be triggered
+      by a badly formatted directory object. Bug found by fuzzing with
+      Radamsa. Fixes bug 6811; bugfix on 0.2.0.20-rc.
+    - Do not crash when comparing an address with port value 0 to an
+      address policy. This bug could have been used to cause a remote
+      assertion failure by or against directory authorities, or to
+      allow some applications to crash clients. Fixes bug 6690; bugfix
+      on 0.2.1.10-alpha.
+
+
+Changes in version 0.2.4.2-alpha - 2012-09-10
+  Tor 0.2.4.2-alpha enables port forwarding for pluggable transports,
+  raises the default rate limiting even more, and makes the bootstrapping
+  log messages less noisy.
+
+  o Major features:
+    - Automatically forward the TCP ports of pluggable transport
+      proxies using tor-fw-helper if PortForwarding is enabled. Implements
+      ticket 4567.
+
+  o Major bugfixes:
+    - Raise the default BandwidthRate/BandwidthBurst values from 5MB/10MB
+      to 1GB/1GB. The previous defaults were intended to be "basically
+      infinite", but it turns out they're now limiting our 100mbit+
+      relays and bridges. Fixes bug 6605; bugfix on 0.2.0.10-alpha (the
+      last time we raised it).
+
+  o Minor features:
+    - Detect when we're running with a version of OpenSSL other than the
+      one we compiled with. This has occasionally given people hard-to-
+      track-down errors.
+    - Log fewer lines at level "notice" about our OpenSSL and Libevent
+      versions and capabilities when everything is going right. Resolves
+      part of ticket 6736.
+    - Directory authorities no long accept descriptors for any version of
+      Tor before 0.2.2.35, or for any 0.2.3 release before 0.2.3.10-alpha.
+      These versions are insecure, unsupported, or both. Implements
+      ticket 6789.
+
+  o Minor bugfixes:
+    - Rename the (internal-use-only) UsingTestingNetworkDefaults option
+      to start with a triple-underscore so the controller won't touch it.
+      Patch by Meejah. Fixes bug 3155. Bugfix on 0.2.2.23-alpha.
+    - Avoid segfault when starting up having run with an extremely old
+      version of Tor and parsing its state file. Fixes bug 6801; bugfix
+      on 0.2.2.23-alpha.
+    - Rename the (testing-use-only) _UseFilteringSSLBufferevents option
+      so it doesn't start with _. Fixes bug 3155. Bugfix on 0.2.3.1-alpha.
+    - Don't follow the NULL pointer if microdescriptor generation fails.
+      (This does not appear to be triggerable, but it's best to be safe.)
+      Found by "f. tp.". Fixes bug 6797; bugfix on 0.2.4.1-alpha.
+    - Fix mis-declared dependencies on src/common/crypto.c and
+      src/or/tor_main.c that could break out-of-tree builds under some
+      circumstances. Fixes bug 6778; bugfix on 0.2.4.1-alpha.
+    - Avoid a warning when building common_sha1.i out of tree. Fixes bug
+      6778; bugfix on 0.2.4.1-alpha.
+    - Fix a harmless (in this case) build warning for implicitly
+      converting a strlen() to an int. Bugfix on 0.2.4.1-alpha.
+
+  o Removed features:
+    - Now that all versions before 0.2.2.x are disallowed, we no longer
+      need to work around their missing features. Thus we can remove a
+      bunch of compatibility code.
+
+  o Code refactoring:
+    - Tweak tor-fw-helper to accept an arbitrary amount of arbitrary
+      TCP ports to forward. In the past it only accepted two ports:
+      the ORPort and the DirPort.
+
+
+Changes in version 0.2.4.1-alpha - 2012-09-05
+  Tor 0.2.4.1-alpha lets bridges publish their pluggable transports to
+  bridgedb; lets relays use IPv6 addresses and directory authorities
+  advertise them; and switches to a cleaner build interface.
+
+  This is the first alpha release in a new series, so expect there to
+  be bugs. Users who would rather test out a more stable branch should
+  stay with 0.2.3.x for now.
+
+  o Major features (bridges):
+    - Bridges now report the pluggable transports they support to the
+      bridge authority, so it can pass the supported transports on to
+      bridgedb and/or eventually do reachability testing. Implements
+      ticket 3589.
+
+  o Major features (IPv6):
+    - Bridge authorities now accept IPv6 bridge addresses and include
+      them in network status documents. Implements ticket 5534.
+    - Clients who set "ClientUseIPv6 1" may connect to entry nodes over
+      IPv6. Set "ClientPreferIPv6ORPort 1" to make this even more likely
+      to happen. Implements ticket 5535.
+    - All kind of relays, not just bridges, can now advertise an IPv6
+      OR port. Implements ticket 6362.
+    - Directory authorities vote on IPv6 OR ports using the new consensus
+      method 14. Implements ticket 6363.
+
+  o Major features (build):
+    - Switch to a nonrecursive Makefile structure. Now instead of each
+      Makefile.am invoking other Makefile.am's, there is a master
+      Makefile.am that includes the others. This change makes our build
+      process slightly more maintainable, and improves parallelism for
+      building with make -j. Original patch by Stewart Smith; various
+      fixes by Jim Meyering.
+    - Where available, we now use automake's "silent" make rules by
+      default, so that warnings are easier to spot. You can get the old
+      behavior with "make V=1". Patch by Stewart Smith for ticket 6522.
+
+  o Minor features (code security and spec conformance):
+    - Clear keys and key-derived material left on the stack in
+      rendservice.c and rendclient.c. Check return value of
+      crypto_pk_write_private_key_to_string() in rend_service_load_keys().
+      These fixes should make us more forward-secure against cold-boot
+      attacks and the like. Fixes bug 2385.
+    - Reject EXTEND cells sent to nonexistent streams. According to the
+      spec, an EXTEND cell sent to _any_ nonzero stream ID is invalid, but
+      we were only checking for stream IDs that were currently in use.
+      Found while hunting for more instances of bug 6271. Bugfix on
+      0.0.2pre8, which introduced incremental circuit construction.
+
+  o Minor features (streamlining);
+    - No longer include the "opt" prefix when generating routerinfos
+      or v2 directories: it has been needless since Tor 0.1.2. Closes
+      ticket 5124.
+    - Remove some now-needless code that tried to aggressively flush
+      OR connections as data was added to them. Since 0.2.0.1-alpha, our
+      cell queue logic has saved us from the failure mode that this code
+      was supposed to prevent. Removing this code will limit the number
+      of baroque control flow paths through Tor's network logic. Reported
+      pseudonymously on IRC. Fixes bug 6468; bugfix on 0.2.0.1-alpha.
+
+  o Minor features (controller):
+    - Add a "GETINFO signal/names" control port command. Implements
+      ticket 3842.
+    - Provide default values for all options via "GETINFO config/defaults".
+      Implements ticket 4971.
+
+  o Minor features (IPv6):
+    - New config option "AuthDirHasIPv6Connectivity 1" that directory
+      authorities should set if they have IPv6 connectivity and want to
+      do reachability tests for IPv6 relays. Implements feature 5974.
+    - A relay with an IPv6 OR port now sends that address in NETINFO
+      cells (in addition to its other address). Implements ticket 6364.
+
+  o Minor features (log messages):
+    - Omit the first heartbeat log message, because it never has anything
+      useful to say, and it clutters up the bootstrapping messages.
+      Resolves ticket 6758.
+    - Don't log about reloading the microdescriptor cache at startup. Our
+      bootstrap warnings are supposed to tell the user when there's a
+      problem, and our bootstrap notices say when there isn't. Resolves
+      ticket 6759; bugfix on 0.2.2.6-alpha.
+    - Don't log "I learned some more directory information" when we're
+      reading cached directory information. Reserve it for when new
+      directory information arrives in response to a fetch. Resolves
+      ticket 6760.
+    - Prevent rounding error in path bias counts when scaling
+      them down, and use the correct scale factor default. Also demote
+      some path bias related log messages down a level and make others
+      less scary sounding. Fixes bug 6647. Bugfix against 0.2.3.17-beta.
+    - We no longer warn so much when generating manpages from their
+      asciidoc source.
+
+  o Code simplifications and refactoring:
+    - Enhance our internal sscanf replacement so that we can eliminate
+      the last remaining uses of the system sscanf. (Though those uses
+      of sscanf were safe, sscanf itself is generally error prone, so
+      we want to eliminate when we can.) Fixes ticket 4195 and Coverity
+      CID 448.
+    - Move ipv6_preferred from routerinfo_t to node_t. Addresses bug 4620.
+    - Move last_reachable and testing_since from routerinfo_t to node_t.
+      Implements ticket 5529.
+    - Add replaycache_t structure, functions and unit tests, then refactor
+      rend_service_introduce() to be more clear to read, improve, debug,
+      and test. Resolves bug 6177.
+    - Finally remove support for malloc_good_size and malloc_usable_size.
+      We had hoped that these functions would let us eke a little more
+      memory out of our malloc implementation. Unfortunately, the only
+      implementations that provided these functions are also ones that
+      are already efficient about not overallocation: they never got us
+      more than 7 or so bytes per allocation. Removing them saves us a
+      little code complexity and a nontrivial amount of build complexity.
+
+  o New requirements:
+    - Tor maintainers now require Automake version 1.9 or later to build
+      Tor from the Git repository. (Automake is not required when building
+      from a source distribution.)
+
+
+Changes in version 0.2.3.21-rc - 2012-09-05
+  Tor 0.2.3.21-rc is the fourth release candidate for the Tor 0.2.3.x
+  series. It fixes a trio of potential security bugs, fixes a bug where
+  we were leaving some of the fast relays out of the microdescriptor
+  consensus, resumes interpreting "ORPort 0" and "DirPort 0" correctly,
+  and cleans up other smaller issues.
+
+  o Major bugfixes (security):
+    - Tear down the circuit if we get an unexpected SENDME cell. Clients
+      could use this trick to make their circuits receive cells faster
+      than our flow control would have allowed, or to gum up the network,
+      or possibly to do targeted memory denial-of-service attacks on
+      entry nodes. Fixes bug 6252. Bugfix on the 54th commit on Tor --
+      from July 2002, before the release of Tor 0.0.0. We had committed
+      this patch previously, but we had to revert it because of bug 6271.
+      Now that 6271 is fixed, this patch appears to work.
+    - Reject any attempt to extend to an internal address. Without
+      this fix, a router could be used to probe addresses on an internal
+      network to see whether they were accepting connections. Fixes bug
+      6710; bugfix on 0.0.8pre1.
+    - Do not crash when comparing an address with port value 0 to an
+      address policy. This bug could have been used to cause a remote
+      assertion failure by or against directory authorities, or to
+      allow some applications to crash clients. Fixes bug 6690; bugfix
+      on 0.2.1.10-alpha.
+
+  o Major bugfixes:
+    - Remove the upper bound on microdescriptor length. We were hitting
+      the limit for routers with complex exit policies or family
+      declarations, causing clients to not use them. Fixes the first
+      piece of bug 6404; fix on 0.2.2.6-alpha.
+    - Detect "ORPort 0" as meaning, uniformly, that we're not running
+      as a relay. Previously, some of our code would treat the presence
+      of any ORPort line as meaning that we should act like a relay,
+      even though our new listener code would correctly not open any
+      ORPorts for ORPort 0. Similar bugs in other Port options are also
+      fixed. Fixes the first half of bug 6507; bugfix on 0.2.3.3-alpha.
+
+  o Minor bugfixes:
+    - Avoid a pair of double-free and use-after-mark bugs that can
+      occur with certain timings in canceled and re-received DNS
+      requests. Fixes bug 6472; bugfix on 0.0.7rc1.
+    - Fix build and 64-bit compile warnings from --enable-openbsd-malloc.
+      Fixes bug 6379. Bugfix on 0.2.0.20-rc.
+    - Allow one-hop directory fetching circuits the full "circuit build
+      timeout" period, rather than just half of it, before failing them
+      and marking the relay down. This fix should help reduce cases where
+      clients declare relays (or worse, bridges) unreachable because
+      the TLS handshake takes a few seconds to complete. Fixes bug 6743;
+      bugfix on 0.2.2.2-alpha, where we changed the timeout from a static
+      30 seconds.
+    - Authorities no longer include any router in their microdescriptor
+      consensuses for which they couldn't generate or agree on a
+      microdescriptor. Fixes the second piece of bug 6404; fix on
+      0.2.2.6-alpha.
+    - Detect and reject attempts to specify both "FooPort" and
+      "FooPort 0" in the same configuration domain. (It's still okay
+      to have a FooPort in your configuration file, and use "FooPort 0"
+      on the command line to disable it.) Fixes the second half of bug
+      6507; bugfix on 0.2.3.3-alpha.
+    - Make wildcarded addresses (that is, ones beginning with "*.") work
+      when provided via the controller's MapAddress command. Previously,
+      they were accepted, but we never actually noticed that they were
+      wildcards. Fixes bug 6244; bugfix on 0.2.3.9-alpha.
+    - Avoid crashing on a malformed state file where EntryGuardPathBias
+      precedes EntryGuard. Fix for bug 6774; bugfix on 0.2.3.17-beta.
+    - Add a (probably redundant) memory clear between iterations of
+      the router status voting loop, to prevent future coding errors
+      where data might leak between iterations of the loop. Resolves
+      ticket 6514.
+
+  o Minor bugfixes (log messages):
+    - Downgrade "set buildtimeout to low value" messages to "info"
+      severity; they were never an actual problem, there was never
+      anything reasonable to do about them, and they tended to spam logs
+      from time to time. Fixes bug 6251; bugfix on 0.2.2.2-alpha.
+    - Downgrade path-bias warning messages to "info". We'll try to get
+      them working better in 0.2.4. Add internal circuit construction
+      state to protect against the noisy warn message "Unexpectedly high
+      circuit_successes". Also add some additional rate-limited notice
+      messages to help determine the root cause of the warn. Fixes bug
+      6475. Bugfix against 0.2.3.17-beta.
+    - Move log message when unable to find a microdesc in a routerstatus
+      entry to parse time. Previously we'd spam this warning every time
+      we tried to figure out which microdescriptors to download. Fixes
+      the third piece of bug 6404; fix on 0.2.3.18-rc.
+
+  o Minor features:
+    - Consider new, removed or changed IPv6 OR ports a non-cosmetic
+      change when the authority is deciding whether to accept a newly
+      uploaded descriptor. Implements ticket 6423.
+    - Add missing documentation for consensus and microdesc files.
+      Resolves ticket 6732.
+
+
+Changes in version 0.2.2.38 - 2012-08-12
+  Tor 0.2.2.38 fixes a remotely triggerable crash bug, and fixes a timing
+  attack that could in theory leak path information.
+
+  o Security fixes:
+    - Avoid an uninitialized memory read when reading a vote or consensus
+      document that has an unrecognized flavor name. This read could
+      lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
+    - Try to leak less information about what relays a client is
+      choosing to a side-channel attacker. Previously, a Tor client would
+      stop iterating through the list of available relays as soon as it
+      had chosen one, thus finishing a little earlier when it picked
+      a router earlier in the list. If an attacker can recover this
+      timing information (nontrivial but not proven to be impossible),
+      they could learn some coarse-grained information about which relays
+      a client was picking (middle nodes in particular are likelier to
+      be affected than exits). The timing attack might be mitigated by
+      other factors (see bug 6537 for some discussion), but it's best
+      not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
+
+
+Changes in version 0.2.3.20-rc - 2012-08-05
+  Tor 0.2.3.20-rc is the third release candidate for the Tor 0.2.3.x
+  series. It fixes a pair of code security bugs and a potential anonymity
+  issue, updates our RPM spec files, and cleans up other smaller issues.
+
+  o Security fixes:
+    - Avoid read-from-freed-memory and double-free bugs that could occur
+      when a DNS request fails while launching it. Fixes bug 6480;
+      bugfix on 0.2.0.1-alpha.
+    - Avoid an uninitialized memory read when reading a vote or consensus
+      document that has an unrecognized flavor name. This read could
+      lead to a remote crash bug. Fixes bug 6530; bugfix on 0.2.2.6-alpha.
+    - Try to leak less information about what relays a client is
+      choosing to a side-channel attacker. Previously, a Tor client would
+      stop iterating through the list of available relays as soon as it
+      had chosen one, thus finishing a little earlier when it picked
+      a router earlier in the list. If an attacker can recover this
+      timing information (nontrivial but not proven to be impossible),
+      they could learn some coarse-grained information about which relays
+      a client was picking (middle nodes in particular are likelier to
+      be affected than exits). The timing attack might be mitigated by
+      other factors (see bug 6537 for some discussion), but it's best
+      not to take chances. Fixes bug 6537; bugfix on 0.0.8rc1.
+
+  o Minor features:
+    - Try to make the warning when giving an obsolete SOCKSListenAddress
+      a little more useful.
+    - Terminate active server managed proxies if Tor stops being a
+      relay. Addresses parts of bug 6274; bugfix on 0.2.3.6-alpha.
+    - Provide a better error message about possible OSX Asciidoc failure
+      reasons. Fixes bug 6436.
+    - Warn when Tor is configured to use accounting in a way that can
+      link a hidden service to some other hidden service or public
+      address. Resolves ticket 6490.
+
+  o Minor bugfixes:
+    - Check return value of fputs() when writing authority certificate
+      file. Fixes Coverity issue 709056; bugfix on 0.2.0.1-alpha.
+    - Ignore ServerTransportPlugin lines when Tor is not configured as
+      a relay. Fixes bug 6274; bugfix on 0.2.3.6-alpha.
+    - When disabling guards for having too high a proportion of failed
+      circuits, make sure to look at each guard. Fixes bug 6397; bugfix
+      on 0.2.3.17-beta.
+
+  o Packaging (RPM):
+    - Update our default RPM spec files to work with mock and rpmbuild
+      on RHEL/Fedora. They have an updated set of dependencies and
+      conflicts, a fix for an ancient typo when creating the "_tor"
+      user, and better instructions. Thanks to Ondrej Mikle for the
+      patch series. Fixes bug 6043.
+
+  o Testing:
+    - Make it possible to set the TestingTorNetwork configuration
+      option using AlternateDirAuthority and AlternateBridgeAuthority
+      as an alternative to setting DirServer. Addresses ticket 6377.
+
+  o Documentation:
+    - Clarify the documentation for the Alternate*Authority options.
+      Fixes bug 6387.
+    - Fix some typos in the manpages. Patch from A. Costa. Fixes bug 6500.
+
+  o Code simplification and refactoring:
+    - Do not use SMARTLIST_FOREACH for any loop whose body exceeds
+      10 lines. Also, don't nest them. Doing so in the past has
+      led to hard-to-debug code. The new style is to use the
+      SMARTLIST_FOREACH_{BEGIN,END} pair. Addresses issue 6400.
+
+
+Changes in version 0.2.3.19-rc - 2012-07-06
+  Tor 0.2.3.19-rc is the second release candidate for the Tor 0.2.3.x
+  series. It fixes the compile on Windows, reverts to a GeoIP database
+  that isn't as broken, and fixes a flow control bug that has been around
+  since the beginning of Tor.
+
+  o Major bugfixes:
+    - Fix a bug handling SENDME cells on nonexistent streams that could
+      result in bizarre window values. Report and patch contributed
+      pseudonymously. Fixes part of bug 6271. This bug was introduced
+      before the first Tor release, in svn commit r152.
+    - Revert to the May 1 2012 Maxmind GeoLite Country database. In the
+      June 2012 database, Maxmind marked many Tor relays as country "A1",
+      which will cause risky behavior for clients that set EntryNodes
+      or ExitNodes. Addresses bug 6334; bugfix on 0.2.3.17-beta.
+    - Instead of ENOBUFS on Windows, say WSAENOBUFS. Fixes compilation
+      on Windows. Fixes bug 6296; bugfix on 0.2.3.18-rc.
+
+  o Minor bugfixes:
+    - Fix wrong TCP port range in parse_port_range(). Fixes bug 6218;
+      bugfix on 0.2.1.10-alpha.
+
+
+Changes in version 0.2.3.18-rc - 2012-06-28
+  Tor 0.2.3.18-rc is the first release candidate for the Tor 0.2.3.x
+  series. It fixes a few smaller bugs, but generally appears stable.
+  Please test it and let us know whether it is!
+
+  o Major bugfixes:
+    - Allow wildcarded mapaddress targets to be specified on the
+      controlport. Partially fixes bug 6244; bugfix on 0.2.3.9-alpha.
+    - Make our linker option detection code more robust against linkers
+      such as on FreeBSD 8, where a bad combination of options completes
+      successfully but makes an unrunnable binary. Fixes bug 6173;
+      bugfix on 0.2.3.17-beta.
+
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - Avoid a false positive in the util/threads unit test by increasing
+      the maximum timeout time. Fixes bug 6227; bugfix on 0.2.0.4-alpha.
+    - Replace "Sending publish request" log messages with "Launching
+      upload", so that they no longer confusingly imply that we're
+      sending something to a directory we might not even be connected
+      to yet. Fixes bug 3311; bugfix on 0.2.0.10-alpha.
+    - Make sure to set *socket_error in all error cases in
+      connection_connect(), so it can't produce a warning about
+      errno being zero from errno_to_orconn_end_reason(). Bugfix on
+      0.2.1.1-alpha; resolves ticket 6028.
+    - Downgrade "Got a certificate, but we already have it" log messages
+      from warning to info, except when we're a dirauth. Fixes bug 5238;
+      bugfix on 0.2.1.7-alpha.
+    - When checking for requested signatures on the latest consensus
+      before serving it to a client, make sure to check the right
+      consensus flavor. Bugfix on 0.2.2.6-alpha.
+    - Downgrade "eventdns rejected address" message to LOG_PROTOCOL_WARN.
+      Fixes bug 5932; bugfix on 0.2.2.7-alpha.
+
+  o Minor bugfixes (on 0.2.3.x):
+    - Make format_helper_exit_status() avoid unnecessary space padding
+      and stop confusing log_from_pipe(). Fixes ticket 5557; bugfix
+      on 0.2.3.1-alpha.
+    - Downgrade a message about cleaning the microdescriptor cache to
+      "info" from "notice". Fixes bug 6238; bugfix on 0.2.3.1-alpha.
+    - Log a BUG message at severity INFO if we have a networkstatus with
+      a missing entry for some microdescriptor. Continues on a patch
+      to 0.2.3.2-alpha.
+    - Improve the log message when a managed proxy fails to launch. Fixes
+      bug 5099; bugfix on 0.2.3.6-alpha.
+    - Don't do DNS lookups when parsing corrupted managed proxy protocol
+      messages. Fixes bug 6226; bugfix on 0.2.3.6-alpha.
+    - When formatting wildcarded address mappings for the controller,
+      be sure to include "*." as appropriate. Partially fixes bug 6244;
+      bugfix on 0.2.3.9-alpha.
+    - Avoid a warning caused by using strcspn() from glibc with clang 3.0.
+      Bugfix on 0.2.3.13-alpha.
+    - Stop logging messages about running with circuit timeout learning
+      enabled at severity LD_BUG. Fixes bug 6169; bugfix on 0.2.3.17-beta.
+    - Disable a spurious warning about reading on a marked and flushing
+      connection. We shouldn't be doing that, but apparently we
+      sometimes do. Fixes bug 6203; bugfix on 0.2.3.17-beta.
+    - Fix a bug that stopped AllowDotExit from working on addresses
+      that had an entry in the DNS cache. Fixes bug 6211; bugfix on
+      0.2.3.17-beta.
+
+  o Code simplification, refactoring, unit tests:
+    - Move tor_gettimeofday_cached() into compat_libevent.c, and use
+      Libevent's notion of cached time when possible.
+    - Remove duplicate code for invoking getrlimit() from control.c.
+    - Add a unit test for the environment_variable_names_equal function.
+
+  o Documentation:
+    - Document the --defaults-torrc option, and the new (in 0.2.3)
+      semantics for overriding, extending, and clearing lists of
+      options. Closes bug 4748.
+
+
+Changes in version 0.2.3.17-beta - 2012-06-15
+  Tor 0.2.3.17-beta enables compiler and linker hardening by default,
+  gets our TLS handshake back on track for being able to blend in with
+  Firefox, fixes a big bug in 0.2.3.16-alpha that broke Tor's interaction
+  with Vidalia, and otherwise continues to get us closer to a release
+  candidate.
+
+  o Major features:
+    - Enable gcc and ld hardening by default. Resolves ticket 5210.
+    - Update TLS cipher list to match Firefox 8 and later. Resolves
+      ticket 4744.
+    - Implement the client side of proposal 198: remove support for
+      clients falsely claiming to support standard ciphersuites that
+      they can actually provide. As of modern OpenSSL versions, it's not
+      necessary to fake any standard ciphersuite, and doing so prevents
+      us from using better ciphersuites in the future, since servers
+      can't know whether an advertised ciphersuite is really supported or
+      not. Some hosts -- notably, ones with very old versions of OpenSSL
+      or where OpenSSL has been built with ECC disabled -- will stand
+      out because of this change; TBB users should not be affected.
+
+  o Major bugfixes:
+    - Change the default value for DynamicDHGroups (introduced in
+      0.2.3.9-alpha) to 0. This feature can make Tor relays less
+      identifiable by their use of the mod_ssl DH group, but at
+      the cost of some usability (#4721) and bridge tracing (#6087)
+      regressions. Resolves ticket 5598.
+    - Send a CRLF at the end of each STATUS_* control protocol event. This
+      bug tickled a bug in Vidalia which would make it freeze. Fixes
+      bug 6094; bugfix on 0.2.3.16-alpha.
+
+  o Minor bugfixes:
+    - Disable writing on marked-for-close connections when they are
+      blocked on bandwidth, to prevent busy-looping in Libevent. Fixes
+      bug 5263; bugfix on 0.0.2pre13, where we first added a special
+      case for flushing marked connections.
+    - Detect SSL handshake even when the initial attempt to write the
+      server hello fails. Fixes bug 4592; bugfix on 0.2.0.13-alpha.
+    - Change the AllowDotExit rules so they should actually work.
+      We now enforce AllowDotExit only immediately after receiving an
+      address via SOCKS or DNSPort: other sources are free to provide
+      .exit addresses after the resolution occurs. Fixes bug 3940;
+      bugfix on 0.2.2.1-alpha.
+    - Fix a (harmless) integer overflow in cell statistics reported by
+      some fast relays. Fixes bug 5849; bugfix on 0.2.2.1-alpha.
+    - Make sure circuitbuild.c checks LearnCircuitBuildTimeout in all the
+      right places and never depends on the consensus parameters or
+      computes adaptive timeouts when it is disabled. Fixes bug 5049;
+      bugfix on 0.2.2.14-alpha.
+    - When building Tor on Windows with -DUNICODE (not default), ensure
+      that error messages, filenames, and DNS server names are always
+      NUL-terminated when we convert them to a single-byte encoding.
+      Fixes bug 5909; bugfix on 0.2.2.16-alpha.
+    - Make Tor build correctly again with -DUNICODE -D_UNICODE defined.
+      Fixes bug 6097; bugfix on 0.2.2.16-alpha.
+    - Fix an edge case where TestingTorNetwork is set but the authorities
+      and relays all have an uptime of zero, where the private Tor network
+      could briefly lack support for hidden services. Fixes bug 3886;
+      bugfix on 0.2.2.18-alpha.
+    - Correct the manpage's descriptions for the default values of
+      DirReqStatistics and ExtraInfoStatistics. Fixes bug 2865; bugfix
+      on 0.2.3.1-alpha.
+    - Fix the documentation for the --hush and --quiet command line
+      options, which changed their behavior back in 0.2.3.3-alpha.
+    - Fix compilation warning with clang 3.1. Fixes bug 6141; bugfix on
+      0.2.3.11-alpha.
+
+  o Minor features:
+    - Rate-limit the "Weighted bandwidth is 0.000000" message, and add
+      more information to it, so that we can track it down in case it
+      returns again. Mitigates bug 5235.
+    - Check CircuitBuildTimeout and LearnCircuitBuildTimeout in
+      options_validate(); warn if LearnCircuitBuildTimeout is disabled and
+      CircuitBuildTimeout is set unreasonably low. Resolves ticket 5452.
+    - Warn the user when HTTPProxy, but no other proxy type, is
+      configured. This can cause surprising behavior: it doesn't send
+      all of Tor's traffic over the HTTPProxy -- it sends unencrypted
+      directory traffic only. Resolves ticket 4663.
+    - Issue a notice if a guard completes less than 40% of your circuits.
+      Threshold is configurable by torrc option PathBiasNoticeRate and
+      consensus parameter pb_noticepct. There is additional, off-by-
+      default code to disable guards which fail too many circuits.
+      Addresses ticket 5458.
+    - Update to the June 6 2012 Maxmind GeoLite Country database.
+
+  o Code simplifications and refactoring:
+    - Remove validate_pluggable_transports_config(): its warning
+      message is now handled by connection_or_connect().
+
+
+Changes in version 0.2.2.37 - 2012-06-06
+  Tor 0.2.2.37 introduces a workaround for a critical renegotiation
+  bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
+  currently).
+
+  o Major bugfixes:
+    - Work around a bug in OpenSSL that broke renegotiation with TLS
+      1.1 and TLS 1.2. Without this workaround, all attempts to speak
+      the v2 Tor connection protocol when both sides were using OpenSSL
+      1.0.1 would fail. Resolves ticket 6033.
+    - When waiting for a client to renegotiate, don't allow it to add
+      any bytes to the input buffer. This fixes a potential DoS issue.
+      Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
+    - Fix an edge case where if we fetch or publish a hidden service
+      descriptor, we might build a 4-hop circuit and then use that circuit
+      for exiting afterwards -- even if the new last hop doesn't obey our
+      ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
+
+  o Minor bugfixes:
+    - Fix a build warning with Clang 3.1 related to our use of vasprintf.
+      Fixes bug 5969. Bugfix on 0.2.2.11-alpha.
+
+  o Minor features:
+    - Tell GCC and Clang to check for any errors in format strings passed
+      to the tor_v*(print|scan)f functions.
+
+
+Changes in version 0.2.3.16-alpha - 2012-06-05
+  Tor 0.2.3.16-alpha introduces a workaround for a critical renegotiation
+  bug in OpenSSL 1.0.1 (where 20% of the Tor network can't talk to itself
+  currently). It also fixes a variety of smaller bugs and other cleanups
+  that get us closer to a release candidate.
+
+  o Major bugfixes (general):
+    - Work around a bug in OpenSSL that broke renegotiation with TLS
+      1.1 and TLS 1.2. Without this workaround, all attempts to speak
+      the v2 Tor connection protocol when both sides were using OpenSSL
+      1.0.1 would fail. Resolves ticket 6033.
+    - When waiting for a client to renegotiate, don't allow it to add
+      any bytes to the input buffer. This fixes a potential DoS issue.
+      Fixes bugs 5934 and 6007; bugfix on 0.2.0.20-rc.
+    - Pass correct OR address to managed proxies (like obfsproxy),
+      even when ORListenAddress is used. Fixes bug 4865; bugfix on
+      0.2.3.9-alpha.
+    - The advertised platform of a router now includes only its operating
+      system's name (e.g., "Linux", "Darwin", "Windows 7"), and not its
+      service pack level (for Windows) or its CPU architecture (for Unix).
+      We also no longer include the "git-XYZ" tag in the version. Resolves
+      part of bug 2988.
+
+  o Major bugfixes (clients):
+    - If we are unable to find any exit that supports our predicted ports,
+      stop calling them predicted, so that we don't loop and build
+      hopeless circuits indefinitely. Fixes bug 3296; bugfix on 0.0.9pre6,
+      which introduced predicted ports.
+    - Fix an edge case where if we fetch or publish a hidden service
+      descriptor, we might build a 4-hop circuit and then use that circuit
+      for exiting afterwards -- even if the new last hop doesn't obey our
+      ExitNodes config option. Fixes bug 5283; bugfix on 0.2.0.10-alpha.
+    - Check at each new consensus whether our entry guards were picked
+      long enough ago that we should rotate them. Previously, we only
+      did this check at startup, which could lead to us holding a guard
+      indefinitely. Fixes bug 5380; bugfix on 0.2.1.14-rc.
+    - When fetching a bridge descriptor from a bridge authority,
+      always do so anonymously, whether we have been able to open
+      circuits or not. Partial fix for bug 1938; bugfix on 0.2.0.7-alpha.
+      This behavior makes it *safer* to use UpdateBridgesFromAuthority,
+      but we'll need to wait for bug 6010 before it's actually usable.
+
+  o Major bugfixes (directory authorities):
+    - When computing weight parameters, behave more robustly in the
+      presence of a bad bwweightscale value. Previously, the authorities
+      would crash if they agreed on a sufficiently broken weight_scale
+      value: now, they use a reasonable default and carry on. Partial
+      fix for 5786; bugfix on 0.2.2.17-alpha.
+    - Check more thoroughly to prevent a rogue authority from
+      double-voting on any consensus directory parameter. Previously,
+      authorities would crash in this case if the total number of
+      votes for any parameter exceeded the number of active voters,
+      but would let it pass otherwise. Partial fix for bug 5786; bugfix
+      on 0.2.2.2-alpha.
+
+  o Minor features:
+    - Rate-limit log messages when asked to connect anonymously to
+      a private address. When these hit, they tended to hit fast and
+      often. Also, don't bother trying to connect to addresses that we
+      are sure will resolve to 127.0.0.1: getting 127.0.0.1 in a directory
+      reply makes us think we have been lied to, even when the address the
+      client tried to connect to was "localhost." Resolves ticket 2822.
+    - Allow packagers to insert an extra string in server descriptor
+      platform lines by setting the preprocessor variable TOR_BUILD_TAG.
+      Resolves the rest of ticket 2988.
+    - Raise the threshold of server descriptors needed (75%) and exit
+      server descriptors needed (50%) before we will declare ourselves
+      bootstrapped. This will make clients start building circuits a
+      little later, but makes the initially constructed circuits less
+      skewed and less in conflict with further directory fetches. Fixes
+      ticket 3196.
+    - Close any connection that sends unrecognized junk before the
+      handshake. Solves an issue noted in bug 4369.
+    - Improve log messages about managed transports. Resolves ticket 5070.
+    - Tag a bridge's descriptor as "never to be sent unencrypted".
+      This shouldn't matter, since bridges don't open non-anonymous
+      connections to the bridge authority and don't allow unencrypted
+      directory connections from clients, but we might as well make
+      sure. Closes bug 5139.
+    - Expose our view of whether we have gone dormant to the controller,
+      via a new "GETINFO dormant" value. Torbutton and other controllers
+      can use this to avoid doing periodic requests through Tor while
+      it's dormant (bug 4718). Fixes bug 5954.
+    - Tell GCC and Clang to check for any errors in format strings passed
+      to the tor_v*(print|scan)f functions.
+    - Update to the May 1 2012 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (already included in 0.2.2.36):
+    - Reject out-of-range times like 23:59:61 in parse_rfc1123_time().
+      Fixes bug 5346; bugfix on 0.0.8pre3.
+    - Correct parsing of certain date types in parse_http_time().
+      Without this patch, If-Modified-Since would behave
+      incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from
+      Esteban Manchado Velázques.
+    - Make our number-parsing functions always treat too-large values
+      as an error, even when those values exceed the width of the
+      underlying type. Previously, if the caller provided these
+      functions with minima or maxima set to the extreme values of the
+      underlying integer type, these functions would return those
+      values on overflow rather than treating overflow as an error.
+      Fixes part of bug 5786; bugfix on 0.0.9.
+    - If we hit the error case where routerlist_insert() replaces an
+      existing (old) server descriptor, make sure to remove that
+      server descriptor from the old_routers list. Fix related to bug
+      1776. Bugfix on 0.2.2.18-alpha.
+    - Clarify the behavior of MaxCircuitDirtiness with hidden service
+      circuits. Fixes issue 5259.
+
+  o Minor bugfixes (coding cleanup, on 0.2.2.x and earlier):
+    - Prevent a null-pointer dereference when receiving a data cell
+      for a nonexistent stream when the circuit in question has an
+      empty deliver window. We don't believe this is triggerable,
+      since we don't currently allow deliver windows to become empty,
+      but the logic is tricky enough that it's better to make the code
+      robust. Fixes bug 5541; bugfix on 0.0.2pre14.
+    - Fix a memory leak when trying to launch a DNS request when the
+      network is disabled or the nameservers are unconfigurable. Fixes
+      bug 5916; bugfix on Tor 0.1.2.1-alpha (for the unconfigurable
+      nameserver case) and on 0.2.3.9-alpha (for the DisableNetwork case).
+    - Don't hold a Windows file handle open for every file mapping;
+      the file mapping handle is sufficient. Fixes bug 5951; bugfix on
+      0.1.2.1-alpha.
+    - Avoid O(n^2) performance characteristics when parsing a large
+      extrainfo cache. Fixes bug 5828; bugfix on 0.2.0.1-alpha.
+    - Format more doubles with %f, not %lf. Patch from grarpamp to make
+      Tor build correctly on older BSDs again. Fixes bug 3894; bugfix on
+      Tor 0.2.0.8-alpha.
+    - Make our replacement implementation of strtok_r() compatible with
+      the standard behavior of strtok_r(). Patch by nils. Fixes bug 5091;
+      bugfix on 0.2.2.1-alpha.
+    - Fix a NULL-pointer dereference on a badly formed
+      SETCIRCUITPURPOSE command. Found by mikeyc. Fixes bug 5796;
+      bugfix on 0.2.2.9-alpha.
+    - Fix a build warning with Clang 3.1 related to our use of vasprintf.
+      Fixes bug 5969. Bugfix on 0.2.2.11-alpha.
+    - Defensively refactor rend_mid_rendezvous() so that protocol
+      violations and length checks happen in the beginning. Fixes
+      bug 5645.
+    - Set _WIN32_WINNT to 0x0501 consistently throughout the code, so
+      that IPv6 stuff will compile on MSVC, and compilation issues
+      will be easier to track down. Fixes bug 5861.
+
+  o Minor bugfixes (correctness, on 0.2.2.x and earlier):
+    - Exit nodes now correctly report EADDRINUSE and EADDRNOTAVAIL as
+      resource exhaustion, so that clients can adjust their load to
+      try other exits. Fixes bug 4710; bugfix on 0.1.0.1-rc, which
+      started using END_STREAM_REASON_RESOURCELIMIT.
+    - Don't check for whether the address we're using for outbound
+      connections has changed until after the outbound connection has
+      completed. On Windows, getsockname() doesn't succeed until the
+      connection is finished. Fixes bug 5374; bugfix on 0.1.1.14-alpha.
+    - If the configuration tries to set MyFamily on a bridge, refuse to
+      do so, and warn about the security implications. Fixes bug 4657;
+      bugfix on 0.2.0.3-alpha.
+    - If the client fails to set a reasonable set of ciphersuites
+      during its v2 handshake renegotiation, allow the renegotiation to
+      continue nevertheless (i.e. send all the required certificates).
+      Fixes bug 4591; bugfix on 0.2.0.20-rc.
+    - When we receive a SIGHUP and the controller __ReloadTorrcOnSIGHUP
+      option is set to 0 (which Vidalia version 0.2.16 now does when
+      a SAVECONF attempt fails), perform other actions that SIGHUP
+      usually causes (like reopening the logs). Fixes bug 5095; bugfix
+      on 0.2.1.9-alpha.
+    - If we fail to write a microdescriptor to the disk cache, do not
+      continue replacing the old microdescriptor file. Fixes bug 2954;
+      bugfix on 0.2.2.6-alpha.
+    - Exit nodes don't need to fetch certificates for authorities that
+      they don't recognize; only directory authorities, bridges,
+      and caches need to do that. Fixes part of bug 2297; bugfix on
+      0.2.2.11-alpha.
+    - Correctly handle checking the permissions on the parent
+      directory of a control socket in the root directory. Bug found
+      by Esteban Manchado Velázquez. Fixes bug 5089; bugfix on Tor
+      0.2.2.26-beta.
+    - When told to add a bridge with the same digest as a preexisting
+      bridge but a different addr:port, change the addr:port as
+      requested. Previously we would not notice the change. Fixes half
+      of bug 5603; fix on 0.2.2.26-beta.
+    - End AUTHCHALLENGE error messages (in the control protocol) with
+      a CRLF. Fixes bug 5760; bugfix on 0.2.2.36 and 0.2.3.13-alpha.
+
+  o Minor bugfixes (on 0.2.3.x):
+    - Turn an assertion (that the number of handshakes received as a
+      server is not < 1) into a warning. Fixes bug 4873; bugfix on
+      0.2.3.1-alpha.
+    - Format IPv4 addresses correctly in ADDRMAP events. (Previously,
+      we had reversed them when the answer was cached.) Fixes bug
+      5723; bugfix on 0.2.3.1-alpha.
+    - Work correctly on Linux systems with accept4 support advertised in
+      their headers, but without accept4 support in the kernel. Fix
+      by murb. Fixes bug 5762; bugfix on 0.2.3.1-alpha.
+    - When told to add a bridge with the same addr:port as a preexisting
+      bridge but a different transport, change the transport as
+      requested. Previously we would not notice the change. Fixes half
+      of bug 5603; fix on 0.2.3.2-alpha.
+    - Avoid a "double-reply" warning when replying to a SOCKS request
+      with a parse error. Patch from Fabian Keil. Fixes bug 4108;
+      bugfix on 0.2.3.4-alpha.
+    - Fix a bug where a bridge authority crashes if it has seen no
+      directory requests when it's time to write statistics to disk.
+      Fixes bug 5891; bugfix on 0.2.3.6-alpha. Also fixes bug 5508 in
+      a better way.
+    - Don't try to open non-control listeners when DisableNetwork is set.
+      Previously, we'd open all listeners, then immediately close them.
+      Fixes bug 5604; bugfix on 0.2.3.9-alpha.
+    - Don't abort the managed proxy protocol if the managed proxy
+      sends us an unrecognized line; ignore it instead. Fixes bug
+      5910; bugfix on 0.2.3.9-alpha.
+    - Fix a compile warning in crypto.c when compiling with clang 3.1.
+      Fixes bug 5969, bugfix on 0.2.3.9-alpha.
+    - Fix a compilation issue on GNU Hurd, which doesn't have PATH_MAX.
+      Fixes bug 5355; bugfix on 0.2.3.11-alpha.
+    - Remove bogus definition of "_WIN32" from src/win32/orconfig.h, to
+      unbreak the MSVC build. Fixes bug 5858; bugfix on 0.2.3.12-alpha.
+    - Resolve numerous small warnings and build issues with MSVC. Resolves
+      bug 5859.
+
+  o Documentation fixes:
+    - Improve the manual's documentation for the NT Service command-line
+      options. Addresses ticket 3964.
+    - Clarify SessionGroup documentation slightly; resolves ticket 5437.
+    - Document the changes to the ORPort and DirPort options, and the
+      fact that {OR/Dir}ListenAddress is now unnecessary (and
+      therefore deprecated). Resolves ticket 5597.
+
+  o Removed files:
+    - Remove the torrc.bridge file: we don't use it for anything, and
+      it had become badly desynchronized from torrc.sample. Resolves
+      bug 5622.
+
+
+Changes in version 0.2.2.36 - 2012-05-24
+  Tor 0.2.2.36 updates the addresses for two of the eight directory
+  authorities, fixes some potential anonymity and security issues,
+  and fixes several crash bugs.
+
+  Tor 0.2.1.x has reached its end-of-life. Those Tor versions have many
+  known flaws, and nobody should be using them. You should upgrade. If
+  you're using a Linux or BSD and its packages are obsolete, stop using
+  those packages and upgrade anyway.
+
+  o Directory authority changes:
+    - Change IP address for maatuska (v3 directory authority).
+    - Change IP address for ides (v3 directory authority), and rename
+      it to turtles.
+
+  o Security fixes:
+    - When building or running with any version of OpenSSL earlier
+      than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
+      versions have a bug (CVE-2011-4576) in which their block cipher
+      padding includes uninitialized data, potentially leaking sensitive
+      information to any peer with whom they make a SSLv3 connection. Tor
+      does not use SSL v3 by default, but a hostile client or server
+      could force an SSLv3 connection in order to gain information that
+      they shouldn't have been able to get. The best solution here is to
+      upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
+      or running with a non-upgraded OpenSSL, we disable SSLv3 entirely
+      to make sure that the bug can't happen.
+    - Never use a bridge or a controller-supplied node as an exit, even
+      if its exit policy allows it. Found by wanoskarnet. Fixes bug
+      5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors)
+      and 0.2.0.3-alpha (for bridge-purpose descriptors).
+    - Only build circuits if we have a sufficient threshold of the total
+      descriptors that are marked in the consensus with the "Exit"
+      flag. This mitigates an attack proposed by wanoskarnet, in which
+      all of a client's bridges collude to restrict the exit nodes that
+      the client knows about. Fixes bug 5343.
+    - Provide controllers with a safer way to implement the cookie
+      authentication mechanism. With the old method, if another locally
+      running program could convince a controller that it was the Tor
+      process, then that program could trick the controller into telling
+      it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
+      authentication method uses a challenge-response approach to prevent
+      this attack. Fixes bug 5185; implements proposal 193.
+
+  o Major bugfixes:
+    - Avoid logging uninitialized data when unable to decode a hidden
+      service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
+    - Avoid a client-side assertion failure when receiving an INTRODUCE2
+      cell on a general purpose circuit. Fixes bug 5644; bugfix on
+      0.2.1.6-alpha.
+    - Fix builds when the path to sed, openssl, or sha1sum contains
+      spaces, which is pretty common on Windows. Fixes bug 5065; bugfix
+      on 0.2.2.1-alpha.
+    - Correct our replacements for the timeradd() and timersub() functions
+      on platforms that lack them (for example, Windows). The timersub()
+      function is used when expiring circuits, while timeradd() is
+      currently unused. Bug report and patch by Vektor. Fixes bug 4778;
+      bugfix on 0.2.2.24-alpha.
+    - Fix the SOCKET_OK test that we use to tell when socket
+      creation fails so that it works on Win64. Fixes part of bug 4533;
+      bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
+
+  o Minor bugfixes:
+    - Reject out-of-range times like 23:59:61 in parse_rfc1123_time().
+      Fixes bug 5346; bugfix on 0.0.8pre3.
+    - Make our number-parsing functions always treat too-large values
+      as an error, even when those values exceed the width of the
+      underlying type. Previously, if the caller provided these
+      functions with minima or maxima set to the extreme values of the
+      underlying integer type, these functions would return those
+      values on overflow rather than treating overflow as an error.
+      Fixes part of bug 5786; bugfix on 0.0.9.
+    - Older Linux kernels erroneously respond to strange nmap behavior
+      by having accept() return successfully with a zero-length
+      socket. When this happens, just close the connection. Previously,
+      we would try harder to learn the remote address: but there was
+      no such remote address to learn, and our method for trying to
+      learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
+      on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
+    - Correct parsing of certain date types in parse_http_time().
+      Without this patch, If-Modified-Since would behave
+      incorrectly. Fixes bug 5346; bugfix on 0.2.0.2-alpha. Patch from
+      Esteban Manchado Velázques.
+    - Change the BridgePassword feature (part of the "bridge community"
+      design, which is not yet implemented) to use a time-independent
+      comparison. The old behavior might have allowed an adversary
+      to use timing to guess the BridgePassword value. Fixes bug 5543;
+      bugfix on 0.2.0.14-alpha.
+    - Detect and reject certain misformed escape sequences in
+      configuration values. Previously, these values would cause us
+      to crash if received in a torrc file or over an authenticated
+      control port. Bug found by Esteban Manchado Velázquez, and
+      independently by Robert Connolly from Matta Consulting who further
+      noted that it allows a post-authentication heap overflow. Patch
+      by Alexander Schrijver. Fixes bugs 5090 and 5402 (CVE 2012-1668);
+      bugfix on 0.2.0.16-alpha.
+    - Fix a compile warning when using the --enable-openbsd-malloc
+      configure option. Fixes bug 5340; bugfix on 0.2.0.20-rc.
+    - During configure, detect when we're building with clang version
+      3.0 or lower and disable the -Wnormalized=id and -Woverride-init
+      CFLAGS. clang doesn't support them yet.
+    - When sending an HTTP/1.1 proxy request, include a Host header.
+      Fixes bug 5593; bugfix on 0.2.2.1-alpha.
+    - Fix a NULL-pointer dereference on a badly formed SETCIRCUITPURPOSE
+      command. Found by mikeyc. Fixes bug 5796; bugfix on 0.2.2.9-alpha.
+    - If we hit the error case where routerlist_insert() replaces an
+      existing (old) server descriptor, make sure to remove that
+      server descriptor from the old_routers list. Fix related to bug
+      1776. Bugfix on 0.2.2.18-alpha.
+
+  o Minor bugfixes (documentation and log messages):
+    - Fix a typo in a log message in rend_service_rendezvous_has_opened().
+      Fixes bug 4856; bugfix on Tor 0.0.6.
+    - Update "ClientOnly" man page entry to explain that there isn't
+      really any point to messing with it. Resolves ticket 5005.
+    - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
+      directory authority option (introduced in Tor 0.2.2.34).
+    - Downgrade the "We're missing a certificate" message from notice
+      to info: people kept mistaking it for a real problem, whereas it
+      is seldom the problem even when we are failing to bootstrap. Fixes
+      bug 5067; bugfix on 0.2.0.10-alpha.
+    - Correctly spell "connect" in a log message on failure to create a
+      controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta.
+    - Clarify the behavior of MaxCircuitDirtiness with hidden service
+      circuits. Fixes issue 5259.
+
+  o Minor features:
+    - Directory authorities now reject versions of Tor older than
+      0.2.1.30, and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
+      inclusive. These versions accounted for only a small fraction of
+      the Tor network, and have numerous known security issues. Resolves
+      issue 4788.
+    - Update to the May 1 2012 Maxmind GeoLite Country database.
+
+  o Feature removal:
+    - When sending or relaying a RELAY_EARLY cell, we used to convert
+      it to a RELAY cell if the connection was using the v1 link
+      protocol. This was a workaround for older versions of Tor, which
+      didn't handle RELAY_EARLY cells properly. Now that all supported
+      versions can handle RELAY_EARLY cells, and now that we're enforcing
+      the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
+      remove this workaround. Addresses bug 4786.
+
+
+Changes in version 0.2.3.15-alpha - 2012-04-30
+  Tor 0.2.3.15-alpha fixes a variety of smaller bugs, including making
+  the development branch build on Windows again.
+
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - Make sure that there are no unhandled pending TLS errors before
+      reading from a TLS stream. We had checks in 0.1.0.3-rc, but
+      lost them in 0.1.0.5-rc when we refactored read_to_buf_tls().
+      Bugfix on 0.1.0.5-rc; fixes bug 4528.
+    - Fix an assert that directory authorities could trigger on sighup
+      during some configuration state transitions. We now don't treat
+      it as a fatal error when the new descriptor we just generated in
+      init_keys() isn't accepted. Fixes bug 4438; bugfix on 0.2.1.9-alpha.
+    - After we pick a directory mirror, we would refuse to use it if
+      it's in our ExcludeExitNodes list, resulting in mysterious failures
+      to bootstrap for people who just wanted to avoid exiting from
+      certain locations. Fixes bug 5623; bugfix on 0.2.2.25-alpha.
+    - When building with --enable-static-tor on OpenBSD, do not
+      erroneously attempt to link -lrt. Fixes bug 5103.
+
+  o Minor bugfixes (on 0.2.3.x):
+    - When Tor is built with kernel headers from a recent (last few
+      years) Linux kernel, do not fail to run on older (pre-2.6.28
+      Linux kernels). Fixes bug 5112; bugfix on 0.2.3.1-alpha.
+    - Fix cross-compilation issues with mingw. Bugfixes on 0.2.3.6-alpha
+      and 0.2.3.12-alpha.
+    - Fix compilation with miniupnpc version 1.6; patch from
+      Anthony G. Basile. Fixes bug 5434; bugfix on 0.2.3.12-alpha.
+    - Fix compilation with MSVC, which had defined MS_WINDOWS. Bugfix
+      on 0.2.3.13-alpha; found and fixed by Gisle Vanem.
+    - Fix compilation on platforms without unistd.h, or where environ
+      is defined in stdlib.h. Fixes bug 5704; bugfix on 0.2.3.13-alpha.
+
+  o Minor features:
+    - Directory authorities are now a little more lenient at accepting
+      older router descriptors, or newer router descriptors that don't
+      make big changes. This should help ameliorate past and future
+      issues where routers think they have uploaded valid descriptors,
+      but the authorities don't think so. Fix for ticket 2479.
+    - Make the code that clients use to detect an address change be
+      IPv6-aware, so that it won't fill clients' logs with error
+      messages when trying to get the IPv4 address of an IPv6
+      connection. Implements ticket 5537.
+
+  o Removed features:
+    - Remove the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays option;
+      authorities needed to use it for a while to keep the network working
+      as people upgraded to 0.2.1.31, 0.2.2.34, or 0.2.3.6-alpha, but
+      that was six months ago. As of now, it should no longer be needed
+      or used.
+
+
+Changes in version 0.2.3.14-alpha - 2012-04-23
+  Tor 0.2.3.14-alpha fixes yet more bugs to get us closer to a release
+  candidate. It also dramatically speeds up AES: fast relays should
+  consider switching to the newer OpenSSL library.
+
+  o Directory authority changes:
+    - Change IP address for ides (v3 directory authority), and rename
+      it to turtles.
+
+  o Major bugfixes:
+    - Avoid logging uninitialized data when unable to decode a hidden
+      service descriptor cookie. Fixes bug 5647; bugfix on 0.2.1.5-alpha.
+    - Avoid a client-side assertion failure when receiving an INTRODUCE2
+      cell on a general purpose circuit. Fixes bug 5644; bugfix on
+      0.2.1.6-alpha.
+    - If authorities are unable to get a v2 consensus document from other
+      directory authorities, they no longer fall back to fetching
+      them from regular directory caches. Fixes bug 5635; bugfix on
+      0.2.2.26-beta, where routers stopped downloading v2 consensus
+      documents entirely.
+    - When we start a Tor client with a normal consensus already cached,
+      be willing to download a microdescriptor consensus. Fixes bug 4011;
+      fix on 0.2.3.1-alpha.
+
+  o Major features (performance):
+    - When built to use OpenSSL 1.0.1, and built for an x86 or x86_64
+      instruction set, take advantage of OpenSSL's AESNI, bitsliced, or
+      vectorized AES implementations as appropriate. These can be much,
+      much faster than other AES implementations.
+
+  o Minor bugfixes (0.2.2.x and earlier):
+    - Don't launch more than 10 service-side introduction-point circuits
+      for a hidden service in five minutes. Previously, we would consider
+      launching more introduction-point circuits if at least one second
+      had passed without any introduction-point circuits failing. Fixes
+      bug 4607; bugfix on 0.0.7pre1.
+    - Change the BridgePassword feature (part of the "bridge community"
+      design, which is not yet implemented) to use a time-independent
+      comparison. The old behavior might have allowed an adversary
+      to use timing to guess the BridgePassword value. Fixes bug 5543;
+      bugfix on 0.2.0.14-alpha.
+    - Enforce correct return behavior of tor_vsscanf() when the '%%'
+      pattern is used. Fixes bug 5558. Bugfix on 0.2.1.13.
+    - When sending an HTTP/1.1 proxy request, include a Host header.
+      Fixes bug 5593; bugfix on 0.2.2.1-alpha.
+    - Don't log that we have "decided to publish new relay descriptor"
+      unless we are actually publishing a descriptor. Fixes bug 3942;
+      bugfix on 0.2.2.28-beta.
+
+  o Minor bugfixes (0.2.3.x):
+    - Fix a bug where a bridge authority crashes (on a failed assert)
+      if it has seen no directory requests when it's time to write
+      statistics to disk. Fixes bug 5508. Bugfix on 0.2.3.6-alpha.
+    - Fix bug stomping on ORPort option NoListen and ignoring option
+      NoAdvertise. Fixes bug 5151; bugfix on 0.2.3.9-alpha.
+    - In the testsuite, provide a large enough buffer in the tor_sscanf
+      unit test. Otherwise we'd overrun that buffer and crash during
+      the unit tests. Found by weasel. Fixes bug 5449; bugfix on
+      0.2.3.12-alpha.
+    - Make sure we create the keys directory if it doesn't exist and we're
+      about to store the dynamic Diffie-Hellman parameters. Fixes bug
+      5572; bugfix on 0.2.3.13-alpha.
+    - Fix a small memory leak when trying to decode incorrect base16
+      authenticator during SAFECOOKIE authentication. Found by
+      Coverity Scan. Fixes CID 507. Bugfix on 0.2.3.13-alpha.
+
+  o Minor features:
+    - Add more information to a log statement that might help track down
+      bug 4091. If you're seeing "Bug: tor_addr_is_internal() called with a
+      non-IP address" messages (or any Bug messages, for that matter!),
+      please let us know about it.
+    - Relays now understand an IPv6 address when they get one from a
+      directory server. Resolves ticket 4875.
+    - Resolve IPv6 addresses in bridge and entry statistics to country
+      code "??" which means we at least count them. Resolves ticket 5053;
+      improves on 0.2.3.9-alpha.
+    - Update to the April 3 2012 Maxmind GeoLite Country database.
+    - Begin a doc/state-contents.txt file to explain the contents of
+      the Tor state file. Fixes bug 2987.
+
+  o Default torrc changes:
+    - Stop listing "socksport 9050" in torrc.sample. We open a socks
+      port on 9050 by default anyway, so this should not change anything
+      in practice.
+    - Stop mentioning the deprecated *ListenAddress options in
+      torrc.sample. Fixes bug 5438.
+    - Document unit of bandwidth related options in sample torrc.
+      Fixes bug 5621.
+
+  o Removed features:
+    - The "torify" script no longer supports the "tsocks" socksifier
+      tool, since tsocks doesn't support DNS and UDP right for Tor.
+      Everyone should be using torsocks instead. Fixes bugs 3530 and
+      5180. Based on a patch by "ugh".
+
+  o Code refactoring:
+    - Change the symmetric cipher interface so that creating and
+      initializing a stream cipher are no longer separate functions.
+    - Remove all internal support for unpadded RSA. We never used it, and
+      it would be a bad idea to start.
+
+
+Changes in version 0.2.3.13-alpha - 2012-03-26
+  Tor 0.2.3.13-alpha fixes a variety of stability and correctness bugs
+  in managed pluggable transports, as well as providing other cleanups
+  that get us closer to a release candidate.
+
+  o Directory authority changes:
+    - Change IP address for maatuska (v3 directory authority).
+
+  o Security fixes:
+    - Provide controllers with a safer way to implement the cookie
+      authentication mechanism. With the old method, if another locally
+      running program could convince a controller that it was the Tor
+      process, then that program could trick the controller into telling
+      it the contents of an arbitrary 32-byte file. The new "SAFECOOKIE"
+      authentication method uses a challenge-response approach to prevent
+      this attack. Fixes bug 5185, implements proposal 193.
+    - Never use a bridge or a controller-supplied node as an exit, even
+      if its exit policy allows it. Found by wanoskarnet. Fixes bug
+      5342. Bugfix on 0.1.1.15-rc (for controller-purpose descriptors)
+      and 0.2.0.3-alpha (for bridge-purpose descriptors).
+    - Only build circuits if we have a sufficient threshold of the total
+      descriptors that are marked in the consensus with the "Exit"
+      flag. This mitigates an attack proposed by wanoskarnet, in which
+      all of a client's bridges collude to restrict the exit nodes that
+      the client knows about. Fixes bug 5343.
+
+  o Major bugfixes (on Tor 0.2.3.x):
+    - Avoid an assert when managed proxies like obfsproxy are configured,
+      and we receive HUP signals or setconf attempts too rapidly. This
+      situation happens most commonly when Vidalia tries to attach to
+      Tor or tries to configure the Tor it's attached to. Fixes bug 5084;
+      bugfix on 0.2.3.6-alpha.
+    - Fix a relay-side pluggable transports bug where managed proxies were
+      unreachable from the Internet, because Tor asked them to bind on
+      localhost. Fixes bug 4725; bugfix on 0.2.3.9-alpha.
+    - Stop discarding command-line arguments when TestingTorNetwork
+      is set. Discovered by Kevin Bauer. Fixes bug 5373; bugfix on
+      0.2.3.9-alpha, where task 4552 added support for two layers of
+      torrc files.
+    - Resume allowing the unit tests to run in gdb. This was accidentally
+      made impossible when the DisableDebuggerAttachment option was
+      introduced. Fixes bug 5448; bugfix on 0.2.3.9-alpha.
+    - Resume building with nat-pmp support. Fixes bug 4955; bugfix on
+      0.2.3.11-alpha. Reported by Anthony G. Basile.
+
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - Ensure we don't cannibalize circuits that are longer than three hops
+      already, so we don't end up making circuits with 5 or more
+      hops. Patch contributed by wanoskarnet. Fixes bug 5231; bugfix on
+      0.1.0.1-rc which introduced cannibalization.
+    - Detect and reject certain misformed escape sequences in
+      configuration values. Previously, these values would cause us
+      to crash if received in a torrc file or over an authenticated
+      control port. Bug found by Esteban Manchado Velázquez, and
+      independently by Robert Connolly from Matta Consulting who further
+      noted that it allows a post-authentication heap overflow. Patch
+      by Alexander Schrijver. Fixes bugs 5090 and 5402 (CVE 2012-1668);
+      bugfix on 0.2.0.16-alpha.
+    - Fix a compile warning when using the --enable-openbsd-malloc
+      configure option. Fixes bug 5340; bugfix on 0.2.0.20-rc.
+    - Directory caches no longer refuse to clean out descriptors because
+      of missing v2 networkstatus documents, unless they're configured
+      to retrieve v2 networkstatus documents. Fixes bug 4838; bugfix on
+      0.2.2.26-beta. Patch by Daniel Bryg.
+    - Update to the latest version of the tinytest unit testing framework.
+      This includes a couple of bugfixes that can be relevant for
+      running forked unit tests on Windows, and removes all reserved
+      identifiers.
+
+  o Minor bugfixes (on 0.2.3.x):
+    - On a failed pipe() call, don't leak file descriptors. Fixes bug
+      4296; bugfix on 0.2.3.1-alpha.
+    - Spec conformance: on a v3 handshake, do not send a NETINFO cell
+      until after we have received a CERTS cell. Fixes bug 4361; bugfix
+      on 0.2.3.6-alpha. Patch by "frosty".
+    - When binding to an IPv6 address, set the IPV6_V6ONLY socket
+      option, so that the IP stack doesn't decide to use it for IPv4
+      too. Fixes bug 4760; bugfix on 0.2.3.9-alpha.
+    - Ensure that variables set in Tor's environment cannot override
+      environment variables that Tor passes to a managed
+      pluggable-transport proxy. Previously, Tor would pass every
+      variable in its environment to managed proxies along with the new
+      ones, in such a way that on many operating systems, the inherited
+      environment variables would override those which Tor tried to
+      explicitly set. Bugfix on 0.2.3.12-alpha for most Unixoid systems;
+      bugfix on 0.2.3.9-alpha for Windows.
+
+  o Minor features:
+    - A wide variety of new unit tests by Esteban Manchado Velázquez.
+    - Shorten links in the tor-exit-notice file. Patch by Christian Kujau.
+    - Update to the March 6 2012 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.3.12-alpha - 2012-02-13
+  Tor 0.2.3.12-alpha lets fast exit relays scale better, allows clients
+  to use bridges that run Tor 0.2.2.x, and resolves several big bugs
+  when Tor is configured to use a pluggable transport like obfsproxy.
+
+  o Major bugfixes:
+    - Fix builds when the path to sed, openssl, or sha1sum contains
+      spaces, which is pretty common on Windows. Fixes bug 5065; bugfix
+      on 0.2.2.1-alpha.
+    - Set the SO_REUSEADDR socket option before we call bind() on outgoing
+      connections. This change should allow busy exit relays to stop
+      running out of available sockets as quickly. Fixes bug 4950;
+      bugfix on 0.2.2.26-beta.
+    - Allow 0.2.3.x clients to use 0.2.2.x bridges. Previously the client
+      would ask the bridge for microdescriptors, which are only supported
+      in 0.2.3.x, and then fail to bootstrap when it didn't get the
+      answers it wanted. Fixes bug 4013; bugfix on 0.2.3.2-alpha.
+    - Properly set up obfsproxy's environment when in managed mode. The
+      Tor Browser Bundle needs LD_LIBRARY_PATH to be passed to obfsproxy,
+      and when you run your Tor as a daemon, there's no HOME. Fixes bugs
+      5076 and 5082; bugfix on 0.2.3.6-alpha.
+
+  o Minor features:
+    - Use the dead_strip option when building Tor on OS X. This reduces
+      binary size by almost 19% when linking openssl and libevent
+      statically, which we do for Tor Browser Bundle.
+    - Fix broken URLs in the sample torrc file, and tell readers about
+      the OutboundBindAddress, ExitPolicyRejectPrivate, and
+      PublishServerDescriptor options. Addresses bug 4652.
+    - Update to the February 7 2012 Maxmind GeoLite Country database.
+
+  o Minor bugfixes:
+    - Downgrade the "We're missing a certificate" message from notice
+      to info: people kept mistaking it for a real problem, whereas it
+      is seldom the problem even when we are failing to bootstrap. Fixes
+      bug 5067; bugfix on 0.2.0.10-alpha.
+    - Don't put "TOR_PT_EXTENDED_SERVER_PORT=127.0.0.1:4200" in a
+      managed pluggable transport server proxy's environment.
+      Previously, we would put it there, even though Tor doesn't
+      implement an 'extended server port' yet, and even though Tor
+      almost certainly isn't listening at that address. For now, we set
+      it to an empty string to avoid crashing older obfsproxies. Bugfix
+      on 0.2.3.6-alpha.
+    - Log the heartbeat message every HeartbeatPeriod seconds, not every
+      HeartbeatPeriod + 1 seconds. Fixes bug 4942; bugfix on
+      0.2.3.1-alpha. Bug reported by Scott Bennett.
+    - Calculate absolute paths correctly on Windows. Fixes bug 4973;
+      bugfix on 0.2.3.11-alpha.
+    - Update "ClientOnly" man page entry to explain that there isn't
+      really any point to messing with it. Resolves ticket 5005.
+    - Use the correct CVE number for CVE-2011-4576 in our comments and
+      log messages. Found by "fermenthor". Resolves bug 5066; bugfix on
+      0.2.3.11-alpha.
+
+  o Code simplifications and refactoring:
+    - Use the _WIN32 macro throughout our code to detect Windows.
+      (Previously we had used the obsolete 'WIN32' and the idiosyncratic
+      'MS_WINDOWS'.)
+
+
+Changes in version 0.2.3.11-alpha - 2012-01-22
+  Tor 0.2.3.11-alpha marks feature-freeze for the 0.2.3 tree. It deploys
+  the last step of the plan to limit maximum circuit length, includes
+  a wide variety of hidden service performance and correctness fixes,
+  works around an OpenSSL security flaw if your distro is too stubborn
+  to upgrade, and fixes a bunch of smaller issues.
+
+  o Major features:
+    - Now that Tor 0.2.0.x is completely deprecated, enable the final
+      part of "Proposal 110: Avoiding infinite length circuits" by
+      refusing all circuit-extend requests that do not use a relay_early
+      cell. This change helps Tor resist a class of denial-of-service
+      attacks by limiting the maximum circuit length.
+    - Adjust the number of introduction points that a hidden service
+      will try to maintain based on how long its introduction points
+      remain in use and how many introductions they handle. Fixes
+      part of bug 3825.
+    - Try to use system facilities for enumerating local interface
+      addresses, before falling back to our old approach (which was
+      binding a UDP socket, and calling getsockname() on it). That
+      approach was scaring OS X users whose draconian firewall
+      software warned about binding to UDP sockets, regardless of
+      whether packets were sent. Now we try to use getifaddrs(),
+      SIOCGIFCONF, or GetAdaptersAddresses(), depending on what the
+      system supports. Resolves ticket 1827.
+
+  o Major security workaround:
+    - When building or running with any version of OpenSSL earlier
+      than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
+      versions have a bug (CVE-2011-4576) in which their block cipher
+      padding includes uninitialized data, potentially leaking sensitive
+      information to any peer with whom they make a SSLv3 connection. Tor
+      does not use SSL v3 by default, but a hostile client or server
+      could force an SSLv3 connection in order to gain information that
+      they shouldn't have been able to get. The best solution here is to
+      upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
+      or running with a non-upgraded OpenSSL, we disable SSLv3 entirely
+      to make sure that the bug can't happen.
+
+  o Major bugfixes:
+    - Fix the SOCKET_OK test that we use to tell when socket
+      creation fails so that it works on Win64. Fixes part of bug 4533;
+      bugfix on 0.2.2.29-beta. Bug found by wanoskarnet.
+    - Correct our replacements for the timeradd() and timersub() functions
+      on platforms that lack them (for example, Windows). The timersub()
+      function is used when expiring circuits, while timeradd() is
+      currently unused. Bug report and patch by Vektor. Fixes bug 4778;
+      bugfix on 0.2.2.24-alpha and 0.2.3.1-alpha.
+    - Do not use OpenSSL 1.0.0's counter mode: it has a critical bug
+      that was fixed in OpenSSL 1.0.0a. We test for the counter mode
+      bug at runtime, not compile time, because some distributions hack
+      their OpenSSL to mis-report its version. Fixes bug 4779; bugfix
+      on 0.2.3.9-alpha. Found by Pascal.
+
+  o Minor features (controller):
+    - Use absolute path names when reporting the torrc filename in the
+      control protocol, so a controller can more easily find the torrc
+      file. Resolves bug 1101.
+    - Extend the control protocol to report flags that control a circuit's
+      path selection in CIRC events and in replies to 'GETINFO
+      circuit-status'. Implements part of ticket 2411.
+    - Extend the control protocol to report the hidden service address
+      and current state of a hidden-service-related circuit in CIRC
+      events and in replies to 'GETINFO circuit-status'. Implements part
+      of ticket 2411.
+    - When reporting the path to the cookie file to the controller,
+      give an absolute path. Resolves ticket 4881.
+    - Allow controllers to request an event notification whenever a
+      circuit is cannibalized or its purpose is changed. Implements
+      part of ticket 3457.
+    - Include the creation time of a circuit in CIRC and CIRC2
+      control-port events and the list produced by the 'GETINFO
+      circuit-status' control-port command.
+
+  o Minor features (directory authorities):
+    - Directory authorities now reject versions of Tor older than
+      0.2.1.30, and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
+      inclusive. These versions accounted for only a small fraction of
+      the Tor network, and have numerous known security issues. Resolves
+      issue 4788.
+    - Authority operators can now vote for all relays in a given
+      set of countries to be BadDir/BadExit/Invalid/Rejected.
+    - Provide two consensus parameters (FastFlagMinThreshold and
+      FastFlagMaxThreshold) to control the range of allowable bandwidths
+      for the Fast directory flag. These allow authorities to run
+      experiments on appropriate requirements for being a "Fast" node.
+      The AuthDirFastGuarantee config value still applies. Implements
+      ticket 3946.
+    - Document the GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays
+      directory authority option (introduced in Tor 0.2.2.34).
+
+  o Minor features (other):
+    - Don't disable the DirPort when we cannot exceed our AccountingMax
+      limit during this interval because the effective bandwidthrate is
+      low enough. This is useful in a situation where AccountMax is only
+      used as an additional safeguard or to provide statistics.
+    - Prepend an informative header to generated dynamic_dh_params files.
+    - If EntryNodes are given, but UseEntryGuards is set to 0, warn that
+      EntryNodes will have no effect. Resolves issue 2571.
+    - Log more useful messages when we fail to disable debugger
+      attachment.
+    - Log which authority we're missing votes from when we go to fetch
+      them from the other auths.
+    - Log (at debug level) whenever a circuit's purpose is changed.
+    - Add missing documentation for the MaxClientCircuitsPending,
+      UseMicrodescriptors, UserspaceIOCPBuffers, and
+      _UseFilteringSSLBufferevents options, all introduced during
+      the 0.2.3.x series.
+    - Update to the January 3 2012 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (hidden services):
+    - Don't close hidden service client circuits which have almost
+      finished connecting to their destination when they reach
+      the normal circuit-build timeout. Previously, we would close
+      introduction circuits which are waiting for an acknowledgement
+      from the introduction point, and rendezvous circuits which have
+      been specified in an INTRODUCE1 cell sent to a hidden service,
+      after the normal CBT. Now, we mark them as 'timed out', and launch
+      another rendezvous attempt in parallel. This behavior change can
+      be disabled using the new CloseHSClientCircuitsImmediatelyOnTimeout
+      option. Fixes part of bug 1297; bugfix on 0.2.2.2-alpha.
+    - Don't close hidden-service-side rendezvous circuits when they
+      reach the normal circuit-build timeout. This behavior change can
+      be disabled using the new
+      CloseHSServiceRendCircuitsImmediatelyOnTimeout option. Fixes the
+      remaining part of bug 1297; bugfix on 0.2.2.2-alpha.
+    - Make sure we never mark the wrong rendezvous circuit as having
+      had its introduction cell acknowledged by the introduction-point
+      relay. Previously, when we received an INTRODUCE_ACK cell on a
+      client-side hidden-service introduction circuit, we might have
+      marked a rendezvous circuit other than the one we specified in
+      the INTRODUCE1 cell as INTRO_ACKED, which would have produced
+      a warning message and interfered with the hidden service
+      connection-establishment process. Fixes bug 4759; bugfix on
+      0.2.3.3-alpha, when we added the stream-isolation feature which
+      might cause Tor to open multiple rendezvous circuits for the same
+      hidden service.
+    - Don't trigger an assertion failure when we mark a new client-side
+      hidden-service introduction circuit for close during the process
+      of creating it. Fixes bug 4796; bugfix on 0.2.3.6-alpha. Reported
+      by murb.
+
+  o Minor bugfixes (log messages):
+    - Correctly spell "connect" in a log message on failure to create a
+      controlsocket. Fixes bug 4803; bugfix on 0.2.2.26-beta and
+      0.2.3.2-alpha.
+    - Fix a typo in a log message in rend_service_rendezvous_has_opened().
+      Fixes bug 4856; bugfix on Tor 0.0.6.
+    - Fix the log message describing how we work around discovering
+      that our version is the ill-fated OpenSSL 0.9.8l. Fixes bug
+      4837; bugfix on 0.2.2.9-alpha.
+    - When logging about a disallowed .exit name, do not also call it
+      an "invalid onion address". Fixes bug 3325; bugfix on 0.2.2.9-alpha.
+
+  o Minor bugfixes (build fixes):
+    - During configure, detect when we're building with clang version
+      3.0 or lower and disable the -Wnormalized=id and -Woverride-init
+      CFLAGS. clang doesn't support them yet.
+    - During configure, search for library containing cos function as
+      libm lives in libcore on some platforms (BeOS/Haiku). Linking
+      against libm was hard-coded before. Fixes the first part of bug
+      4727; bugfix on 0.2.2.2-alpha. Patch and analysis by Martin Hebnes
+      Pedersen.
+    - Detect attempts to build Tor on (as yet hypothetical) versions
+      of Windows where sizeof(intptr_t) != sizeof(SOCKET). Partial
+      fix for bug 4533. Bugfix on 0.2.2.28-beta.
+    - Preprocessor directives should not be put inside the arguments
+      of a macro. This would break compilation with GCC releases prior
+      to version 3.3. We would never recommend such an old GCC version,
+      but it is apparently required for binary compatibility on some
+      platforms (namely, certain builds of Haiku). Fixes the other part
+      of bug 4727; bugfix on 0.2.3.3-alpha. Patch and analysis by Martin
+      Hebnes Pedersen.
+
+  o Minor bugfixes (other):
+    - Older Linux kernels erroneously respond to strange nmap behavior
+      by having accept() return successfully with a zero-length
+      socket. When this happens, just close the connection. Previously,
+      we would try harder to learn the remote address: but there was
+      no such remote address to learn, and our method for trying to
+      learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
+      on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
+    - Fix null-pointer access that could occur if TLS allocation failed.
+      Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un". This was
+      erroneously listed as fixed in 0.2.3.9-alpha, but the fix had
+      accidentally been reverted.
+    - Fix our implementation of crypto_random_hostname() so it can't
+      overflow on ridiculously large inputs. (No Tor version has ever
+      provided this kind of bad inputs, but let's be correct in depth.)
+      Fixes bug 4413; bugfix on 0.2.2.9-alpha. Fix by Stephen Palmateer.
+    - Find more places in the code that should have been testing for
+      invalid sockets using the SOCKET_OK macro. Required for a fix
+      for bug 4533. Bugfix on 0.2.2.28-beta.
+    - Fix an assertion failure when, while running with bufferevents, a
+      connection finishes connecting after it is marked for close, but
+      before it is closed. Fixes bug 4697; bugfix on 0.2.3.1-alpha.
+    - test_util_spawn_background_ok() hardcoded the expected value
+      for ENOENT to 2. This isn't portable as error numbers are
+      platform specific, and particularly the hurd has ENOENT at
+      0x40000002. Construct expected string at runtime, using the correct
+      value for ENOENT. Fixes bug 4733; bugfix on 0.2.3.1-alpha.
+    - Reject attempts to disable DisableDebuggerAttachment while Tor is
+      running. Fixes bug 4650; bugfix on 0.2.3.9-alpha.
+    - Use an appropriate-width type for sockets in tor-fw-helper on
+      win64. Fixes bug 1983 at last. Bugfix on 0.2.3.9-alpha.
+
+  o Feature removal:
+    - When sending or relaying a RELAY_EARLY cell, we used to convert
+      it to a RELAY cell if the connection was using the v1 link
+      protocol. This was a workaround for older versions of Tor, which
+      didn't handle RELAY_EARLY cells properly. Now that all supported
+      versions can handle RELAY_EARLY cells, and now that we're enforcing
+      the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
+      remove this workaround. Addresses bug 4786.
+
+  o Code simplifications and refactoring:
+    - Use OpenSSL's built-in SSL_state_string_long() instead of our
+      own homebrewed ssl_state_to_string() replacement. Patch from
+      Emile Snyder. Fixes bug 4653.
+    - Use macros to indicate OpenSSL versions, so we don't need to worry
+      about accidental hexadecimal bit shifts.
+    - Remove some workaround code for OpenSSL 0.9.6 (which is no longer
+      supported).
+    - Convert more instances of tor_snprintf+tor_strdup into tor_asprintf.
+    - Use the smartlist_add_asprintf() alias more consistently.
+    - Use a TOR_INVALID_SOCKET macro when initializing a socket to an
+      invalid value, rather than just -1.
+    - Rename a handful of old identifiers, mostly related to crypto
+      structures and crypto functions. By convention, our "create an
+      object" functions are called "type_new()", our "free an object"
+      functions are called "type_free()", and our types indicate that
+      they are types only with a final "_t". But a handful of older
+      types and functions broke these rules, with function names like
+      "type_create" or "subsystem_op_type", or with type names like
+      type_env_t.
+
+
+Changes in version 0.2.3.10-alpha - 2011-12-16
+  Tor 0.2.3.10-alpha fixes a critical heap-overflow security issue in
+  Tor's buffers code. Absolutely everybody should upgrade.
+
+  The bug relied on an incorrect calculation when making data continuous
+  in one of our IO buffers, if the first chunk of the buffer was
+  misaligned by just the wrong amount. The miscalculation would allow an
+  attacker to overflow a piece of heap-allocated memory. To mount this
+  attack, the attacker would need to either open a SOCKS connection to
+  Tor's SocksPort (usually restricted to localhost), or target a Tor
+  instance configured to make its connections through a SOCKS proxy
+  (which Tor does not do by default).
+
+  Good security practice requires that all heap-overflow bugs should be
+  presumed to be exploitable until proven otherwise, so we are treating
+  this as a potential code execution attack. Please upgrade immediately!
+  This bug does not affect bufferevents-based builds of Tor. Special
+  thanks to "Vektor" for reporting this issue to us!
+
+  This release also contains a few minor bugfixes for issues discovered
+  in 0.2.3.9-alpha.
+
+  o Major bugfixes:
+    - Fix a heap overflow bug that could occur when trying to pull
+      data into the first chunk of a buffer, when that chunk had
+      already had some data drained from it. Fixes CVE-2011-2778;
+      bugfix on 0.2.0.16-alpha. Reported by "Vektor".
+
+  o Minor bugfixes:
+    - If we can't attach streams to a rendezvous circuit when we
+      finish connecting to a hidden service, clear the rendezvous
+      circuit's stream-isolation state and try to attach streams
+      again. Previously, we cleared rendezvous circuits' isolation
+      state either too early (if they were freshly built) or not at all
+      (if they had been built earlier and were cannibalized). Bugfix on
+      0.2.3.3-alpha; fixes bug 4655.
+    - Fix compilation of the libnatpmp helper on non-Windows. Bugfix on
+      0.2.3.9-alpha; fixes bug 4691. Reported by Anthony G. Basile.
+    - Fix an assertion failure when a relay with accounting enabled
+      starts up while dormant. Fixes bug 4702; bugfix on 0.2.3.9-alpha.
+
+  o Minor features:
+    - Update to the December 6 2011 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.2.35 - 2011-12-16
+  Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
+  buffers code. Absolutely everybody should upgrade.
+
+  The bug relied on an incorrect calculation when making data continuous
+  in one of our IO buffers, if the first chunk of the buffer was
+  misaligned by just the wrong amount. The miscalculation would allow an
+  attacker to overflow a piece of heap-allocated memory. To mount this
+  attack, the attacker would need to either open a SOCKS connection to
+  Tor's SocksPort (usually restricted to localhost), or target a Tor
+  instance configured to make its connections through a SOCKS proxy
+  (which Tor does not do by default).
+
+  Good security practice requires that all heap-overflow bugs should be
+  presumed to be exploitable until proven otherwise, so we are treating
+  this as a potential code execution attack. Please upgrade immediately!
+  This bug does not affect bufferevents-based builds of Tor. Special
+  thanks to "Vektor" for reporting this issue to us!
+
+  Tor 0.2.2.35 also fixes several bugs in previous versions, including
+  crash bugs for unusual configurations, and a long-term bug that
+  would prevent Tor from starting on Windows machines with draconian
+  AV software.
+
+  With this release, we remind everyone that 0.2.0.x has reached its
+  formal end-of-life. Those Tor versions have many known flaws, and
+  nobody should be using them. You should upgrade -- ideally to the
+  0.2.2.x series. If you're using a Linux or BSD and its packages are
+  obsolete, stop using those packages and upgrade anyway.
+
+  The Tor 0.2.1.x series is also approaching its end-of-life: it will no
+  longer receive support after some time in early 2012.
+
+  o Major bugfixes:
+    - Fix a heap overflow bug that could occur when trying to pull
+      data into the first chunk of a buffer, when that chunk had
+      already had some data drained from it. Fixes CVE-2011-2778;
+      bugfix on 0.2.0.16-alpha. Reported by "Vektor".
+    - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
+      that it doesn't attempt to allocate a socketpair. This could cause
+      some problems on Windows systems with overzealous firewalls. Fix for
+      bug 4457; workaround for Libevent versions 2.0.1-alpha through
+      2.0.15-stable.
+    - If we mark an OR connection for close based on a cell we process,
+      don't process any further cells on it. We already avoid further
+      reads on marked-for-close connections, but now we also discard the
+      cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha,
+      which was the first version where we might mark a connection for
+      close based on processing a cell on it.
+    - Correctly sanity-check that we don't underflow on a memory
+      allocation (and then assert) for hidden service introduction
+      point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
+      bugfix on 0.2.1.5-alpha.
+    - Fix a memory leak when we check whether a hidden service
+      descriptor has any usable introduction points left. Fixes bug
+      4424. Bugfix on 0.2.2.25-alpha.
+    - Don't crash when we're running as a relay and don't have a GeoIP
+      file. Bugfix on 0.2.2.34; fixes bug 4340. This backports a fix
+      we've had in the 0.2.3.x branch already.
+    - When running as a client, do not print a misleading (and plain
+      wrong) log message that we're collecting "directory request"
+      statistics: clients don't collect statistics. Also don't create a
+      useless (because empty) stats file in the stats/ directory. Fixes
+      bug 4353; bugfix on 0.2.2.34.
+
+  o Minor bugfixes:
+    - Detect failure to initialize Libevent. This fix provides better
+      detection for future instances of bug 4457.
+    - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
+      function. This was eating up hideously large amounts of time on some
+      busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
+    - Resolve an integer overflow bug in smartlist_ensure_capacity().
+      Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
+      Mansour Moufid.
+    - Don't warn about unused log_mutex in log.c when building with
+      --disable-threads using a recent GCC. Fixes bug 4437; bugfix on
+      0.1.0.6-rc which introduced --disable-threads.
+    - When configuring, starting, or stopping an NT service, stop
+      immediately after the service configuration attempt has succeeded
+      or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
+    - When sending a NETINFO cell, include the original address
+      received for the other side, not its canonical address. Found
+      by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
+    - Fix a typo in a hibernation-related log message. Fixes bug 4331;
+      bugfix on 0.2.2.23-alpha; found by "tmpname0901".
+    - Fix a memory leak in launch_direct_bridge_descriptor_fetch() that
+      occurred when a client tried to fetch a descriptor for a bridge
+      in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.
+    - Backport fixes for a pair of compilation warnings on Windows.
+      Fixes bug 4521; bugfix on 0.2.2.28-beta and on 0.2.2.29-beta.
+    - If we had ever tried to call tor_addr_to_str on an address of
+      unknown type, we would have done a strdup on an uninitialized
+      buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
+      Reported by "troll_un".
+    - Correctly detect and handle transient lookup failures from
+      tor_addr_lookup. Fixes bug 4530; bugfix on 0.2.1.5-alpha.
+      Reported by "troll_un".
+    - Fix null-pointer access that could occur if TLS allocation failed.
+      Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
+    - Use tor_socket_t type for listener argument to accept(). Fixes bug
+      4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
+
+  o Minor features:
+    - Add two new config options for directory authorities:
+      AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
+      Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
+      that is always sufficient to satisfy the bandwidth requirement for
+      the Guard flag. Now it will be easier for researchers to simulate
+      Tor networks with different values. Resolves ticket 4484.
+    - When Tor ignores a hidden service specified in its configuration,
+      include the hidden service's directory in the warning message.
+      Previously, we would only tell the user that some hidden service
+      was ignored. Bugfix on 0.0.6; fixes bug 4426.
+    - Update to the December 6 2011 Maxmind GeoLite Country database.
+
+  o Packaging changes:
+    - Make it easier to automate expert package builds on Windows,
+      by removing an absolute path from makensis.exe command.
+
+
+Changes in version 0.2.1.32 - 2011-12-16
+  Tor 0.2.1.32 backports important security and privacy fixes for
+  oldstable. This release is intended only for package maintainers and
+  others who cannot use the 0.2.2 stable series. All others should be
+  using Tor 0.2.2.x or newer.
+
+  The Tor 0.2.1.x series will reach formal end-of-life some time in
+  early 2012; we will stop releasing patches for it then.
+
+  o Major bugfixes (also included in 0.2.2.x):
+    - Correctly sanity-check that we don't underflow on a memory
+      allocation (and then assert) for hidden service introduction
+      point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
+      bugfix on 0.2.1.5-alpha.
+    - Fix a heap overflow bug that could occur when trying to pull
+      data into the first chunk of a buffer, when that chunk had
+      already had some data drained from it. Fixes CVE-2011-2778;
+      bugfix on 0.2.0.16-alpha. Reported by "Vektor".
+
+  o Minor features:
+    - Update to the December 6 2011 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.3.9-alpha - 2011-12-08
+  Tor 0.2.3.9-alpha introduces initial IPv6 support for bridges, adds
+  a "DisableNetwork" security feature that bundles can use to avoid
+  touching the network until bridges are configured, moves forward on
+  the pluggable transport design, fixes a flaw in the hidden service
+  design that unnecessarily prevented clients with wrong clocks from
+  reaching hidden services, and fixes a wide variety of other issues.
+
+  o Major features:
+    - Clients can now connect to private bridges over IPv6. Bridges
+      still need at least one IPv4 address in order to connect to
+      other relays. Note that we don't yet handle the case where the
+      user has two bridge lines for the same bridge (one IPv4, one
+      IPv6). Implements parts of proposal 186.
+    - New "DisableNetwork" config option to prevent Tor from launching any
+      connections or accepting any connections except on a control port.
+      Bundles and controllers can set this option before letting Tor talk
+      to the rest of the network, for example to prevent any connections
+      to a non-bridge address. Packages like Orbot can also use this
+      option to instruct Tor to save power when the network is off.
+    - Clients and bridges can now be configured to use a separate
+      "transport" proxy. This approach makes the censorship arms race
+      easier by allowing bridges to use protocol obfuscation plugins. It
+      implements the "managed proxy" part of proposal 180 (ticket 3472).
+    - When using OpenSSL 1.0.0 or later, use OpenSSL's counter mode
+      implementation. It makes AES_CTR about 7% faster than our old one
+      (which was about 10% faster than the one OpenSSL used to provide).
+      Resolves ticket 4526.
+    - Add a "tor2web mode" for clients that want to connect to hidden
+      services non-anonymously (and possibly more quickly). As a safety
+      measure to try to keep users from turning this on without knowing
+      what they are doing, tor2web mode must be explicitly enabled at
+      compile time, and a copy of Tor compiled to run in tor2web mode
+      cannot be used as a normal Tor client. Implements feature 2553.
+    - Add experimental support for running on Windows with IOCP and no
+      kernel-space socket buffers. This feature is controlled by a new
+      "UserspaceIOCPBuffers" config option (off by default), which has
+      no effect unless Tor has been built with support for bufferevents,
+      is running on Windows, and has enabled IOCP. This may, in the long
+      run, help solve or mitigate bug 98.
+    - Use a more secure consensus parameter voting algorithm. Now at
+      least three directory authorities or a majority of them must
+      vote on a given parameter before it will be included in the
+      consensus. Implements proposal 178.
+
+  o Major bugfixes:
+    - Hidden services now ignore the timestamps on INTRODUCE2 cells.
+      They used to check that the timestamp was within 30 minutes
+      of their system clock, so they could cap the size of their
+      replay-detection cache, but that approach unnecessarily refused
+      service to clients with wrong clocks. Bugfix on 0.2.1.6-alpha, when
+      the v3 intro-point protocol (the first one which sent a timestamp
+      field in the INTRODUCE2 cell) was introduced; fixes bug 3460.
+    - Only use the EVP interface when AES acceleration is enabled,
+      to avoid a 5-7% performance regression. Resolves issue 4525;
+      bugfix on 0.2.3.8-alpha.
+
+  o Privacy/anonymity features (bridge detection):
+    - Make bridge SSL certificates a bit more stealthy by using random
+      serial numbers, in the same fashion as OpenSSL when generating
+      self-signed certificates. Implements ticket 4584.
+    - Introduce a new config option "DynamicDHGroups", enabled by
+      default, which provides each bridge with a unique prime DH modulus
+      to be used during SSL handshakes. This option attempts to help
+      against censors who might use the Apache DH modulus as a static
+      identifier for bridges. Addresses ticket 4548.
+
+  o Minor features (new/different config options):
+    - New configuration option "DisableDebuggerAttachment" (on by default)
+      to prevent basic debugging attachment attempts by other processes.
+      Supports Mac OS X and Gnu/Linux. Resolves ticket 3313.
+    - Allow MapAddress directives to specify matches against super-domains,
+      as in "MapAddress *.torproject.org *.torproject.org.torserver.exit".
+      Implements issue 933.
+    - Slightly change behavior of "list" options (that is, config
+      options that can appear more than once) when they appear both in
+      torrc and on the command line. Previously, the command-line options
+      would be appended to the ones from torrc. Now, the command-line
+      options override the torrc options entirely. This new behavior
+      allows the user to override list options (like exit policies and
+      ports to listen on) from the command line, rather than simply
+      appending to the list.
+    - You can get the old (appending) command-line behavior for "list"
+      options by prefixing the option name with a "+".
+    - You can remove all the values for a "list" option from the command
+      line without adding any new ones by prefixing the option name
+      with a "/".
+    - Add experimental support for a "defaults" torrc file to be parsed
+      before the regular torrc. Torrc options override the defaults file's
+      options in the same way that the command line overrides the torrc.
+      The SAVECONF controller command saves only those options which
+      differ between the current configuration and the defaults file. HUP
+      reloads both files. (Note: This is an experimental feature; its
+      behavior will probably be refined in future 0.2.3.x-alpha versions
+      to better meet packagers' needs.) Implements task 4552.
+
+  o Minor features:
+    - Try to make the introductory warning message that Tor prints on
+      startup more useful for actually finding help and information.
+      Resolves ticket 2474.
+    - Running "make version" now displays the version of Tor that
+      we're about to build. Idea from katmagic; resolves issue 4400.
+    - Expire old or over-used hidden service introduction points.
+      Required by fix for bug 3460.
+    - Move the replay-detection cache for the RSA-encrypted parts of
+      INTRODUCE2 cells to the introduction point data structures.
+      Previously, we would use one replay-detection cache per hidden
+      service. Required by fix for bug 3460.
+    - Reduce the lifetime of elements of hidden services' Diffie-Hellman
+      public key replay-detection cache from 60 minutes to 5 minutes. This
+      replay-detection cache is now used only to detect multiple
+      INTRODUCE2 cells specifying the same rendezvous point, so we can
+      avoid launching multiple simultaneous attempts to connect to it.
+
+  o Minor bugfixes (on Tor 0.2.2.x and earlier):
+    - Resolve an integer overflow bug in smartlist_ensure_capacity().
+      Fixes bug 4230; bugfix on Tor 0.1.0.1-rc. Based on a patch by
+      Mansour Moufid.
+    - Fix a minor formatting issue in one of tor-gencert's error messages.
+      Fixes bug 4574.
+    - Prevent a false positive from the check-spaces script, by disabling
+      the "whitespace between function name and (" check for functions
+      named 'op()'.
+    - Fix a log message suggesting that people contact a non-existent
+      email address. Fixes bug 3448.
+    - Fix null-pointer access that could occur if TLS allocation failed.
+      Fixes bug 4531; bugfix on 0.2.0.20-rc. Found by "troll_un".
+    - Report a real bootstrap problem to the controller on router
+      identity mismatch. Previously we just said "foo", which probably
+      made a lot of sense at the time. Fixes bug 4169; bugfix on
+      0.2.1.1-alpha.
+    - If we had ever tried to call tor_addr_to_str() on an address of
+      unknown type, we would have done a strdup() on an uninitialized
+      buffer. Now we won't. Fixes bug 4529; bugfix on 0.2.1.3-alpha.
+      Reported by "troll_un".
+    - Correctly detect and handle transient lookup failures from
+      tor_addr_lookup(). Fixes bug 4530; bugfix on 0.2.1.5-alpha.
+      Reported by "troll_un".
+    - Use tor_socket_t type for listener argument to accept(). Fixes bug
+      4535; bugfix on 0.2.2.28-beta. Found by "troll_un".
+    - Initialize conn->addr to a valid state in spawn_cpuworker(). Fixes
+      bug 4532; found by "troll_un".
+
+  o Minor bugfixes (on Tor 0.2.3.x):
+    - Fix a compile warning in tor_inet_pton(). Bugfix on 0.2.3.8-alpha;
+      fixes bug 4554.
+    - Don't send two ESTABLISH_RENDEZVOUS cells when opening a new
+      circuit for use as a hidden service client's rendezvous point.
+      Fixes bugs 4641 and 4171; bugfix on 0.2.3.3-alpha. Diagnosed
+      with help from wanoskarnet.
+    - Restore behavior of overriding SocksPort, ORPort, and similar
+      options from the command line. Bugfix on 0.2.3.3-alpha.
+
+  o Build fixes:
+    - Properly handle the case where the build-tree is not the same
+      as the source tree when generating src/common/common_sha1.i,
+      src/or/micro-revision.i, and src/or/or_sha1.i. Fixes bug 3953;
+      bugfix on 0.2.0.1-alpha.
+
+  o Code simplifications, cleanups, and refactorings:
+    - Remove the pure attribute from all functions that used it
+      previously. In many cases we assigned it incorrectly, because the
+      functions might assert or call impure functions, and we don't have
+      evidence that keeping the pure attribute is worthwhile. Implements
+      changes suggested in ticket 4421.
+    - Remove some dead code spotted by coverity. Fixes cid 432.
+      Bugfix on 0.2.3.1-alpha, closes bug 4637.
+
+
+Changes in version 0.2.3.8-alpha - 2011-11-22
+  Tor 0.2.3.8-alpha fixes some crash and assert bugs, including a
+  socketpair-related bug that has been bothering Windows users. It adds
+  support to serve microdescriptors to controllers, so Vidalia's network
+  map can resume listing relays (once Vidalia implements its side),
+  and adds better support for hardware AES acceleration. Finally, it
+  starts the process of adjusting the bandwidth cutoff for getting the
+  "Fast" flag from 20KB to (currently) 32KB -- preliminary results show
+  that tiny relays harm performance more than they help network capacity.
+
+  o Major bugfixes:
+    - Initialize Libevent with the EVENT_BASE_FLAG_NOLOCK flag enabled, so
+      that it doesn't attempt to allocate a socketpair. This could cause
+      some problems on Windows systems with overzealous firewalls. Fix for
+      bug 4457; workaround for Libevent versions 2.0.1-alpha through
+      2.0.15-stable.
+    - Correctly sanity-check that we don't underflow on a memory
+      allocation (and then assert) for hidden service introduction
+      point decryption. Bug discovered by Dan Rosenberg. Fixes bug 4410;
+      bugfix on 0.2.1.5-alpha.
+    - Remove the artificially low cutoff of 20KB to guarantee the Fast
+      flag. In the past few years the average relay speed has picked
+      up, and while the "top 7/8 of the network get the Fast flag" and
+      "all relays with 20KB or more of capacity get the Fast flag" rules
+      used to have the same result, now the top 7/8 of the network has
+      a capacity more like 32KB. Bugfix on 0.2.1.14-rc. Fixes bug 4489.
+    - Fix a rare assertion failure when checking whether a v0 hidden
+      service descriptor has any usable introduction points left, and
+      we don't have enough information to build a circuit to the first
+      intro point named in the descriptor. The HS client code in
+      0.2.3.x no longer uses v0 HS descriptors, but this assertion can
+      trigger on (and crash) v0 HS authorities. Fixes bug 4411.
+      Bugfix on 0.2.3.1-alpha; diagnosed by frosty_un.
+    - Make bridge authorities not crash when they are asked for their own
+      descriptor. Bugfix on 0.2.3.7-alpha, reported by Lucky Green.
+    - When running as a client, do not print a misleading (and plain
+      wrong) log message that we're collecting "directory request"
+      statistics: clients don't collect statistics. Also don't create a
+      useless (because empty) stats file in the stats/ directory. Fixes
+      bug 4353; bugfix on 0.2.2.34 and 0.2.3.7-alpha.
+
+  o Major features:
+    - Allow Tor controllers like Vidalia to obtain the microdescriptor
+      for a relay by identity digest or nickname. Previously,
+      microdescriptors were only available by their own digests, so a
+      controller would have to ask for and parse the whole microdescriptor
+      consensus in order to look up a single relay's microdesc. Fixes
+      bug 3832; bugfix on 0.2.3.1-alpha.
+    - Use OpenSSL's EVP interface for AES encryption, so that all AES
+      operations can use hardware acceleration (if present). Resolves
+      ticket 4442.
+
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - Detect failure to initialize Libevent. This fix provides better
+      detection for future instances of bug 4457.
+    - Avoid frequent calls to the fairly expensive cull_wedged_cpuworkers
+      function. This was eating up hideously large amounts of time on some
+      busy servers. Fixes bug 4518; bugfix on 0.0.9.8.
+    - Don't warn about unused log_mutex in log.c when building with
+      --disable-threads using a recent GCC. Fixes bug 4437; bugfix on
+      0.1.0.6-rc which introduced --disable-threads.
+    - Allow manual 'authenticate' commands to the controller interface
+      from netcat (nc) as well as telnet. We were rejecting them because
+      they didn't come with the expected whitespace at the end of the
+      command. Bugfix on 0.1.1.1-alpha; fixes bug 2893.
+    - Fix some (not actually triggerable) buffer size checks in usage of
+      tor_inet_ntop. Fixes bug 4434; bugfix on Tor 0.2.0.1-alpha. Patch
+      by Anders Sundman.
+    - Fix parsing of some corner-cases with tor_inet_pton(). Fixes
+      bug 4515; bugfix on 0.2.0.1-alpha; fix by Anders Sundman.
+    - When configuring, starting, or stopping an NT service, stop
+      immediately after the service configuration attempt has succeeded
+      or failed. Fixes bug 3963; bugfix on 0.2.0.7-alpha.
+    - When sending a NETINFO cell, include the original address
+      received for the other side, not its canonical address. Found
+      by "troll_un"; fixes bug 4349; bugfix on 0.2.0.10-alpha.
+    - Rename the bench_{aes,dmap} functions to test_*, so that tinytest
+      can pick them up when the tests aren't disabled. Bugfix on
+      0.2.2.4-alpha which introduced tinytest.
+    - Fix a memory leak when we check whether a hidden service
+      descriptor has any usable introduction points left. Fixes bug
+      4424. Bugfix on 0.2.2.25-alpha.
+    - Fix a memory leak in launch_direct_bridge_descriptor_fetch() that
+      occurred when a client tried to fetch a descriptor for a bridge
+      in ExcludeNodes. Fixes bug 4383; bugfix on 0.2.2.25-alpha.
+
+  o Minor bugfixes (on 0.2.3.x):
+    - Make util unit tests build correctly with MSVC. Bugfix on
+      0.2.3.3-alpha. Patch by Gisle Vanem.
+    - Successfully detect AUTH_CHALLENGE cells with no recognized
+      authentication type listed. Fixes bug 4367; bugfix on 0.2.3.6-alpha.
+      Found by frosty_un.
+    - If a relay receives an AUTH_CHALLENGE cell it can't answer,
+      it should still send a NETINFO cell to allow the connection to
+      become open. Fixes bug 4368; fix on 0.2.3.6-alpha; bug found by
+      "frosty".
+    - Log less loudly when we get an invalid authentication certificate
+      from a source other than a directory authority: it's not unusual
+      to see invalid certs because of clock skew. Fixes bug 4370; bugfix
+      on 0.2.3.6-alpha.
+    - Tolerate servers with more clock skew in their authentication
+      certificates than previously. Fixes bug 4371; bugfix on
+      0.2.3.6-alpha.
+    - Fix a couple of compile warnings on Windows. Fixes bug 4469; bugfix
+      on 0.2.3.4-alpha and 0.2.3.6-alpha.
+
+  o Minor features:
+    - Add two new config options for directory authorities:
+      AuthDirFastGuarantee sets a bandwidth threshold for guaranteeing the
+      Fast flag, and AuthDirGuardBWGuarantee sets a bandwidth threshold
+      that is always sufficient to satisfy the bandwidth requirement for
+      the Guard flag. Now it will be easier for researchers to simulate
+      Tor networks with different values. Resolves ticket 4484.
+    - When Tor ignores a hidden service specified in its configuration,
+      include the hidden service's directory in the warning message.
+      Previously, we would only tell the user that some hidden service
+      was ignored. Bugfix on 0.0.6; fixes bug 4426.
+    - When we fail to initialize Libevent, retry with IOCP disabled so we
+      don't need to turn on multi-threading support in Libevent, which in
+      turn requires a working socketpair(). This is a workaround for bug
+      4457, which affects Libevent versions from 2.0.1-alpha through
+      2.0.15-stable.
+    - Detect when we try to build on a platform that doesn't define
+      AF_UNSPEC to 0. We don't work there, so refuse to compile.
+    - Update to the November 1 2011 Maxmind GeoLite Country database.
+
+  o Packaging changes:
+    - Make it easier to automate expert package builds on Windows,
+      by removing an absolute path from makensis.exe command.
+
+  o Code simplifications and refactoring:
+    - Remove some redundant #include directives throughout the code.
+      Patch from Andrea Gelmini.
+    - Unconditionally use OpenSSL's AES implementation instead of our
+      old built-in one. OpenSSL's AES has been better for a while, and
+      relatively few servers should still be on any version of OpenSSL
+      that doesn't have good optimized assembly AES.
+    - Use the name "CERTS" consistently to refer to the new cell type;
+      we were calling it CERT in some places and CERTS in others.
+
+  o Testing:
+    - Numerous new unit tests for functions in util.c and address.c by
+      Anders Sundman.
+    - The long-disabled benchmark tests are now split into their own
+      ./src/test/bench binary.
+    - The benchmark tests can now use more accurate timers than
+      gettimeofday() when such timers are available.
+
+
+Changes in version 0.2.3.7-alpha - 2011-10-30
+  Tor 0.2.3.7-alpha fixes a crash bug in 0.2.3.6-alpha introduced by
+  the new v3 handshake. It also resolves yet another bridge address
+  enumeration issue.
+
+  o Major bugfixes:
+    - If we mark an OR connection for close based on a cell we process,
+      don't process any further cells on it. We already avoid further
+      reads on marked-for-close connections, but now we also discard the
+      cells we'd already read. Fixes bug 4299; bugfix on 0.2.0.10-alpha,
+      which was the first version where we might mark a connection for
+      close based on processing a cell on it.
+    - Fix a double-free bug that would occur when we received an invalid
+      certificate in a CERT cell in the new v3 handshake. Fixes bug 4343;
+      bugfix on 0.2.3.6-alpha.
+    - Bridges no longer include their address in NETINFO cells on outgoing
+      OR connections, to allow them to blend in better with clients.
+      Removes another avenue for enumerating bridges. Reported by
+      "troll_un". Fixes bug 4348; bugfix on 0.2.0.10-alpha, when NETINFO
+      cells were introduced.
+
+  o Trivial fixes:
+    - Fixed a typo in a hibernation-related log message. Fixes bug 4331;
+      bugfix on 0.2.2.23-alpha; found by "tmpname0901".
+
+
+Changes in version 0.2.3.6-alpha - 2011-10-26
+  Tor 0.2.3.6-alpha includes the fix from 0.2.2.34 for a critical
+  anonymity vulnerability where an attacker can deanonymize Tor
+  users. Everybody should upgrade.
+
+  This release also features support for a new v3 connection handshake
+  protocol, and fixes to make hidden service connections more robust.
+
+  o Major features:
+    - Implement a new handshake protocol (v3) for authenticating Tors to
+      each other over TLS. It should be more resistant to fingerprinting
+      than previous protocols, and should require less TLS hacking for
+      future Tor implementations. Implements proposal 176.
+    - Allow variable-length padding cells to disguise the length of
+      Tor's TLS records. Implements part of proposal 184.
+
+  o Privacy/anonymity fixes (clients):
+    - Clients and bridges no longer send TLS certificate chains on
+      outgoing OR connections. Previously, each client or bridge would
+      use the same cert chain for all outgoing OR connections until
+      its IP address changes, which allowed any relay that the client
+      or bridge contacted to determine which entry guards it is using.
+      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
+    - If a relay receives a CREATE_FAST cell on a TLS connection, it
+      no longer considers that connection as suitable for satisfying a
+      circuit EXTEND request. Now relays can protect clients from the
+      CVE-2011-2768 issue even if the clients haven't upgraded yet.
+    - Directory authorities no longer assign the Guard flag to relays
+      that haven't upgraded to the above "refuse EXTEND requests
+      to client connections" fix. Now directory authorities can
+      protect clients from the CVE-2011-2768 issue even if neither
+      the clients nor the relays have upgraded yet. There's a new
+      "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
+      to let us transition smoothly, else tomorrow there would be no
+      guard relays.
+
+  o Major bugfixes (hidden services):
+    - Improve hidden service robustness: when an attempt to connect to
+      a hidden service ends, be willing to refetch its hidden service
+      descriptors from each of the HSDir relays responsible for them
+      immediately. Previously, we would not consider refetching the
+      service's descriptors from each HSDir for 15 minutes after the last
+      fetch, which was inconvenient if the hidden service was not running
+      during the first attempt. Bugfix on 0.2.0.18-alpha; fixes bug 3335.
+    - When one of a hidden service's introduction points appears to be
+      unreachable, stop trying it. Previously, we would keep trying
+      to build circuits to the introduction point until we lost the
+      descriptor, usually because the user gave up and restarted Tor.
+      Partly fixes bug 3825.
+    - Don't launch a useless circuit after failing to use one of a
+      hidden service's introduction points. Previously, we would
+      launch a new introduction circuit, but not set the hidden service
+      which that circuit was intended to connect to, so it would never
+      actually be used. A different piece of code would then create a
+      new introduction circuit correctly. Bug reported by katmagic and
+      found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
+
+  o Major bugfixes (other):
+    - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
+      that they initiated. Relays could distinguish incoming bridge
+      connections from client connections, creating another avenue for
+      enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
+      Found by "frosty_un".
+    - Don't update the AccountingSoftLimitHitAt state file entry whenever
+      tor gets started. This prevents a wrong average bandwidth
+      estimate, which would cause relays to always start a new accounting
+      interval at the earliest possible moment. Fixes bug 2003; bugfix
+      on 0.2.2.7-alpha. Reported by BryonEldridge, who also helped
+      immensely in tracking this bug down.
+    - Fix a crash bug when changing node restrictions while a DNS lookup
+      is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
+      by "Tey'".
+
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - When a hidden service turns an extra service-side introduction
+      circuit into a general-purpose circuit, free the rend_data and
+      intro_key fields first, so we won't leak memory if the circuit
+      is cannibalized for use as another service-side introduction
+      circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
+    - Rephrase the log message emitted if the TestSocks check is
+      successful. Patch from Fabian Keil; fixes bug 4094.
+    - Bridges now skip DNS self-tests, to act a little more stealthily.
+      Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
+      bridges. Patch by "warms0x".
+    - Remove a confusing dollar sign from the example fingerprint in the
+      man page, and also make the example fingerprint a valid one. Fixes
+      bug 4309; bugfix on 0.2.1.3-alpha.
+    - Fix internal bug-checking logic that was supposed to catch
+      failures in digest generation so that it will fail more robustly
+      if we ask for a nonexistent algorithm. Found by Coverity Scan.
+      Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
+    - Report any failure in init_keys() calls launched because our
+      IP address has changed. Spotted by Coverity Scan. Bugfix on
+      0.1.1.4-alpha; fixes CID 484.
+
+  o Minor bugfixes (on 0.2.3.x):
+    - Fix a bug in configure.in that kept it from building a configure
+      script with autoconf versions earlier than 2.61. Fixes bug 2430;
+      bugfix on 0.2.3.1-alpha.
+    - Don't warn users that they are exposing a client port to the
+      Internet if they have specified an RFC1918 address. Previously,
+      we would warn if the user had specified any non-loopback
+      address. Bugfix on 0.2.3.3-alpha. Fixes bug 4018; reported by Tas.
+    - Fix memory leaks in the failing cases of the new SocksPort and
+      ControlPort code. Found by Coverity Scan. Bugfix on 0.2.3.3-alpha;
+      fixes coverity CIDs 485, 486, and 487.
+
+  o Minor features:
+    - When a hidden service's introduction point times out, consider
+      trying it again during the next attempt to connect to the
+      HS. Previously, we would not try it again unless a newly fetched
+      descriptor contained it. Required by fixes for bugs 1297 and 3825.
+    - The next version of Windows will be called Windows 8, and it has
+      a major version of 6, minor version of 2. Correctly identify that
+      version instead of calling it "Very recent version". Resolves
+      ticket 4153; reported by funkstar.
+    - The Bridge Authority now writes statistics on how many bridge
+      descriptors it gave out in total, and how many unique descriptors
+      it gave out. It also lists how often the most and least commonly
+      fetched descriptors were given out, as well as the median and
+      25th/75th percentile. Implements tickets 4200 and 4294.
+    - Update to the October 4 2011 Maxmind GeoLite Country database.
+
+  o Code simplifications and refactoring:
+    - Remove some old code to remember statistics about which descriptors
+      we've served as a directory mirror. The feature wasn't used and
+      is outdated now that microdescriptors are around.
+    - Rename Tor functions that turn strings into addresses, so that
+      "parse" indicates that no hostname resolution occurs, and
+      "lookup" indicates that hostname resolution may occur. This
+      should help prevent mistakes in the future. Fixes bug 3512.
+
+
+Changes in version 0.2.2.34 - 2011-10-26
+  Tor 0.2.2.34 fixes a critical anonymity vulnerability where an attacker
+  can deanonymize Tor users. Everybody should upgrade.
+
+  The attack relies on four components: 1) Clients reuse their TLS cert
+  when talking to different relays, so relays can recognize a user by
+  the identity key in her cert. 2) An attacker who knows the client's
+  identity key can probe each guard relay to see if that identity key
+  is connected to that guard relay right now. 3) A variety of active
+  attacks in the literature (starting from "Low-Cost Traffic Analysis
+  of Tor" by Murdoch and Danezis in 2005) allow a malicious website to
+  discover the guard relays that a Tor user visiting the website is using.
+  4) Clients typically pick three guards at random, so the set of guards
+  for a given user could well be a unique fingerprint for her. This
+  release fixes components #1 and #2, which is enough to block the attack;
+  the other two remain as open research problems. Special thanks to
+  "frosty_un" for reporting the issue to us!
+
+  Clients should upgrade so they are no longer recognizable by the TLS
+  certs they present. Relays should upgrade so they no longer allow a
+  remote attacker to probe them to test whether unpatched clients are
+  currently connected to them.
+
+  This release also fixes several vulnerabilities that allow an attacker
+  to enumerate bridge relays. Some bridge enumeration attacks still
+  remain; see for example proposal 188.
+
+  o Privacy/anonymity fixes (clients):
+    - Clients and bridges no longer send TLS certificate chains on
+      outgoing OR connections. Previously, each client or bridge would
+      use the same cert chain for all outgoing OR connections until
+      its IP address changes, which allowed any relay that the client
+      or bridge contacted to determine which entry guards it is using.
+      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
+    - If a relay receives a CREATE_FAST cell on a TLS connection, it
+      no longer considers that connection as suitable for satisfying a
+      circuit EXTEND request. Now relays can protect clients from the
+      CVE-2011-2768 issue even if the clients haven't upgraded yet.
+    - Directory authorities no longer assign the Guard flag to relays
+      that haven't upgraded to the above "refuse EXTEND requests
+      to client connections" fix. Now directory authorities can
+      protect clients from the CVE-2011-2768 issue even if neither
+      the clients nor the relays have upgraded yet. There's a new
+      "GiveGuardFlagTo_CVE_2011_2768_VulnerableRelays" config option
+      to let us transition smoothly, else tomorrow there would be no
+      guard relays.
+
+  o Privacy/anonymity fixes (bridge enumeration):
+    - Bridge relays now do their directory fetches inside Tor TLS
+      connections, like all the other clients do, rather than connecting
+      directly to the DirPort like public relays do. Removes another
+      avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35.
+    - Bridges relays now build circuits for themselves in a more similar
+      way to how clients build them. Removes another avenue for
+      enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
+      when bridges were introduced.
+    - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
+      that they initiated. Relays could distinguish incoming bridge
+      connections from client connections, creating another avenue for
+      enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
+      Found by "frosty_un".
+
+  o Major bugfixes:
+    - Fix a crash bug when changing node restrictions while a DNS lookup
+      is in-progress. Fixes bug 4259; bugfix on 0.2.2.25-alpha. Bugfix
+      by "Tey'".
+    - Don't launch a useless circuit after failing to use one of a
+      hidden service's introduction points. Previously, we would
+      launch a new introduction circuit, but not set the hidden service
+      which that circuit was intended to connect to, so it would never
+      actually be used. A different piece of code would then create a
+      new introduction circuit correctly. Bug reported by katmagic and
+      found by Sebastian Hahn. Bugfix on 0.2.1.13-alpha; fixes bug 4212.
+
+  o Minor bugfixes:
+    - Change an integer overflow check in the OpenBSD_Malloc code so
+      that GCC is less likely to eliminate it as impossible. Patch
+      from Mansour Moufid. Fixes bug 4059.
+    - When a hidden service turns an extra service-side introduction
+      circuit into a general-purpose circuit, free the rend_data and
+      intro_key fields first, so we won't leak memory if the circuit
+      is cannibalized for use as another service-side introduction
+      circuit. Bugfix on 0.2.1.7-alpha; fixes bug 4251.
+    - Bridges now skip DNS self-tests, to act a little more stealthily.
+      Fixes bug 4201; bugfix on 0.2.0.3-alpha, which first introduced
+      bridges. Patch by "warms0x".
+    - Fix internal bug-checking logic that was supposed to catch
+      failures in digest generation so that it will fail more robustly
+      if we ask for a nonexistent algorithm. Found by Coverity Scan.
+      Bugfix on 0.2.2.1-alpha; fixes Coverity CID 479.
+    - Report any failure in init_keys() calls launched because our
+      IP address has changed. Spotted by Coverity Scan. Bugfix on
+      0.1.1.4-alpha; fixes CID 484.
+
+  o Minor bugfixes (log messages and documentation):
+    - Remove a confusing dollar sign from the example fingerprint in the
+      man page, and also make the example fingerprint a valid one. Fixes
+      bug 4309; bugfix on 0.2.1.3-alpha.
+    - The next version of Windows will be called Windows 8, and it has
+      a major version of 6, minor version of 2. Correctly identify that
+      version instead of calling it "Very recent version". Resolves
+      ticket 4153; reported by funkstar.
+    - Downgrade log messages about circuit timeout calibration from
+      "notice" to "info": they don't require or suggest any human
+      intervention. Patch from Tom Lowenthal. Fixes bug 4063;
+      bugfix on 0.2.2.14-alpha.
+
+  o Minor features:
+    - Turn on directory request statistics by default and include them in
+      extra-info descriptors. Don't break if we have no GeoIP database.
+      Backported from 0.2.3.1-alpha; implements ticket 3951.
+    - Update to the October 4 2011 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.1.31 - 2011-10-26
+  Tor 0.2.1.31 backports important security and privacy fixes for
+  oldstable. This release is intended only for package maintainers and
+  others who cannot use the 0.2.2 stable series. All others should be
+  using Tor 0.2.2.x or newer.
+
+  o Security fixes (also included in 0.2.2.x):
+    - Replace all potentially sensitive memory comparison operations
+      with versions whose runtime does not depend on the data being
+      compared. This will help resist a class of attacks where an
+      adversary can use variations in timing information to learn
+      sensitive data. Fix for one case of bug 3122. (Safe memcmp
+      implementation by Robert Ransom based partially on code by DJB.)
+    - Fix an assert in parsing router descriptors containing IPv6
+      addresses. This one took down the directory authorities when
+      somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
+
+  o Privacy/anonymity fixes (also included in 0.2.2.x):
+    - Clients and bridges no longer send TLS certificate chains on
+      outgoing OR connections. Previously, each client or bridge would
+      use the same cert chain for all outgoing OR connections until
+      its IP address changes, which allowed any relay that the client
+      or bridge contacted to determine which entry guards it is using.
+      Fixes CVE-2011-2768. Bugfix on 0.0.9pre5; found by "frosty_un".
+    - If a relay receives a CREATE_FAST cell on a TLS connection, it
+      no longer considers that connection as suitable for satisfying a
+      circuit EXTEND request. Now relays can protect clients from the
+      CVE-2011-2768 issue even if the clients haven't upgraded yet.
+    - Bridges now refuse CREATE or CREATE_FAST cells on OR connections
+      that they initiated. Relays could distinguish incoming bridge
+      connections from client connections, creating another avenue for
+      enumerating bridges. Fixes CVE-2011-2769. Bugfix on 0.2.0.3-alpha.
+      Found by "frosty_un".
+    - When receiving a hidden service descriptor, check that it is for
+      the hidden service we wanted. Previously, Tor would store any
+      hidden service descriptors that a directory gave it, whether it
+      wanted them or not. This wouldn't have let an attacker impersonate
+      a hidden service, but it did let directories pre-seed a client
+      with descriptors that it didn't want. Bugfix on 0.0.6.
+    - Avoid linkability based on cached hidden service descriptors: forget
+      all hidden service descriptors cached as a client when processing a
+      SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
+    - Make the bridge directory authority refuse to answer directory
+      requests for "all" descriptors. It used to include bridge
+      descriptors in its answer, which was a major information leak.
+      Found by "piebeer". Bugfix on 0.2.0.3-alpha.
+    - Don't attach new streams to old rendezvous circuits after SIGNAL
+      NEWNYM. Previously, we would keep using an existing rendezvous
+      circuit if it remained open (i.e. if it were kept open by a
+      long-lived stream, or if a new stream were attached to it before
+      Tor could notice that it was old and no longer in use). Bugfix on
+      0.1.1.15-rc; fixes bug 3375.
+
+  o Minor bugfixes (also included in 0.2.2.x):
+    - When we restart our relay, we might get a successful connection
+      from the outside before we've started our reachability tests,
+      triggering a warning: "ORPort found reachable, but I have no
+      routerinfo yet. Failing to inform controller of success." This
+      bug was harmless unless Tor is running under a controller
+      like Vidalia, in which case the controller would never get a
+      REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
+      fixes bug 1172.
+    - Build correctly on OSX with zlib 1.2.4 and higher with all warnings
+      enabled. Fixes bug 1526.
+    - Remove undocumented option "-F" from tor-resolve: it hasn't done
+      anything since 0.2.1.16-rc.
+    - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
+      None of the cases where we did this before were wrong, but by making
+      this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
+    - Fix a rare crash bug that could occur when a client was configured
+      with a large number of bridges. Fixes bug 2629; bugfix on
+      0.2.1.2-alpha. Bugfix by trac user "shitlei".
+    - Correct the warning displayed when a rendezvous descriptor exceeds
+      the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
+      John Brooks.
+    - Fix an uncommon assertion failure when running with DNSPort under
+      heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
+    - When warning about missing zlib development packages during compile,
+      give the correct package names. Bugfix on 0.2.0.1-alpha.
+    - Require that introduction point keys and onion keys have public
+      exponent 65537. Bugfix on 0.2.0.10-alpha.
+    - Do not crash when our configuration file becomes unreadable, for
+      example due to a permissions change, between when we start up
+      and when a controller calls SAVECONF. Fixes bug 3135; bugfix
+      on 0.0.9pre6.
+    - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
+      Fixes bug 3208.
+    - Always NUL-terminate the sun_path field of a sockaddr_un before
+      passing it to the kernel. (Not a security issue: kernels are
+      smart enough to reject bad sockaddr_uns.) Found by Coverity;
+      CID #428. Bugfix on Tor 0.2.0.3-alpha.
+    - Don't stack-allocate the list of supplementary GIDs when we're
+      about to log them. Stack-allocating NGROUPS_MAX gid_t elements
+      could take up to 256K, which is way too much stack. Found by
+      Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
+
+  o Minor bugfixes (only in 0.2.1.x):
+    - Resume using micro-version numbers in 0.2.1.x: our Debian packages
+      rely on them. Bugfix on 0.2.1.30.
+    - Use git revisions instead of svn revisions when generating our
+      micro-version numbers. Bugfix on 0.2.1.15-rc; fixes bug 2402.
+
+  o Minor features (also included in 0.2.2.x):
+    - Adjust the expiration time on our SSL session certificates to
+      better match SSL certs seen in the wild. Resolves ticket 4014.
+    - Allow nameservers with IPv6 address. Resolves bug 2574.
+    - Update to the October 4 2011 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.3.5-alpha - 2011-09-28
+  Tor 0.2.3.5-alpha fixes two bugs that make it possible to enumerate
+  bridge relays; fixes an assertion error that many users started hitting
+  today; and adds the ability to refill token buckets more often than
+  once per second, allowing significant performance improvements.
+
+  o Security fixes:
+    - Bridge relays now do their directory fetches inside Tor TLS
+      connections, like all the other clients do, rather than connecting
+      directly to the DirPort like public relays do. Removes another
+      avenue for enumerating bridges. Fixes bug 4115; bugfix on 0.2.0.35.
+    - Bridges relays now build circuits for themselves in a more similar
+      way to how clients build them. Removes another avenue for
+      enumerating bridges. Fixes bug 4124; bugfix on 0.2.0.3-alpha,
+      when bridges were introduced.
+
+  o Major bugfixes:
+    - Fix an "Assertion md->held_by_node == 1 failed" error that could
+      occur when the same microdescriptor was referenced by two node_t
+      objects at once. Fix for bug 4118; bugfix on Tor 0.2.3.1-alpha.
+
+  o Major features (networking):
+    - Add a new TokenBucketRefillInterval option to refill token buckets
+      more frequently than once per second. This should improve network
+      performance, alleviate queueing problems, and make traffic less
+      bursty. Implements proposal 183; closes ticket 3630. Design by
+      Florian Tschorsch and Björn Scheuermann; implementation by
+      Florian Tschorsch.
+
+  o Minor bugfixes:
+    - Change an integer overflow check in the OpenBSD_Malloc code so
+      that GCC is less likely to eliminate it as impossible. Patch
+      from Mansour Moufid. Fixes bug 4059.
+
+  o Minor bugfixes (usability):
+    - Downgrade log messages about circuit timeout calibration from
+      "notice" to "info": they don't require or suggest any human
+      intervention. Patch from Tom Lowenthal. Fixes bug 4063;
+      bugfix on 0.2.2.14-alpha.
+
+  o Minor features (diagnostics):
+    - When the system call to create a listener socket fails, log the
+      error message explaining why. This may help diagnose bug 4027.
+
+
+Changes in version 0.2.3.4-alpha - 2011-09-13
+  Tor 0.2.3.4-alpha includes the fixes from 0.2.2.33, including a slight
+  tweak to Tor's TLS handshake that makes relays and bridges that run
+  this new version reachable from Iran again. It also fixes a few new
+  bugs in 0.2.3.x, and teaches relays to recognize when they're not
+  listed in the network consensus and republish.
+
+  o Major bugfixes (also part of 0.2.2.33):
+    - Avoid an assertion failure when reloading a configuration with
+      TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes bug
+      3923; bugfix on 0.2.2.25-alpha.
+
+  o Minor features (security, also part of 0.2.2.33):
+    - Check for replays of the public-key encrypted portion of an
+      INTRODUCE1 cell, in addition to the current check for replays of
+      the g^x value. This prevents a possible class of active attacks
+      by an attacker who controls both an introduction point and a
+      rendezvous point, and who uses the malleability of AES-CTR to
+      alter the encrypted g^x portion of the INTRODUCE1 cell. We think
+      that these attacks are infeasible (requiring the attacker to send
+      on the order of zettabytes of altered cells in a short interval),
+      but we'd rather block them off in case there are any classes of
+      this attack that we missed. Reported by Willem Pinckaers.
+
+  o Minor features (also part of 0.2.2.33):
+    - Adjust the expiration time on our SSL session certificates to
+      better match SSL certs seen in the wild. Resolves ticket 4014.
+    - Change the default required uptime for a relay to be accepted as
+      a HSDir (hidden service directory) from 24 hours to 25 hours.
+      Improves on 0.2.0.10-alpha; resolves ticket 2649.
+    - Add a VoteOnHidServDirectoriesV2 config option to allow directory
+      authorities to abstain from voting on assignment of the HSDir
+      consensus flag. Related to bug 2649.
+    - Update to the September 6 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (also part of 0.2.2.33):
+    - Demote the 'replay detected' log message emitted when a hidden
+      service receives the same Diffie-Hellman public key in two different
+      INTRODUCE2 cells to info level. A normal Tor client can cause that
+      log message during its normal operation. Bugfix on 0.2.1.6-alpha;
+      fixes part of bug 2442.
+    - Demote the 'INTRODUCE2 cell is too {old,new}' log message to info
+      level. There is nothing that a hidden service's operator can do
+      to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; fixes part
+      of bug 2442.
+    - Clarify a log message specifying the characters permitted in
+      HiddenServiceAuthorizeClient client names. Previously, the log
+      message said that "[A-Za-z0-9+-_]" were permitted; that could have
+      given the impression that every ASCII character between "+" and "_"
+      was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on 0.2.1.5-alpha.
+
+  o Build fixes (also part of 0.2.2.33):
+    - Clean up some code issues that prevented Tor from building on older
+      BSDs. Fixes bug 3894; reported by "grarpamp".
+    - Search for a platform-specific version of "ar" when cross-compiling.
+      Should fix builds on iOS. Resolves bug 3909, found by Marco Bonetti.
+
+  o Major bugfixes:
+    - Fix a bug where the SocksPort option (for example) would get
+      ignored and replaced by the default if a SocksListenAddress
+      option was set. Bugfix on 0.2.3.3-alpha; fixes bug 3936. Fix by
+      Fabian Keil.
+
+  o Major features:
+    - Relays now try regenerating and uploading their descriptor more
+      frequently if they are not listed in the consensus, or if the
+      version of their descriptor listed in the consensus is too
+      old. This fix should prevent situations where a server declines
+      to re-publish itself because it has done so too recently, even
+      though the authorities decided not to list its recent-enough
+      descriptor. Fix for bug 3327.
+
+  o Minor features:
+    - Relays now include a reason for regenerating their descriptors
+      in an HTTP header when uploading to the authorities. This will
+      make it easier to debug descriptor-upload issues in the future.
+    - When starting as root and then changing our UID via the User
+      control option, and we have a ControlSocket configured, make sure
+      that the ControlSocket is owned by the same account that Tor will
+      run under. Implements ticket 3421; fix by Jérémy Bobbio.
+
+  o Minor bugfixes:
+    - Abort if tor_vasprintf fails in connection_printf_to_buf (a
+      utility function used in the control-port code). This shouldn't
+      ever happen unless Tor is completely out of memory, but if it did
+      happen and Tor somehow recovered from it, Tor could have sent a log
+      message to a control port in the middle of a reply to a controller
+      command. Fixes part of bug 3428; bugfix on 0.1.2.3-alpha.
+    - Make 'FetchUselessDescriptors' cause all descriptor types and
+      all consensus types (including microdescriptors) to get fetched.
+      Fixes bug 3851; bugfix on 0.2.3.1-alpha.
+
+  o Code refactoring:
+    - Make a new "entry connection" struct as an internal subtype of "edge
+      connection", to simplify the code and make exit connections smaller.
+
+
+Changes in version 0.2.2.33 - 2011-09-13
+  Tor 0.2.2.33 fixes several bugs, and includes a slight tweak to Tor's
+  TLS handshake that makes relays and bridges that run this new version
+  reachable from Iran again.
+
+  o Major bugfixes:
+    - Avoid an assertion failure when reloading a configuration with
+      TrackExitHosts changes. Found and fixed by 'laruldan'. Fixes bug
+      3923; bugfix on 0.2.2.25-alpha.
+
+  o Minor features (security):
+    - Check for replays of the public-key encrypted portion of an
+      INTRODUCE1 cell, in addition to the current check for replays of
+      the g^x value. This prevents a possible class of active attacks
+      by an attacker who controls both an introduction point and a
+      rendezvous point, and who uses the malleability of AES-CTR to
+      alter the encrypted g^x portion of the INTRODUCE1 cell. We think
+      that these attacks are infeasible (requiring the attacker to send
+      on the order of zettabytes of altered cells in a short interval),
+      but we'd rather block them off in case there are any classes of
+      this attack that we missed. Reported by Willem Pinckaers.
+
+  o Minor features:
+    - Adjust the expiration time on our SSL session certificates to
+      better match SSL certs seen in the wild. Resolves ticket 4014.
+    - Change the default required uptime for a relay to be accepted as
+      a HSDir (hidden service directory) from 24 hours to 25 hours.
+      Improves on 0.2.0.10-alpha; resolves ticket 2649.
+    - Add a VoteOnHidServDirectoriesV2 config option to allow directory
+      authorities to abstain from voting on assignment of the HSDir
+      consensus flag. Related to bug 2649.
+    - Update to the September 6 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (documentation and log messages):
+    - Correct the man page to explain that HashedControlPassword and
+      CookieAuthentication can both be set, in which case either method
+      is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha,
+      when we decided to allow these config options to both be set. Issue
+      raised by bug 3898.
+    - Demote the 'replay detected' log message emitted when a hidden
+      service receives the same Diffie-Hellman public key in two different
+      INTRODUCE2 cells to info level. A normal Tor client can cause that
+      log message during its normal operation. Bugfix on 0.2.1.6-alpha;
+      fixes part of bug 2442.
+    - Demote the 'INTRODUCE2 cell is too {old,new}' log message to info
+      level. There is nothing that a hidden service's operator can do
+      to fix its clients' clocks. Bugfix on 0.2.1.6-alpha; fixes part
+      of bug 2442.
+    - Clarify a log message specifying the characters permitted in
+      HiddenServiceAuthorizeClient client names. Previously, the log
+      message said that "[A-Za-z0-9+-_]" were permitted; that could have
+      given the impression that every ASCII character between "+" and "_"
+      was permitted. Now we say "[A-Za-z0-9+_-]". Bugfix on 0.2.1.5-alpha.
+
+  o Build fixes:
+    - Provide a substitute implementation of lround() for MSVC, which
+      apparently lacks it. Patch from Gisle Vanem.
+    - Clean up some code issues that prevented Tor from building on older
+      BSDs. Fixes bug 3894; reported by "grarpamp".
+    - Search for a platform-specific version of "ar" when cross-compiling.
+      Should fix builds on iOS. Resolves bug 3909, found by Marco Bonetti.
+
+
+Changes in version 0.2.3.3-alpha - 2011-09-01
+  Tor 0.2.3.3-alpha adds a new "stream isolation" feature to improve Tor's
+  security, and provides client-side support for the microdescriptor
+  and optimistic data features introduced earlier in the 0.2.3.x
+  series. It also includes numerous critical bugfixes in the (optional)
+  bufferevent-based networking backend.
+
+  o Major features (stream isolation):
+    - You can now configure Tor so that streams from different
+      applications are isolated on different circuits, to prevent an
+      attacker who sees your streams as they leave an exit node from
+      linking your sessions to one another. To do this, choose some way
+      to distinguish the applications: have them connect to different
+      SocksPorts, or have one of them use SOCKS4 while the other uses
+      SOCKS5, or have them pass different authentication strings to the
+      SOCKS proxy. Then, use the new SocksPort syntax to configure the
+      degree of isolation you need. This implements Proposal 171.
+    - There's a new syntax for specifying multiple client ports (such as
+      SOCKSPort, TransPort, DNSPort, NATDPort): you can now just declare
+      multiple *Port entries with full addr:port syntax on each.
+      The old *ListenAddress format is still supported, but you can't
+      mix it with the new *Port syntax.
+
+  o Major features (other):
+    - Enable microdescriptor fetching by default for clients. This allows
+      clients to download a much smaller amount of directory information.
+      To disable it (and go back to the old-style consensus and
+      descriptors), set "UseMicrodescriptors 0" in your torrc file.
+    - Tor's firewall-helper feature, introduced in 0.2.3.1-alpha (see the
+      "PortForwarding" config option), now supports Windows.
+    - When using an exit relay running 0.2.3.x, clients can now
+      "optimistically" send data before the exit relay reports that
+      the stream has opened. This saves a round trip when starting
+      connections where the client speaks first (such as web browsing).
+      This behavior is controlled by a consensus parameter (currently
+      disabled). To turn it on or off manually, use the "OptimisticData"
+      torrc option. Implements proposal 181; code by Ian Goldberg.
+
+  o Major bugfixes (bufferevents, fixes on 0.2.3.1-alpha):
+    - When using IOCP on Windows, we need to enable Libevent windows
+      threading support.
+    - The IOCP backend now works even when the user has not specified
+      the (internal, debugging-only) _UseFilteringSSLBufferevents option.
+      Fixes part of bug 3752.
+    - Correctly record the bytes we've read and written when using
+      bufferevents, so that we can include them in our bandwidth history
+      and advertised bandwidth. Fixes bug 3803.
+    - Apply rate-limiting only at the bottom of a chain of filtering
+      bufferevents. This prevents us from filling up internal read
+      buffers and violating rate-limits when filtering bufferevents
+      are enabled. Fixes part of bug 3804.
+    - Add high-watermarks to the output buffers for filtered
+      bufferevents. This prevents us from filling up internal write
+      buffers and wasting CPU cycles when filtering bufferevents are
+      enabled. Fixes part of bug 3804.
+    - Correctly notice when data has been written from a bufferevent
+      without flushing it completely. Fixes bug 3805.
+    - Fix a bug where server-side tunneled bufferevent-based directory
+      streams would get closed prematurely. Fixes bug 3814.
+    - Fix a use-after-free error with per-connection rate-limiting
+      buckets. Fixes bug 3888.
+
+  o Major bugfixes (also part of 0.2.2.31-rc):
+    - If we're configured to write our ControlPorts to disk, only write
+      them after switching UID and creating the data directory. This way,
+      we don't fail when starting up with a nonexistent DataDirectory
+      and a ControlPortWriteToFile setting based on that directory. Fixes
+      bug 3747; bugfix on Tor 0.2.2.26-beta.
+
+  o Minor features:
+    - Added a new CONF_CHANGED event so that controllers can be notified
+      of any configuration changes made by other controllers, or by the
+      user. Implements ticket 1692.
+    - Use evbuffer_copyout() in inspect_evbuffer(). This fixes a memory
+      leak when using bufferevents, and lets Libevent worry about how to
+      best copy data out of a buffer.
+    - Replace files in stats/ rather than appending to them. Now that we
+      include statistics in extra-info descriptors, it makes no sense to
+      keep old statistics forever. Implements ticket 2930.
+
+  o Minor features (build compatibility):
+    - Limited, experimental support for building with nmake and MSVC.
+    - Provide a substitute implementation of lround() for MSVC, which
+      apparently lacks it. Patch from Gisle Vanem.
+
+  o Minor features (also part of 0.2.2.31-rc):
+    - Update to the August 2 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (on 0.2.3.x-alpha):
+    - Fix a spurious warning when parsing SOCKS requests with
+      bufferevents enabled. Fixes bug 3615; bugfix on 0.2.3.2-alpha.
+    - Get rid of a harmless warning that could happen on relays running
+      with bufferevents. The warning was caused by someone doing an http
+      request to a relay's orport. Also don't warn for a few related
+      non-errors. Fixes bug 3700; bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes (on 2.2.x and earlier):
+    - Correct the man page to explain that HashedControlPassword and
+      CookieAuthentication can both be set, in which case either method
+      is sufficient to authenticate to Tor. Bugfix on 0.2.0.7-alpha,
+      when we decided to allow these config options to both be set. Issue
+      raised by bug 3898.
+    - The "--quiet" and "--hush" options now apply not only to Tor's
+      behavior before logs are configured, but also to Tor's behavior in
+      the absence of configured logs. Fixes bug 3550; bugfix on
+      0.2.0.10-alpha.
+
+  o Minor bugfixes (also part of 0.2.2.31-rc):
+    - Write several files in text mode, on OSes that distinguish text
+      mode from binary mode (namely, Windows). These files are:
+      'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays
+      that collect those statistics; 'client_keys' and 'hostname' for
+      hidden services that use authentication; and (in the tor-gencert
+      utility) newly generated identity and signing keys. Previously,
+      we wouldn't specify text mode or binary mode, leading to an
+      assertion failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when
+      the DirRecordUsageByCountry option which would have triggered
+      the assertion failure was added), although this assertion failure
+      would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
+    - Selectively disable deprecation warnings on OS X because Lion
+      started deprecating the shipped copy of openssl. Fixes bug 3643.
+    - Remove an extra pair of quotation marks around the error
+      message in control-port STATUS_GENERAL BUG events. Bugfix on
+      0.1.2.6-alpha; fixes bug 3732.
+    - When unable to format an address as a string, report its value
+      as "???" rather than reusing the last formatted address. Bugfix
+      on 0.2.1.5-alpha.
+
+  o Code simplifications and refactoring:
+    - Rewrite the listener-selection logic so that parsing which ports
+      we want to listen on is now separate from binding to the ports
+      we want.
+
+  o Build changes:
+    - Building Tor with bufferevent support now requires Libevent
+      2.0.13-stable or later. Previous versions of Libevent had bugs in
+      SSL-related bufferevents and related issues that would make Tor
+      work badly with bufferevents. Requiring 2.0.13-stable also allows
+      Tor with bufferevents to take advantage of Libevent APIs
+      introduced after 2.0.8-rc.
+
+
+Changes in version 0.2.2.32 - 2011-08-27
+  The Tor 0.2.2 release series is dedicated to the memory of Andreas
+  Pfitzmann (1958-2010), a pioneer in anonymity and privacy research,
+  a founder of the PETS community, a leader in our field, a mentor,
+  and a friend. He left us with these words: "I had the possibility
+  to contribute to this world that is not as it should be. I hope I
+  could help in some areas to make the world a better place, and that
+  I could also encourage other people to be engaged in improving the
+  world. Please, stay engaged. This world needs you, your love, your
+  initiative -- now I cannot be part of that anymore."
+
+  Tor 0.2.2.32, the first stable release in the 0.2.2 branch, is finally
+  ready. More than two years in the making, this release features improved
+  client performance and hidden service reliability, better compatibility
+  for Android, correct behavior for bridges that listen on more than
+  one address, more extensible and flexible directory object handling,
+  better reporting of network statistics, improved code security, and
+  many many other features and bugfixes.
+
+
+Changes in version 0.2.2.31-rc - 2011-08-17
+  Tor 0.2.2.31-rc is the second and hopefully final release candidate
+  for the Tor 0.2.2.x series.
+
+  o Major bugfixes:
+    - Remove an extra pair of quotation marks around the error
+      message in control-port STATUS_GENERAL BUG events. Bugfix on
+      0.1.2.6-alpha; fixes bug 3732.
+    - If we're configured to write our ControlPorts to disk, only write
+      them after switching UID and creating the data directory. This way,
+      we don't fail when starting up with a nonexistent DataDirectory
+      and a ControlPortWriteToFile setting based on that directory. Fixes
+      bug 3747; bugfix on Tor 0.2.2.26-beta.
+
+  o Minor features:
+    - Update to the August 2 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes:
+    - Allow GETINFO fingerprint to return a fingerprint even when
+      we have not yet built a router descriptor. Fixes bug 3577;
+      bugfix on 0.2.0.1-alpha.
+    - Write several files in text mode, on OSes that distinguish text
+      mode from binary mode (namely, Windows). These files are:
+      'buffer-stats', 'dirreq-stats', and 'entry-stats' on relays
+      that collect those statistics; 'client_keys' and 'hostname' for
+      hidden services that use authentication; and (in the tor-gencert
+      utility) newly generated identity and signing keys. Previously,
+      we wouldn't specify text mode or binary mode, leading to an
+      assertion failure. Fixes bug 3607. Bugfix on 0.2.1.1-alpha (when
+      the DirRecordUsageByCountry option which would have triggered
+      the assertion failure was added), although this assertion failure
+      would have occurred in tor-gencert on Windows in 0.2.0.1-alpha.
+    - Selectively disable deprecation warnings on OS X because Lion
+      started deprecating the shipped copy of openssl. Fixes bug 3643.
+    - When unable to format an address as a string, report its value
+      as "???" rather than reusing the last formatted address. Bugfix
+      on 0.2.1.5-alpha.
+
+
+Changes in version 0.2.3.2-alpha - 2011-07-18
+  Tor 0.2.3.2-alpha introduces two new experimental features:
+  microdescriptors and pluggable transports. It also continues cleaning
+  up a variety of recently introduced features.
+
+  o Major features:
+    - Clients can now use microdescriptors instead of regular descriptors
+      to build circuits. Microdescriptors are authority-generated
+      summaries of regular descriptors' contents, designed to change
+      very rarely (see proposal 158 for details). This feature is
+      designed to save bandwidth, especially for clients on slow internet
+      connections. It's off by default for now, since nearly no caches
+      support it, but it will be on-by-default for clients in a future
+      version. You can use the UseMicrodescriptors option to turn it on.
+    - Tor clients using bridges can now be configured to use a separate
+      'transport' proxy for each bridge. This approach helps to resist
+      censorship by allowing bridges to use protocol obfuscation
+      plugins. It implements part of proposal 180. Implements ticket 2841.
+    - While we're trying to bootstrap, record how many TLS connections
+      fail in each state, and report which states saw the most failures
+      in response to any bootstrap failures. This feature may speed up
+      diagnosis of censorship events. Implements ticket 3116.
+
+  o Major bugfixes (on 0.2.3.1-alpha):
+    - When configuring a large set of nodes in EntryNodes (as with
+      'EntryNodes {cc}' or 'EntryNodes 1.1.1.1/16'), choose only a
+      random subset to be guards, and choose them in random
+      order. Fixes bug 2798.
+    - Tor could crash when remembering a consensus in a non-used consensus
+      flavor without having a current consensus set. Fixes bug 3361.
+    - Comparing an unknown address to a microdescriptor's shortened exit
+      policy would always give a "rejected" result. Fixes bug 3599.
+    - Using microdescriptors as a client no longer prevents Tor from
+      uploading and downloading hidden service descriptors. Fixes
+      bug 3601.
+
+  o Minor features:
+    - Allow nameservers with IPv6 address. Resolves bug 2574.
+    - Accept attempts to include a password authenticator in the
+      handshake, as supported by SOCKS5. This handles SOCKS clients that
+      don't know how to omit a password when authenticating. Resolves
+      bug 1666.
+    - When configuring a large set of nodes in EntryNodes, and there are
+      enough of them listed as Guard so that we don't need to consider
+      the non-guard entries, prefer the ones listed with the Guard flag.
+    - Check for and recover from inconsistency in the microdescriptor
+      cache. This will make it harder for us to accidentally free a
+      microdescriptor without removing it from the appropriate data
+      structures. Fixes issue 3135; issue noted by "wanoskarnet".
+    - Log SSL state transitions at log level DEBUG, log domain
+      HANDSHAKE. This can be useful for debugging censorship events.
+      Implements ticket 3264.
+    - Add port 6523 (Gobby) to LongLivedPorts. Patch by intrigeri;
+      implements ticket 3439.
+
+  o Minor bugfixes (on 0.2.3.1-alpha):
+    - Do not free all general-purpose regular descriptors just
+      because microdescriptor use is enabled. Fixes bug 3113.
+    - Correctly link libevent_openssl when --enable-static-libevent
+      is passed to configure. Fixes bug 3118.
+    - Bridges should not complain during their heartbeat log messages that
+      they are unlisted in the consensus: that's more or less the point
+      of being a bridge. Fixes bug 3183.
+    - Report a SIGNAL event to controllers when acting on a delayed
+      SIGNAL NEWNYM command. Previously, we would report a SIGNAL
+      event to the controller if we acted on a SIGNAL NEWNYM command
+      immediately, and otherwise not report a SIGNAL event for the
+      command at all. Fixes bug 3349.
+    - Fix a crash when handling the SIGNAL controller command or
+      reporting ERR-level status events with bufferevents enabled. Found
+      by Robert Ransom. Fixes bug 3367.
+    - Always ship the tor-fw-helper manpage in our release tarballs.
+      Fixes bug 3389. Reported by Stephen Walker.
+    - Fix a class of double-mark-for-close bugs when bufferevents
+      are enabled. Fixes bug 3403.
+    - Update tor-fw-helper to support libnatpmp-20110618. Fixes bug 3434.
+    - Add SIGNAL to the list returned by the 'GETINFO events/names'
+      control-port command. Fixes part of bug 3465.
+    - Prevent using negative indices during unit test runs when read_all()
+      fails. Spotted by coverity.
+    - Fix a rare memory leak when checking the nodelist without it being
+      present. Found by coverity.
+    - Only try to download a microdescriptor-flavored consensus from
+      a directory cache that provides them.
+
+  o Minor bugfixes (on 0.2.2.x and earlier):
+    - Assert that hidden-service-related operations are not performed
+      using single-hop circuits. Previously, Tor would assert that
+      client-side streams are not attached to single-hop circuits,
+      but not that other sensitive operations on the client and service
+      side are not performed using single-hop circuits. Fixes bug 3332;
+      bugfix on 0.0.6.
+    - Don't publish a new relay descriptor when we reload our onion key,
+      unless the onion key has actually changed. Fixes bug 3263 and
+      resolves another cause of bug 1810. Bugfix on 0.1.1.11-alpha.
+    - Allow GETINFO fingerprint to return a fingerprint even when
+      we have not yet built a router descriptor. Fixes bug 3577;
+      bugfix on 0.2.0.1-alpha.
+    - Make 'tor --digests' list hashes of all Tor source files. Bugfix
+      on 0.2.2.4-alpha; fixes bug 3427.
+
+  o Code simplification and refactoring:
+    - Use tor_sscanf() in place of scanf() in more places through the
+      code. This makes us a little more locale-independent, and
+      should help shut up code-analysis tools that can't tell
+      a safe sscanf string from a dangerous one.
+    - Use tt_assert(), not tor_assert(), for checking for test failures.
+      This makes the unit tests more able to go on in the event that
+      one of them fails.
+    - Split connection_about_to_close() into separate functions for each
+      connection type.
+
+  o Build changes:
+    - On Windows, we now define the _WIN32_WINNT macros only if they
+      are not already defined. This lets the person building Tor decide,
+      if they want, to require a later version of Windows.
+
+
+Changes in version 0.2.2.30-rc - 2011-07-07
+  Tor 0.2.2.30-rc is the first release candidate for the Tor 0.2.2.x
+  series. It fixes a few smaller bugs, but generally appears stable.
+  Please test it and let us know whether it is!
+
+  o Minor bugfixes:
+    - Send a SUCCEEDED stream event to the controller when a reverse
+      resolve succeeded. Fixes bug 3536; bugfix on 0.0.8pre1. Issue
+      discovered by katmagic.
+    - Always NUL-terminate the sun_path field of a sockaddr_un before
+      passing it to the kernel. (Not a security issue: kernels are
+      smart enough to reject bad sockaddr_uns.) Found by Coverity;
+      CID #428. Bugfix on Tor 0.2.0.3-alpha.
+    - Don't stack-allocate the list of supplementary GIDs when we're
+      about to log them. Stack-allocating NGROUPS_MAX gid_t elements
+      could take up to 256K, which is way too much stack. Found by
+      Coverity; CID #450. Bugfix on 0.2.1.7-alpha.
+    - Add BUILDTIMEOUT_SET to the list returned by the 'GETINFO
+      events/names' control-port command. Bugfix on 0.2.2.9-alpha;
+      fixes part of bug 3465.
+    - Fix a memory leak when receiving a descriptor for a hidden
+      service we didn't ask for. Found by Coverity; CID #30. Bugfix
+      on 0.2.2.26-beta.
+
+  o Minor features:
+    - Update to the July 1 2011 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.2.29-beta - 2011-06-20
+  Tor 0.2.2.29-beta reverts an accidental behavior change for users who
+  have bridge lines in their torrc but don't want to use them; gets
+  us closer to having the control socket feature working on Debian;
+  and fixes a variety of smaller bugs.
+
+  o Major bugfixes:
+    - Revert the UseBridges option to its behavior before 0.2.2.28-beta.
+      When we changed the default behavior to "use bridges if any
+      are listed in the torrc", we surprised users who had bridges
+      in their torrc files but who didn't actually want to use them.
+      Partial resolution for bug 3354.
+
+  o Privacy fixes:
+    - Don't attach new streams to old rendezvous circuits after SIGNAL
+      NEWNYM. Previously, we would keep using an existing rendezvous
+      circuit if it remained open (i.e. if it were kept open by a
+      long-lived stream, or if a new stream were attached to it before
+      Tor could notice that it was old and no longer in use). Bugfix on
+      0.1.1.15-rc; fixes bug 3375.
+
+  o Minor bugfixes:
+    - Fix a bug when using ControlSocketsGroupWritable with User. The
+      directory's group would be checked against the current group, not
+      the configured group. Patch by Jérémy Bobbio. Fixes bug 3393;
+      bugfix on 0.2.2.26-beta.
+    - Make connection_printf_to_buf()'s behavior sane. Its callers
+      expect it to emit a CRLF iff the format string ends with CRLF;
+      it actually emitted a CRLF iff (a) the format string ended with
+      CRLF or (b) the resulting string was over 1023 characters long or
+      (c) the format string did not end with CRLF *and* the resulting
+      string was 1021 characters long or longer. Bugfix on 0.1.1.9-alpha;
+      fixes part of bug 3407.
+    - Make send_control_event_impl()'s behavior sane. Its callers
+      expect it to always emit a CRLF at the end of the string; it
+      might have emitted extra control characters as well. Bugfix on
+      0.1.1.9-alpha; fixes another part of bug 3407.
+    - Make crypto_rand_int() check the value of its input correctly.
+      Previously, it accepted values up to UINT_MAX, but could return a
+      negative number if given a value above INT_MAX+1. Found by George
+      Kadianakis. Fixes bug 3306; bugfix on 0.2.2pre14.
+    - Avoid a segfault when reading a malformed circuit build state
+      with more than INT_MAX entries. Found by wanoskarnet. Bugfix on
+      0.2.2.4-alpha.
+    - When asked about a DNS record type we don't support via a
+      client DNSPort, reply with NOTIMPL rather than an empty
+      reply. Patch by intrigeri. Fixes bug 3369; bugfix on 2.0.1-alpha.
+    - Fix a rare memory leak during stats writing. Found by coverity.
+
+  o Minor features:
+    - Update to the June 1 2011 Maxmind GeoLite Country database.
+
+  o Code simplifications and refactoring:
+    - Remove some dead code as indicated by coverity.
+    - Remove a few dead assignments during router parsing. Found by
+      coverity.
+    - Add some forgotten return value checks during unit tests. Found
+      by coverity.
+    - Don't use 1-bit wide signed bit fields. Found by coverity.
+
+
+Changes in version 0.2.2.28-beta - 2011-06-04
+  Tor 0.2.2.28-beta makes great progress towards a new stable release: we
+  fixed a big bug in whether relays stay in the consensus consistently,
+  we moved closer to handling bridges and hidden services correctly,
+  and we started the process of better handling the dreaded "my Vidalia
+  died, and now my Tor demands a password when I try to reconnect to it"
+  usability issue.
+
+  o Major bugfixes:
+    - Don't decide to make a new descriptor when receiving a HUP signal.
+      This bug has caused a lot of 0.2.2.x relays to disappear from the
+      consensus periodically. Fixes the most common case of triggering
+      bug 1810; bugfix on 0.2.2.7-alpha.
+    - Actually allow nameservers with IPv6 addresses. Fixes bug 2574.
+    - Don't try to build descriptors if "ORPort auto" is set and we
+      don't know our actual ORPort yet. Fix for bug 3216; bugfix on
+      0.2.2.26-beta.
+    - Resolve a crash that occurred when setting BridgeRelay to 1 with
+      accounting enabled. Fixes bug 3228; bugfix on 0.2.2.18-alpha.
+    - Apply circuit timeouts to opened hidden-service-related circuits
+      based on the correct start time. Previously, we would apply the
+      circuit build timeout based on time since the circuit's creation;
+      it was supposed to be applied based on time since the circuit
+      entered its current state. Bugfix on 0.0.6; fixes part of bug 1297.
+    - Use the same circuit timeout for client-side introduction
+      circuits as for other four-hop circuits, rather than the timeout
+      for single-hop directory-fetch circuits; the shorter timeout may
+      have been appropriate with the static circuit build timeout in
+      0.2.1.x and earlier, but caused many hidden service access attempts
+      to fail with the adaptive CBT introduced in 0.2.2.2-alpha. Bugfix
+      on 0.2.2.2-alpha; fixes another part of bug 1297.
+    - In ticket 2511 we fixed a case where you could use an unconfigured
+      bridge if you had configured it as a bridge the last time you ran
+      Tor. Now fix another edge case: if you had configured it as a bridge
+      but then switched to a different bridge via the controller, you
+      would still be willing to use the old one. Bugfix on 0.2.0.1-alpha;
+      fixes bug 3321.
+
+  o Major features:
+    - Add an __OwningControllerProcess configuration option and a
+      TAKEOWNERSHIP control-port command. Now a Tor controller can ensure
+      that when it exits, Tor will shut down. Implements feature 3049.
+    - If "UseBridges 1" is set and no bridges are configured, Tor will
+      now refuse to build any circuits until some bridges are set.
+      If "UseBridges auto" is set, Tor will use bridges if they are
+      configured and we are not running as a server, but otherwise will
+      make circuits as usual. The new default is "auto". Patch by anonym,
+      so the Tails LiveCD can stop automatically revealing you as a Tor
+      user on startup.
+
+  o Minor bugfixes:
+    - Fix warnings from GCC 4.6's "-Wunused-but-set-variable" option.
+    - Remove a trailing asterisk from "exit-policy/default" in the
+      output of the control port command "GETINFO info/names". Bugfix
+      on 0.1.2.5-alpha.
+    - Use a wide type to hold sockets when built for 64-bit Windows builds.
+      Fixes bug 3270.
+    - Warn when the user configures two HiddenServiceDir lines that point
+      to the same directory. Bugfix on 0.0.6 (the version introducing
+      HiddenServiceDir); fixes bug 3289.
+    - Remove dead code from rend_cache_lookup_v2_desc_as_dir. Fixes
+      part of bug 2748; bugfix on 0.2.0.10-alpha.
+    - Log malformed requests for rendezvous descriptors as protocol
+      warnings, not warnings. Also, use a more informative log message
+      in case someone sees it at log level warning without prior
+      info-level messages. Fixes the other part of bug 2748; bugfix
+      on 0.2.0.10-alpha.
+    - Clear the table recording the time of the last request for each
+      hidden service descriptor from each HS directory on SIGNAL NEWNYM.
+      Previously, we would clear our HS descriptor cache on SIGNAL
+      NEWNYM, but if we had previously retrieved a descriptor (or tried
+      to) from every directory responsible for it, we would refuse to
+      fetch it again for up to 15 minutes. Bugfix on 0.2.2.25-alpha;
+      fixes bug 3309.
+    - Fix a log message that said "bits" while displaying a value in
+      bytes. Found by wanoskarnet. Fixes bug 3318; bugfix on
+      0.2.0.1-alpha.
+    - When checking for 1024-bit keys, check for 1024 bits, not 128
+      bytes. This allows Tor to correctly discard keys of length 1017
+      through 1023. Bugfix on 0.0.9pre5.
+
+  o Minor features:
+    - Relays now log the reason for publishing a new relay descriptor,
+      so we have a better chance of hunting down instances of bug 1810.
+      Resolves ticket 3252.
+    - Revise most log messages that refer to nodes by nickname to
+      instead use the "$key=nickname at address" format. This should be
+      more useful, especially since nicknames are less and less likely
+      to be unique. Resolves ticket 3045.
+    - Log (at info level) when purging pieces of hidden-service-client
+      state because of SIGNAL NEWNYM.
+
+  o Removed options:
+    - Remove undocumented option "-F" from tor-resolve: it hasn't done
+      anything since 0.2.1.16-rc.
+
+
+Changes in version 0.2.2.27-beta - 2011-05-18
+  Tor 0.2.2.27-beta fixes a bridge-related stability bug in the previous
+  release, and also adds a few more general bugfixes.
+
+  o Major bugfixes:
+    - Fix a crash bug when changing bridges in a running Tor process.
+      Fixes bug 3213; bugfix on 0.2.2.26-beta.
+    - When the controller configures a new bridge, don't wait 10 to 60
+      seconds before trying to fetch its descriptor. Bugfix on
+      0.2.0.3-alpha; fixes bug 3198 (suggested by 2355).
+
+  o Minor bugfixes:
+    - Require that onion keys have exponent 65537 in microdescriptors too.
+      Fixes more of bug 3207; bugfix on 0.2.2.26-beta.
+    - Tor used to limit HttpProxyAuthenticator values to 48 characters.
+      Changed the limit to 512 characters by removing base64 newlines.
+      Fixes bug 2752. Fix by Michael Yakubovich.
+    - When a client starts or stops using bridges, never use a circuit
+      that was built before the configuration change. This behavior could
+      put at risk a user who uses bridges to ensure that her traffic
+      only goes to the chosen addresses. Bugfix on 0.2.0.3-alpha; fixes
+      bug 3200.
+
+
+Changes in version 0.2.2.26-beta - 2011-05-17
+  Tor 0.2.2.26-beta fixes a variety of potential privacy problems. It
+  also introduces a new "socksport auto" approach that should make it
+  easier to run multiple Tors on the same system, and does a lot of
+  cleanup to get us closer to a release candidate.
+
+  o Security/privacy fixes:
+    - Replace all potentially sensitive memory comparison operations
+      with versions whose runtime does not depend on the data being
+      compared. This will help resist a class of attacks where an
+      adversary can use variations in timing information to learn
+      sensitive data. Fix for one case of bug 3122. (Safe memcmp
+      implementation by Robert Ransom based partially on code by DJB.)
+    - When receiving a hidden service descriptor, check that it is for
+      the hidden service we wanted. Previously, Tor would store any
+      hidden service descriptors that a directory gave it, whether it
+      wanted them or not. This wouldn't have let an attacker impersonate
+      a hidden service, but it did let directories pre-seed a client
+      with descriptors that it didn't want. Bugfix on 0.0.6.
+    - On SIGHUP, do not clear out all TrackHostExits mappings, client
+      DNS cache entries, and virtual address mappings: that's what
+      NEWNYM is for. Fixes bug 1345; bugfix on 0.1.0.1-rc.
+
+  o Major features:
+    - The options SocksPort, ControlPort, and so on now all accept a
+      value "auto" that opens a socket on an OS-selected port. A
+      new ControlPortWriteToFile option tells Tor to write its
+      actual control port or ports to a chosen file. If the option
+      ControlPortFileGroupReadable is set, the file is created as
+      group-readable. Now users can run two Tor clients on the same
+      system without needing to manually mess with parameters. Resolves
+      part of ticket 3076.
+    - Set SO_REUSEADDR on all sockets, not just listeners. This should
+      help busy exit nodes avoid running out of useable ports just
+      because all the ports have been used in the near past. Resolves
+      issue 2850.
+
+  o Minor features:
+    - New "GETINFO net/listeners/(type)" controller command to return
+      a list of addresses and ports that are bound for listeners for a
+      given connection type. This is useful when the user has configured
+      "SocksPort auto" and the controller needs to know which port got
+      chosen. Resolves another part of ticket 3076.
+    - Add a new ControlSocketsGroupWritable configuration option: when
+      it is turned on, ControlSockets are group-writeable by the default
+      group of the current user. Patch by Jérémy Bobbio; implements
+      ticket 2972.
+    - Tor now refuses to create a ControlSocket in a directory that is
+      world-readable (or group-readable if ControlSocketsGroupWritable
+      is 0). This is necessary because some operating systems do not
+      enforce permissions on an AF_UNIX sockets. Permissions on the
+      directory holding the socket, however, seems to work everywhere.
+    - Rate-limit a warning about failures to download v2 networkstatus
+      documents. Resolves part of bug 1352.
+    - Backport code from 0.2.3.x that allows directory authorities to
+      clean their microdescriptor caches. Needed to resolve bug 2230.
+    - When an HTTPS proxy reports "403 Forbidden", we now explain
+      what it means rather than calling it an unexpected status code.
+      Closes bug 2503. Patch from Michael Yakubovich.
+    - Update to the May 1 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes:
+    - Authorities now clean their microdesc cache periodically and when
+      reading from disk initially, not only when adding new descriptors.
+      This prevents a bug where we could lose microdescriptors. Bugfix
+      on 0.2.2.6-alpha. Fixes bug 2230.
+    - Do not crash when our configuration file becomes unreadable, for
+      example due to a permissions change, between when we start up
+      and when a controller calls SAVECONF. Fixes bug 3135; bugfix
+      on 0.0.9pre6.
+    - Avoid a bug that would keep us from replacing a microdescriptor
+      cache on Windows. (We would try to replace the file while still
+      holding it open. That's fine on Unix, but Windows doesn't let us
+      do that.) Bugfix on 0.2.2.6-alpha; bug found by wanoskarnet.
+    - Add missing explanations for the authority-related torrc options
+      RephistTrackTime, BridgePassword, and V3AuthUseLegacyKey in the
+      man page. Resolves issue 2379.
+    - As an authority, do not upload our own vote or signature set to
+      ourself. It would tell us nothing new, and as of 0.2.2.24-alpha,
+      it would get flagged as a duplicate. Resolves bug 3026.
+    - Accept hidden service descriptors if we think we might be a hidden
+      service directory, regardless of what our consensus says. This
+      helps robustness, since clients and hidden services can sometimes
+      have a more up-to-date view of the network consensus than we do,
+      and if they think that the directory authorities list us a HSDir,
+      we might actually be one. Related to bug 2732; bugfix on
+      0.2.0.10-alpha.
+    - When a controller changes TrackHostExits, remove mappings for
+      hosts that should no longer have their exits tracked. Bugfix on
+      0.1.0.1-rc.
+    - When a controller changes VirtualAddrNetwork, remove any mappings
+      for hosts that were automapped to the old network. Bugfix on
+      0.1.1.19-rc.
+    - When a controller changes one of the AutomapHosts* options, remove
+      any mappings for hosts that should no longer be automapped. Bugfix
+      on 0.2.0.1-alpha.
+    - Do not reset the bridge descriptor download status every time we
+      re-parse our configuration or get a configuration change. Fixes
+      bug 3019; bugfix on 0.2.0.3-alpha.
+
+  o Minor bugfixes (code cleanup):
+    - When loading the microdesc journal, remember its current size.
+      In 0.2.2, this helps prevent the microdesc journal from growing
+      without limit on authorities (who are the only ones to use it in
+      0.2.2). Fixes a part of bug 2230; bugfix on 0.2.2.6-alpha.
+      Fix posted by "cypherpunks."
+    - The microdesc journal is supposed to get rebuilt only if it is
+      at least _half_ the length of the store, not _twice_ the length
+      of the store. Bugfix on 0.2.2.6-alpha; fixes part of bug 2230.
+    - Fix a potential null-pointer dereference while computing a
+      consensus. Bugfix on 0.2.0.3-alpha, found with the help of
+      clang's analyzer.
+    - Avoid a possible null-pointer dereference when rebuilding the mdesc
+      cache without actually having any descriptors to cache. Bugfix on
+      0.2.2.6-alpha. Issue discovered using clang's static analyzer.
+    - If we fail to compute the identity digest of a v3 legacy keypair,
+      warn, and don't use a buffer-full of junk instead. Bugfix on
+      0.2.1.1-alpha; fixes bug 3106.
+    - Resolve an untriggerable issue in smartlist_string_num_isin(),
+      where if the function had ever in the future been used to check
+      for the presence of a too-large number, it would have given an
+      incorrect result. (Fortunately, we only used it for 16-bit
+      values.) Fixes bug 3175; bugfix on 0.1.0.1-rc.
+    - Require that introduction point keys and onion handshake keys
+      have a public exponent of 65537. Starts to fix bug 3207; bugfix
+      on 0.2.0.10-alpha.
+
+  o Removed features:
+    - Caches no longer download and serve v2 networkstatus documents
+      unless FetchV2Networkstatus flag is set: these documents haven't
+      haven't been used by clients or relays since 0.2.0.x. Resolves
+      bug 3022.
+
+
+Changes in version 0.2.3.1-alpha - 2011-05-05
+  Tor 0.2.3.1-alpha adds some new experimental features, including support
+  for an improved network IO backend, IOCP networking on Windows,
+  microdescriptor caching, "fast-start" support for streams, and automatic
+  home router configuration. There are also numerous internal improvements
+  to try to make the code easier for developers to work with.
+
+  This is the first alpha release in a new series, so expect there to be
+  bugs. Users who would rather test out a more stable branch should
+  stay with 0.2.2.x for now.
+
+  o Major features:
+    - Tor can now optionally build with the "bufferevents" buffered IO
+      backend provided by Libevent 2. To use this feature, make sure you
+      have the latest possible version of Libevent, and pass the
+      --enable-bufferevents flag to configure when building Tor from
+      source. This feature will make our networking code more flexible,
+      let us stack layers on each other, and let us use more efficient
+      zero-copy transports where available.
+    - As an experimental feature, Tor can use IOCP for networking on Windows.
+      Once this code is tuned and optimized, it promises much better
+      performance than the select-based backend we've used in the past. To
+      try this feature, you must build Tor with Libevent 2, configure Tor
+      with the "bufferevents" buffered IO backend, and add "DisableIOCP 0" to
+      your torrc. There are known bugs here: only try this if you can help
+      debug it as it breaks.
+    - The EntryNodes option can now include country codes like {de} or IP
+      addresses or network masks. Previously we had disallowed these options
+      because we didn't have an efficient way to keep the list up to
+      date. Fixes bug 1982, but see bug 2798 for an unresolved issue here.
+    - Exit nodes now accept and queue data on not-yet-connected streams.
+      Previously, the client wasn't allowed to send data until the stream was
+      connected, which slowed down all connections. This change will enable
+      clients to perform a "fast-start" on streams and send data without
+      having to wait for a confirmation that the stream has opened. (Patch
+      from Ian Goldberg; implements the server side of Proposal 174.)
+    - Tor now has initial support for automatic port mapping on the many
+      home routers that support NAT-PMP or UPnP. (Not yet supported on
+      Windows). To build the support code, you'll need to have libnatpnp
+      library and/or the libminiupnpc library, and you'll need to enable the
+      feature specifically by passing "--enable-upnp" and/or
+      "--enable-natpnp" to configure. To turn it on, use the new
+      PortForwarding option.
+    - Caches now download, cache, and serve multiple "flavors" of the
+      consensus, including a flavor that describes microdescriptors.
+    - Caches now download, cache, and serve microdescriptors -- small
+      summaries of router descriptors that are authenticated by all of the
+      directory authorities. Once enough caches are running this code,
+      clients will be able to save significant amounts of directory bandwidth
+      by downloading microdescriptors instead of router descriptors.
+
+  o Minor features:
+    - Make logging resolution configurable with a new LogTimeGranularity
+      option, and change the default from 1 millisecond to 1 second.
+      Implements enhancement 1668.
+    - We log which torrc file we're using on startup. Implements ticket
+      2444.
+    - Ordinarily, Tor does not count traffic from private addresses (like
+      127.0.0.1 or 10.0.0.1) when calculating rate limits or accounting.
+      There is now a new option, CountPrivateBandwidth, to disable this
+      behavior. Patch from Daniel Cagara.
+    - New --enable-static-tor configure option for building Tor as
+      statically as possible. Idea, general hackery and thoughts from
+      Alexei Czeskis, John Gilmore, Jacob Appelbaum. Implements ticket
+      2702.
+    - If you set the NumCPUs option to 0, Tor will now try to detect how
+      many CPUs you have. This is the new default behavior.
+    - Turn on directory request statistics by default and include them in
+      extra-info descriptors. Don't break if we have no GeoIP database.
+    - Relays that set "ConnDirectionStatistics 1" write statistics on the
+      bidirectional use of connections to disk every 24 hours.
+    - Add a GeoIP file digest to the extra-info descriptor. Implements
+      enhancement 1883.
+    - The NodeFamily option -- which let you declare that you want to
+      consider nodes to be part of a family whether they list themselves
+      that way or not -- now allows IP address ranges and country codes.
+    - Add a new 'Heartbeat' log message type to periodically log a message
+      describing Tor's status at level Notice. This feature is meant for
+      operators who log at notice, and want to make sure that their Tor
+      server is still working. Implementation by George Kadianakis.
+
+  o Minor bugfixes (on 0.2.2.25-alpha):
+    - When loading the microdesc journal, remember its current size.
+      In 0.2.2, this helps prevent the microdesc journal from growing
+      without limit on authorities (who are the only ones to use it in
+      0.2.2). Fixes a part of bug 2230; bugfix on 0.2.2.6-alpha.
+      Fix posted by "cypherpunks."
+    - The microdesc journal is supposed to get rebuilt only if it is
+      at least _half_ the length of the store, not _twice_ the length
+      of the store. Bugfix on 0.2.2.6-alpha; fixes part of bug 2230.
+    - If as an authority we fail to compute the identity digest of a v3
+      legacy keypair, warn, and don't use a buffer-full of junk instead.
+      Bugfix on 0.2.1.1-alpha; fixes bug 3106.
+    - Authorities now clean their microdesc cache periodically and when
+      reading from disk initially, not only when adding new descriptors.
+      This prevents a bug where we could lose microdescriptors. Bugfix
+      on 0.2.2.6-alpha.
+
+  o Minor features (controller):
+    - Add a new SIGNAL event to the controller interface so that
+      controllers can be notified when Tor handles a signal. Resolves
+      issue 1955. Patch by John Brooks.
+    - Add a new GETINFO option to get total bytes read and written. Patch
+      from pipe, revised by atagar. Resolves ticket 2345.
+    - Implement some GETINFO controller fields to provide information about
+      the Tor process's pid, euid, username, and resource limits.
+
+  o Build changes:
+    - Our build system requires automake 1.6 or later to create the
+      Makefile.in files. Previously, you could have used 1.4.
+      This only affects developers and people building Tor from git;
+      people who build Tor from the source distribution without changing
+      the Makefile.am files should be fine.
+    - Our autogen.sh script uses autoreconf to launch autoconf, automake, and
+      so on. This is more robust against some of the failure modes
+      associated with running the autotools pieces on their own.
+
+  o Minor packaging issues:
+    - On OpenSUSE, create the /var/run/tor directory on startup if it is not
+      already created. Patch from Andreas Stieger. Fixes bug 2573.
+
+  o Code simplifications and refactoring:
+    - A major revision to our internal node-selecting and listing logic.
+      Tor already had at least two major ways to look at the question of
+      "which Tor servers do we know about": a list of router descriptors,
+      and a list of entries in the current consensus. With
+      microdescriptors, we're adding a third. Having so many systems
+      without an abstraction layer over them was hurting the codebase.
+      Now, we have a new "node_t" abstraction that presents a consistent
+      interface to a client's view of a Tor node, and holds (nearly) all
+      of the mutable state formerly in routerinfo_t and routerstatus_t.
+    - The helper programs tor-gencert, tor-resolve, and tor-checkkey
+      no longer link against Libevent: they never used it, but
+      our library structure used to force them to link it.
+
+  o Removed features:
+    - Remove some old code to work around even older versions of Tor that
+      used forked processes to handle DNS requests. Such versions of Tor
+      are no longer in use as servers.
+
+  o Documentation fixes:
+    - Correct a broken faq link in the INSTALL file. Fixes bug 2307.
+    - Add missing documentation for the authority-related torrc options
+      RephistTrackTime, BridgePassword, and V3AuthUseLegacyKey. Resolves
+      issue 2379.
+
+
+Changes in version 0.2.2.25-alpha - 2011-04-29
+  Tor 0.2.2.25-alpha fixes many bugs: hidden service clients are more
+  robust, routers no longer overreport their bandwidth, Win7 should crash
+  a little less, and NEWNYM (as used by Vidalia's "new identity" button)
+  now prevents hidden service-related activity from being linkable. It
+  provides more information to Vidalia so you can see if your bridge is
+  working. Also, 0.2.2.25-alpha revamps the Entry/Exit/ExcludeNodes and
+  StrictNodes configuration options to make them more reliable, more
+  understandable, and more regularly applied. If you use those options,
+  please see the revised documentation for them in the manual page.
+
+  o Major bugfixes:
+    - Relays were publishing grossly inflated bandwidth values because
+      they were writing their state files wrong--now they write the
+      correct value. Also, resume reading bandwidth history from the
+      state file correctly. Fixes bug 2704; bugfix on 0.2.2.23-alpha.
+    - Improve hidden service robustness: When we find that we have
+      extended a hidden service's introduction circuit to a relay not
+      listed as an introduction point in the HS descriptor we currently
+      have, retry with an introduction point from the current
+      descriptor. Previously we would just give up. Fixes bugs 1024 and
+      1930; bugfix on 0.2.0.10-alpha.
+    - Clients now stop trying to use an exit node associated with a given
+      destination by TrackHostExits if they fail to reach that exit node.
+      Fixes bug 2999. Bugfix on 0.2.0.20-rc.
+    - Fix crash bug on platforms where gmtime and localtime can return
+      NULL. Windows 7 users were running into this one. Fixes part of bug
+      2077. Bugfix on all versions of Tor. Found by boboper.
+
+  o Security and stability fixes:
+    - Don't double-free a parsable, but invalid, microdescriptor, even if
+      it is followed in the blob we're parsing by an unparsable
+      microdescriptor. Fixes an issue reported in a comment on bug 2954.
+      Bugfix on 0.2.2.6-alpha; fix by "cypherpunks".
+    - If the Nickname configuration option isn't given, Tor would pick a
+      nickname based on the local hostname as the nickname for a relay.
+      Because nicknames are not very important in today's Tor and the
+      "Unnamed" nickname has been implemented, this is now problematic
+      behavior: It leaks information about the hostname without being
+      useful at all. Fixes bug 2979; bugfix on 0.1.2.2-alpha, which
+      introduced the Unnamed nickname. Reported by tagnaq.
+    - Fix an uncommon assertion failure when running with DNSPort under
+      heavy load. Fixes bug 2933; bugfix on 0.2.0.1-alpha.
+    - Avoid linkability based on cached hidden service descriptors: forget
+      all hidden service descriptors cached as a client when processing a
+      SIGNAL NEWNYM command. Fixes bug 3000; bugfix on 0.0.6.
+
+  o Major features:
+    - Export GeoIP information on bridge usage to controllers even if we
+      have not yet been running for 24 hours. Now Vidalia bridge operators
+      can get more accurate and immediate feedback about their
+      contributions to the network.
+
+  o Major features and bugfixes (node selection):
+    - Revise and reconcile the meaning of the ExitNodes, EntryNodes,
+      ExcludeEntryNodes, ExcludeExitNodes, ExcludeNodes, and StrictNodes
+      options. Previously, we had been ambiguous in describing what
+      counted as an "exit" node, and what operations exactly "StrictNodes
+      0" would permit. This created confusion when people saw nodes built
+      through unexpected circuits, and made it hard to tell real bugs from
+      surprises. Now the intended behavior is:
+        . "Exit", in the context of ExitNodes and ExcludeExitNodes, means
+          a node that delivers user traffic outside the Tor network.
+        . "Entry", in the context of EntryNodes, means a node used as the
+          first hop of a multihop circuit. It doesn't include direct
+          connections to directory servers.
+        . "ExcludeNodes" applies to all nodes.
+        . "StrictNodes" changes the behavior of ExcludeNodes only. When
+          StrictNodes is set, Tor should avoid all nodes listed in
+          ExcludeNodes, even when it will make user requests fail. When
+          StrictNodes is *not* set, then Tor should follow ExcludeNodes
+          whenever it can, except when it must use an excluded node to
+          perform self-tests, connect to a hidden service, provide a
+          hidden service, fulfill a .exit request, upload directory
+          information, or fetch directory information.
+      Collectively, the changes to implement the behavior fix bug 1090.
+    - ExcludeNodes now takes precedence over EntryNodes and ExitNodes: if
+      a node is listed in both, it's treated as excluded.
+    - ExcludeNodes now applies to directory nodes -- as a preference if
+      StrictNodes is 0, or an absolute requirement if StrictNodes is 1.
+      Don't exclude all the directory authorities and set StrictNodes to 1
+      unless you really want your Tor to break.
+    - ExcludeNodes and ExcludeExitNodes now override exit enclaving.
+    - ExcludeExitNodes now overrides .exit requests.
+    - We don't use bridges listed in ExcludeNodes.
+    - When StrictNodes is 1:
+       . We now apply ExcludeNodes to hidden service introduction points
+         and to rendezvous points selected by hidden service users. This
+         can make your hidden service less reliable: use it with caution!
+       . If we have used ExcludeNodes on ourself, do not try relay
+         reachability self-tests.
+       . If we have excluded all the directory authorities, we will not
+         even try to upload our descriptor if we're a relay.
+       . Do not honor .exit requests to an excluded node.
+    - Remove a misfeature that caused us to ignore the Fast/Stable flags
+      when ExitNodes is set. Bugfix on 0.2.2.7-alpha.
+    - When the set of permitted nodes changes, we now remove any mappings
+      introduced via TrackExitHosts to now-excluded nodes. Bugfix on
+      0.1.0.1-rc.
+    - We never cannibalize a circuit that had excluded nodes on it, even
+      if StrictNodes is 0. Bugfix on 0.1.0.1-rc.
+    - Revert a change where we would be laxer about attaching streams to
+      circuits than when building the circuits. This was meant to prevent
+      a set of bugs where streams were never attachable, but our improved
+      code here should make this unnecessary. Bugfix on 0.2.2.7-alpha.
+    - Keep track of how many times we launch a new circuit to handle a
+      given stream. Too many launches could indicate an inconsistency
+      between our "launch a circuit to handle this stream" logic and our
+      "attach this stream to one of the available circuits" logic.
+    - Improve log messages related to excluded nodes.
+
+  o Minor bugfixes:
+    - Fix a spurious warning when moving from a short month to a long
+      month on relays with month-based BandwidthAccounting. Bugfix on
+      0.2.2.17-alpha; fixes bug 3020.
+    - When a client finds that an origin circuit has run out of 16-bit
+      stream IDs, we now mark it as unusable for new streams. Previously,
+      we would try to close the entire circuit. Bugfix on 0.0.6.
+    - Add a forgotten cast that caused a compile warning on OS X 10.6.
+      Bugfix on 0.2.2.24-alpha.
+    - Be more careful about reporting the correct error from a failed
+      connect() system call. Under some circumstances, it was possible to
+      look at an incorrect value for errno when sending the end reason.
+      Bugfix on 0.1.0.1-rc.
+    - Correctly handle an "impossible" overflow cases in connection byte
+      counting, where we write or read more than 4GB on an edge connection
+      in a single second. Bugfix on 0.1.2.8-beta.
+    - Correct the warning displayed when a rendezvous descriptor exceeds
+      the maximum size. Fixes bug 2750; bugfix on 0.2.1.5-alpha. Found by
+      John Brooks.
+    - Clients and hidden services now use HSDir-flagged relays for hidden
+      service descriptor downloads and uploads even if the relays have no
+      DirPort set and the client has disabled TunnelDirConns. This will
+      eventually allow us to give the HSDir flag to relays with no
+      DirPort. Fixes bug 2722; bugfix on 0.2.1.6-alpha.
+    - Downgrade "no current certificates known for authority" message from
+      Notice to Info. Fixes bug 2899; bugfix on 0.2.0.10-alpha.
+    - Make the SIGNAL DUMP control-port command work on FreeBSD. Fixes bug
+      2917. Bugfix on 0.1.1.1-alpha.
+    - Only limit the lengths of single HS descriptors, even when multiple
+      HS descriptors are published to an HSDir relay in a single POST
+      operation. Fixes bug 2948; bugfix on 0.2.1.5-alpha. Found by hsdir.
+    - Write the current time into the LastWritten line in our state file,
+      rather than the time from the previous write attempt. Also, stop
+      trying to use a time of -1 in our log statements. Fixes bug 3039;
+      bugfix on 0.2.2.14-alpha.
+    - Be more consistent in our treatment of file system paths. "~" should
+      get expanded to the user's home directory in the Log config option.
+      Fixes bug 2971; bugfix on 0.2.0.1-alpha, which introduced the
+      feature for the -f and --DataDirectory options.
+
+  o Minor features:
+    - Make sure every relay writes a state file at least every 12 hours.
+      Previously, a relay could go for weeks without writing its state
+      file, and on a crash could lose its bandwidth history, capacity
+      estimates, client country statistics, and so on. Addresses bug 3012.
+    - Send END_STREAM_REASON_NOROUTE in response to EHOSTUNREACH errors.
+      Clients before 0.2.1.27 didn't handle NOROUTE correctly, but such
+      clients are already deprecated because of security bugs.
+    - Don't allow v0 hidden service authorities to act as clients.
+      Required by fix for bug 3000.
+    - Ignore SIGNAL NEWNYM commands on relay-only Tor instances. Required
+      by fix for bug 3000.
+    - Ensure that no empty [dirreq-](read|write)-history lines are added
+      to an extrainfo document. Implements ticket 2497.
+
+  o Code simplification and refactoring:
+    - Remove workaround code to handle directory responses from servers
+      that had bug 539 (they would send HTTP status 503 responses _and_
+      send a body too). Since only server versions before
+      0.2.0.16-alpha/0.1.2.19 were affected, there is no longer reason to
+      keep the workaround in place.
+    - Remove the old 'fuzzy time' logic. It was supposed to be used for
+      handling calculations where we have a known amount of clock skew and
+      an allowed amount of unknown skew. But we only used it in three
+      places, and we never adjusted the known/unknown skew values. This is
+      still something we might want to do someday, but if we do, we'll
+      want to do it differently.
+    - Avoid signed/unsigned comparisons by making SIZE_T_CEILING unsigned.
+      None of the cases where we did this before were wrong, but by making
+      this change we avoid warnings. Fixes bug 2475; bugfix on 0.2.1.28.
+    - Use GetTempDir to find the proper temporary directory location on
+      Windows when generating temporary files for the unit tests. Patch by
+      Gisle Vanem.
+
+
+Changes in version 0.2.2.24-alpha - 2011-04-08
+  Tor 0.2.2.24-alpha fixes a variety of bugs, including a big bug that
+  prevented Tor clients from effectively using "multihomed" bridges,
+  that is, bridges that listen on multiple ports or IP addresses so users
+  can continue to use some of their addresses even if others get blocked.
+
+  o Major bugfixes:
+    - Fix a bug where bridge users who configure the non-canonical
+      address of a bridge automatically switch to its canonical
+      address. If a bridge listens at more than one address, it should be
+      able to advertise those addresses independently and any non-blocked
+      addresses should continue to work. Bugfix on Tor 0.2.0.x. Fixes
+      bug 2510.
+    - If you configured Tor to use bridge A, and then quit and
+      configured Tor to use bridge B instead, it would happily continue
+      to use bridge A if it's still reachable. While this behavior is
+      a feature if your goal is connectivity, in some scenarios it's a
+      dangerous bug. Bugfix on Tor 0.2.0.1-alpha; fixes bug 2511.
+    - Directory authorities now use data collected from their own
+      uptime observations when choosing whether to assign the HSDir flag
+      to relays, instead of trusting the uptime value the relay reports in
+      its descriptor. This change helps prevent an attack where a small
+      set of nodes with frequently-changing identity keys can blackhole
+      a hidden service. (Only authorities need upgrade; others will be
+      fine once they do.) Bugfix on 0.2.0.10-alpha; fixes bug 2709.
+
+  o Minor bugfixes:
+    - When we restart our relay, we might get a successful connection
+      from the outside before we've started our reachability tests,
+      triggering a warning: "ORPort found reachable, but I have no
+      routerinfo yet. Failing to inform controller of success." This
+      bug was harmless unless Tor is running under a controller
+      like Vidalia, in which case the controller would never get a
+      REACHABILITY_SUCCEEDED status event. Bugfix on 0.1.2.6-alpha;
+      fixes bug 1172.
+    - Make directory authorities more accurate at recording when
+      relays that have failed several reachability tests became
+      unreachable, so we can provide more accuracy at assigning Stable,
+      Guard, HSDir, etc flags. Bugfix on 0.2.0.6-alpha. Resolves bug 2716.
+    - Fix an issue that prevented static linking of libevent on
+      some platforms (notably Linux). Fixes bug 2698; bugfix on
+      versions 0.2.1.23/0.2.2.8-alpha (the versions introducing
+      the --with-static-libevent configure option).
+    - We now ask the other side of a stream (the client or the exit)
+      for more data on that stream when the amount of queued data on
+      that stream dips low enough. Previously, we wouldn't ask the
+      other side for more data until either it sent us more data (which
+      it wasn't supposed to do if it had exhausted its window!) or we
+      had completely flushed all our queued data. This flow control fix
+      should improve throughput. Fixes bug 2756; bugfix on the earliest
+      released versions of Tor (svn commit r152).
+    - Avoid a double-mark-for-free warning when failing to attach a
+      transparent proxy connection. (We thought we had fixed this in
+      0.2.2.23-alpha, but it turns out our fix was checking the wrong
+      connection.) Fixes bug 2757; bugfix on 0.1.2.1-alpha (the original
+      bug) and 0.2.2.23-alpha (the incorrect fix).
+    - When warning about missing zlib development packages during compile,
+      give the correct package names. Bugfix on 0.2.0.1-alpha.
+
+  o Minor features:
+    - Directory authorities now log the source of a rejected POSTed v3
+      networkstatus vote.
+    - Make compilation with clang possible when using
+      --enable-gcc-warnings by removing two warning options that clang
+      hasn't implemented yet and by fixing a few warnings. Implements
+      ticket 2696.
+    - When expiring circuits, use microsecond timers rather than
+      one-second timers. This can avoid an unpleasant situation where a
+      circuit is launched near the end of one second and expired right
+      near the beginning of the next, and prevent fluctuations in circuit
+      timeout values.
+    - Use computed circuit-build timeouts to decide when to launch
+      parallel introduction circuits for hidden services. (Previously,
+      we would retry after 15 seconds.)
+    - Update to the April 1 2011 Maxmind GeoLite Country database.
+
+  o Packaging fixes:
+    - Create the /var/run/tor directory on startup on OpenSUSE if it is
+      not already created. Patch from Andreas Stieger. Fixes bug 2573.
+
+  o Documentation changes:
+    - Modernize the doxygen configuration file slightly. Fixes bug 2707.
+    - Resolve all doxygen warnings except those for missing documentation.
+      Fixes bug 2705.
+    - Add doxygen documentation for more functions, fields, and types.
+
+
+Changes in version 0.2.2.23-alpha - 2011-03-08
+  Tor 0.2.2.23-alpha lets relays record their bandwidth history so when
+  they restart they don't lose their bandwidth capacity estimate. This
+  release also fixes a diverse set of user-facing bugs, ranging from
+  relays overrunning their rate limiting to clients falsely warning about
+  clock skew to bridge descriptor leaks by our bridge directory authority.
+
+  o Major bugfixes:
+    - Stop sending a CLOCK_SKEW controller status event whenever
+      we fetch directory information from a relay that has a wrong clock.
+      Instead, only inform the controller when it's a trusted authority
+      that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
+      the rest of bug 1074.
+    - Fix an assert in parsing router descriptors containing IPv6
+      addresses. This one took down the directory authorities when
+      somebody tried some experimental code. Bugfix on 0.2.1.3-alpha.
+    - Make the bridge directory authority refuse to answer directory
+      requests for "all" descriptors. It used to include bridge
+      descriptors in its answer, which was a major information leak.
+      Found by "piebeer". Bugfix on 0.2.0.3-alpha.
+    - If relays set RelayBandwidthBurst but not RelayBandwidthRate,
+      Tor would ignore their RelayBandwidthBurst setting,
+      potentially using more bandwidth than expected. Bugfix on
+      0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
+    - Ignore and warn if the user mistakenly sets "PublishServerDescriptor
+      hidserv" in her torrc. The 'hidserv' argument never controlled
+      publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
+
+  o Major features:
+    - Relays now save observed peak bandwidth throughput rates to their
+      state file (along with total usage, which was already saved)
+      so that they can determine their correct estimated bandwidth on
+      restart. Resolves bug 1863, where Tor relays would reset their
+      estimated bandwidth to 0 after restarting.
+    - Directory authorities now take changes in router IP address and
+      ORPort into account when determining router stability. Previously,
+      if a router changed its IP or ORPort, the authorities would not
+      treat it as having any downtime for the purposes of stability
+      calculation, whereas clients would experience downtime since the
+      change could take a while to propagate to them. Resolves issue 1035.
+    - Enable Address Space Layout Randomization (ASLR) and Data Execution
+      Prevention (DEP) by default on Windows to make it harder for
+      attackers to exploit vulnerabilities. Patch from John Brooks.
+
+  o Minor bugfixes (on 0.2.1.x and earlier):
+    - Fix a rare crash bug that could occur when a client was configured
+      with a large number of bridges. Fixes bug 2629; bugfix on
+      0.2.1.2-alpha. Bugfix by trac user "shitlei".
+    - Avoid a double mark-for-free warning when failing to attach a
+      transparent proxy connection. Bugfix on 0.1.2.1-alpha. Fixes
+      bug 2279.
+    - Correctly detect failure to allocate an OpenSSL BIO. Fixes bug 2378;
+      found by "cypherpunks". This bug was introduced before the first
+      Tor release, in svn commit r110.
+    - Country codes aren't supported in EntryNodes until 0.2.3.x, so
+      don't mention them in the manpage. Fixes bug 2450; issue
+      spotted by keb and G-Lo.
+    - Fix a bug in bandwidth history state parsing that could have been
+      triggered if a future version of Tor ever changed the timing
+      granularity at which bandwidth history is measured. Bugfix on
+      Tor 0.1.1.11-alpha.
+    - When a relay decides that its DNS is too broken for it to serve
+      as an exit server, it advertised itself as a non-exit, but
+      continued to act as an exit. This could create accidental
+      partitioning opportunities for users. Instead, if a relay is
+      going to advertise reject *:* as its exit policy, it should
+      really act with exit policy "reject *:*". Fixes bug 2366.
+      Bugfix on Tor 0.1.2.5-alpha. Bugfix by user "postman" on trac.
+    - In the special case where you configure a public exit relay as your
+      bridge, Tor would be willing to use that exit relay as the last
+      hop in your circuit as well. Now we fail that circuit instead.
+      Bugfix on 0.2.0.12-alpha. Fixes bug 2403. Reported by "piebeer".
+    - Fix a bug with our locking implementation on Windows that couldn't
+      correctly detect when a file was already locked. Fixes bug 2504,
+      bugfix on 0.2.1.6-alpha.
+    - Fix IPv6-related connect() failures on some platforms (BSD, OS X).
+      Bugfix on 0.2.0.3-alpha; fixes first part of bug 2660. Patch by
+      "piebeer".
+    - Set target port in get_interface_address6() correctly. Bugfix
+      on 0.1.1.4-alpha and 0.2.0.3-alpha; fixes second part of bug 2660.
+    - Directory authorities are now more robust to hops back in time
+      when calculating router stability. Previously, if a run of uptime
+      or downtime appeared to be negative, the calculation could give
+      incorrect results. Bugfix on 0.2.0.6-alpha; noticed when fixing
+      bug 1035.
+    - Fix an assert that got triggered when using the TestingTorNetwork
+      configuration option and then issuing a GETINFO config-text control
+      command. Fixes bug 2250; bugfix on 0.2.1.2-alpha.
+
+  o Minor bugfixes (on 0.2.2.x):
+    - Clients should not weight BadExit nodes as Exits in their node
+      selection. Similarly, directory authorities should not count BadExit
+      bandwidth as Exit bandwidth when computing bandwidth-weights.
+      Bugfix on 0.2.2.10-alpha; fixes bug 2203.
+    - Correctly clear our dir_read/dir_write history when there is an
+      error parsing any bw history value from the state file. Bugfix on
+      Tor 0.2.2.15-alpha.
+    - Resolve a bug in verifying signatures of directory objects
+      with digests longer than SHA1. Bugfix on 0.2.2.20-alpha.
+      Fixes bug 2409. Found by "piebeer".
+    - Bridge authorities no longer crash on SIGHUP when they try to
+      publish their relay descriptor to themselves. Fixes bug 2572. Bugfix
+      on 0.2.2.22-alpha.
+
+  o Minor features:
+    - Log less aggressively about circuit timeout changes, and improve
+      some other circuit timeout messages. Resolves bug 2004.
+    - Log a little more clearly about the times at which we're no longer
+      accepting new connections. Resolves bug 2181.
+    - Reject attempts at the client side to open connections to private
+      IP addresses (like 127.0.0.1, 10.0.0.1, and so on) with
+      a randomly chosen exit node. Attempts to do so are always
+      ill-defined, generally prevented by exit policies, and usually
+      in error. This will also help to detect loops in transparent
+      proxy configurations. You can disable this feature by setting
+      "ClientRejectInternalAddresses 0" in your torrc.
+    - Always treat failure to allocate an RSA key as an unrecoverable
+      allocation error.
+    - Update to the March 1 2011 Maxmind GeoLite Country database.
+
+  o Minor features (log subsystem):
+    - Add documentation for configuring logging at different severities in
+      different log domains. We've had this feature since 0.2.1.1-alpha,
+      but for some reason it never made it into the manpage. Fixes
+      bug 2215.
+    - Make it simpler to specify "All log domains except for A and B".
+      Previously you needed to say "[*,~A,~B]". Now you can just say
+      "[~A,~B]".
+    - Add a "LogMessageDomains 1" option to include the domains of log
+      messages along with the messages. Without this, there's no way
+      to use log domains without reading the source or doing a lot
+      of guessing.
+
+  o Packaging changes:
+    - Stop shipping the Tor specs files and development proposal documents
+      in the tarball. They are now in a separate git repository at
+      git://git.torproject.org/torspec.git
+
+
+Changes in version 0.2.1.30 - 2011-02-23
+  Tor 0.2.1.30 fixes a variety of less critical bugs. The main other
+  change is a slight tweak to Tor's TLS handshake that makes relays
+  and bridges that run this new version reachable from Iran again.
+  We don't expect this tweak will win the arms race long-term, but it
+  buys us time until we roll out a better solution.
+
+  o Major bugfixes:
+    - Stop sending a CLOCK_SKEW controller status event whenever
+      we fetch directory information from a relay that has a wrong clock.
+      Instead, only inform the controller when it's a trusted authority
+      that claims our clock is wrong. Bugfix on 0.1.2.6-alpha; fixes
+      the rest of bug 1074.
+    - Fix a bounds-checking error that could allow an attacker to
+      remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
+      Found by "piebeer".
+    - If relays set RelayBandwidthBurst but not RelayBandwidthRate,
+      Tor would ignore their RelayBandwidthBurst setting,
+      potentially using more bandwidth than expected. Bugfix on
+      0.2.0.1-alpha. Reported by Paul Wouters. Fixes bug 2470.
+    - Ignore and warn if the user mistakenly sets "PublishServerDescriptor
+      hidserv" in her torrc. The 'hidserv' argument never controlled
+      publication of hidden service descriptors. Bugfix on 0.2.0.1-alpha.
+
+  o Minor features:
+    - Adjust our TLS Diffie-Hellman parameters to match those used by
+      Apache's mod_ssl.
+    - Update to the February 1 2011 Maxmind GeoLite Country database.
+
+  o Minor bugfixes:
+    - Check for and reject overly long directory certificates and
+      directory tokens before they have a chance to hit any assertions.
+      Bugfix on 0.2.1.28. Found by "doorss".
+    - Bring the logic that gathers routerinfos and assesses the
+      acceptability of circuits into line. This prevents a Tor OP from
+      getting locked in a cycle of choosing its local OR as an exit for a
+      path (due to a .exit request) and then rejecting the circuit because
+      its OR is not listed yet. It also prevents Tor clients from using an
+      OR running in the same instance as an exit (due to a .exit request)
+      if the OR does not meet the same requirements expected of an OR
+      running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
+
+  o Packaging changes:
+    - Stop shipping the Tor specs files and development proposal documents
+      in the tarball. They are now in a separate git repository at
+      git://git.torproject.org/torspec.git
+    - Do not include Git version tags as though they are SVN tags when
+      generating a tarball from inside a repository that has switched
+      between branches. Bugfix on 0.2.1.15-rc; fixes bug 2402.
+
+
+Changes in version 0.2.2.22-alpha - 2011-01-25
+  Tor 0.2.2.22-alpha fixes a few more less-critical security issues. The
+  main other change is a slight tweak to Tor's TLS handshake that makes
+  relays and bridges that run this new version reachable from Iran again.
+  We don't expect this tweak will win the arms race long-term, but it
+  will buy us a bit more time until we roll out a better solution.
+
+  o Major bugfixes:
+    - Fix a bounds-checking error that could allow an attacker to
+      remotely crash a directory authority. Bugfix on 0.2.1.5-alpha.
+      Found by "piebeer".
+    - Don't assert when changing from bridge to relay or vice versa
+      via the controller. The assert happened because we didn't properly
+      initialize our keys in this case. Bugfix on 0.2.2.18-alpha; fixes
+      bug 2433. Reported by bastik.
+
+  o Minor features:
+    - Adjust our TLS Diffie-Hellman parameters to match those used by
+      Apache's mod_ssl.
+    - Provide a log message stating which geoip file we're parsing
+      instead of just stating that we're parsing the geoip file.
+      Implements ticket 2432.
+
+  o Minor bugfixes:
+    - Check for and reject overly long directory certificates and
+      directory tokens before they have a chance to hit any assertions.
+      Bugfix on 0.2.1.28 / 0.2.2.20-alpha. Found by "doorss".
+
+
+Changes in version 0.2.2.21-alpha - 2011-01-15
+  Tor 0.2.2.21-alpha includes all the patches from Tor 0.2.1.29, which
+  continues our recent code security audit work. The main fix resolves
+  a remote heap overflow vulnerability that can allow remote code
+  execution (CVE-2011-0427). Other fixes address a variety of assert
+  and crash bugs, most of which we think are hard to exploit remotely.
+
+  o Major bugfixes (security), also included in 0.2.1.29:
+    - Fix a heap overflow bug where an adversary could cause heap
+      corruption. This bug probably allows remote code execution
+      attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
+      0.1.2.10-rc.
+    - Prevent a denial-of-service attack by disallowing any
+      zlib-compressed data whose compression factor is implausibly
+      high. Fixes part of bug 2324; reported by "doorss".
+    - Zero out a few more keys in memory before freeing them. Fixes
+      bug 2384 and part of bug 2385. These key instances found by
+      "cypherpunks", based on Andrew Case's report about being able
+      to find sensitive data in Tor's memory space if you have enough
+      permissions. Bugfix on 0.0.2pre9.
+
+  o Major bugfixes (crashes), also included in 0.2.1.29:
+    - Prevent calls to Libevent from inside Libevent log handlers.
+      This had potential to cause a nasty set of crashes, especially
+      if running Libevent with debug logging enabled, and running
+      Tor with a controller watching for low-severity log messages.
+      Bugfix on 0.1.0.2-rc. Fixes bug 2190.
+    - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
+      underflow errors there too. Fixes the other part of bug 2324.
+    - Fix a bug where we would assert if we ever had a
+      cached-descriptors.new file (or another file read directly into
+      memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
+      on 0.2.1.25. Found by doorss.
+    - Fix some potential asserts and parsing issues with grossly
+      malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
+      Found by doorss.
+
+  o Minor bugfixes (other), also included in 0.2.1.29:
+    - Fix a bug with handling misformed replies to reverse DNS lookup
+      requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
+      bug reported by doorss.
+    - Fix compilation on mingw when a pthreads compatibility library
+      has been installed. (We don't want to use it, so we shouldn't
+      be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
+    - Fix a bug where we would declare that we had run out of virtual
+      addresses when the address space was only half-exhausted. Bugfix
+      on 0.1.2.1-alpha.
+    - Correctly handle the case where AutomapHostsOnResolve is set but
+      no virtual addresses are available. Fixes bug 2328; bugfix on
+      0.1.2.1-alpha. Bug found by doorss.
+    - Correctly handle wrapping around when we run out of virtual
+      address space. Found by cypherpunks; bugfix on 0.2.0.5-alpha.
+
+  o Minor features, also included in 0.2.1.29:
+    - Update to the January 1 2011 Maxmind GeoLite Country database.
+    - Introduce output size checks on all of our decryption functions.
+
+  o Build changes, also included in 0.2.1.29:
+    - Tor does not build packages correctly with Automake 1.6 and earlier;
+      added a check to Makefile.am to make sure that we're building with
+      Automake 1.7 or later.
+    - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c
+      because we built it with a too-old version of automake. Thus that
+      release broke ./configure --enable-openbsd-malloc, which is popular
+      among really fast exit relays on Linux.
+
+  o Major bugfixes, new in 0.2.2.21-alpha:
+    - Prevent crash/heap corruption when the cbtnummodes consensus
+      parameter is set to 0 or large values. Fixes bug 2317; bugfix
+      on 0.2.2.14-alpha.
+
+  o Major features, new in 0.2.2.21-alpha:
+    - Introduce minimum/maximum values that clients will believe
+      from the consensus. Now we'll have a better chance to avoid crashes
+      or worse when a consensus param has a weird value.
+
+  o Minor features, new in 0.2.2.21-alpha:
+    - Make sure to disable DirPort if running as a bridge. DirPorts aren't
+      used on bridges, and it makes bridge scanning somewhat easier.
+    - If writing the state file to disk fails, wait up to an hour before
+      retrying again, rather than trying again each second. Fixes bug
+      2346; bugfix on Tor 0.1.1.3-alpha.
+    - Make Libevent log messages get delivered to controllers later,
+      and not from inside the Libevent log handler. This prevents unsafe
+      reentrant Libevent calls while still letting the log messages
+      get through.
+    - Detect platforms that brokenly use a signed size_t, and refuse to
+      build there. Found and analyzed by doorss and rransom.
+    - Fix a bunch of compile warnings revealed by mingw with gcc 4.5.
+      Resolves bug 2314.
+
+  o Minor bugfixes, new in 0.2.2.21-alpha:
+    - Handle SOCKS messages longer than 128 bytes long correctly, rather
+      than waiting forever for them to finish. Fixes bug 2330; bugfix
+      on 0.2.0.16-alpha. Found by doorss.
+    - Add assertions to check for overflow in arguments to
+      base32_encode() and base32_decode(); fix a signed-unsigned
+      comparison there too. These bugs are not actually reachable in Tor,
+      but it's good to prevent future errors too. Found by doorss.
+    - Correctly detect failures to create DNS requests when using Libevent
+      versions before v2. (Before Libevent 2, we used our own evdns
+      implementation. Its return values for Libevent's evdns_resolve_*()
+      functions are not consistent with those from Libevent.) Fixes bug
+      2363; bugfix on 0.2.2.6-alpha. Found by "lodger".
+
+  o Documentation, new in 0.2.2.21-alpha:
+    - Document the default socks host and port (127.0.0.1:9050) for
+      tor-resolve.
+
+
+Changes in version 0.2.1.29 - 2011-01-15
+  Tor 0.2.1.29 continues our recent code security audit work. The main
+  fix resolves a remote heap overflow vulnerability that can allow remote
+  code execution. Other fixes address a variety of assert and crash bugs,
+  most of which we think are hard to exploit remotely.
+
+  o Major bugfixes (security):
+    - Fix a heap overflow bug where an adversary could cause heap
+      corruption. This bug probably allows remote code execution
+      attacks. Reported by "debuger". Fixes CVE-2011-0427. Bugfix on
+      0.1.2.10-rc.
+    - Prevent a denial-of-service attack by disallowing any
+      zlib-compressed data whose compression factor is implausibly
+      high. Fixes part of bug 2324; reported by "doorss".
+    - Zero out a few more keys in memory before freeing them. Fixes
+      bug 2384 and part of bug 2385. These key instances found by
+      "cypherpunks", based on Andrew Case's report about being able
+      to find sensitive data in Tor's memory space if you have enough
+      permissions. Bugfix on 0.0.2pre9.
+
+  o Major bugfixes (crashes):
+    - Prevent calls to Libevent from inside Libevent log handlers.
+      This had potential to cause a nasty set of crashes, especially
+      if running Libevent with debug logging enabled, and running
+      Tor with a controller watching for low-severity log messages.
+      Bugfix on 0.1.0.2-rc. Fixes bug 2190.
+    - Add a check for SIZE_T_MAX to tor_realloc() to try to avoid
+      underflow errors there too. Fixes the other part of bug 2324.
+    - Fix a bug where we would assert if we ever had a
+      cached-descriptors.new file (or another file read directly into
+      memory) of exactly SIZE_T_CEILING bytes. Fixes bug 2326; bugfix
+      on 0.2.1.25. Found by doorss.
+    - Fix some potential asserts and parsing issues with grossly
+      malformed router caches. Fixes bug 2352; bugfix on Tor 0.2.1.27.
+      Found by doorss.
+
+  o Minor bugfixes (other):
+    - Fix a bug with handling misformed replies to reverse DNS lookup
+      requests in DNSPort. Bugfix on Tor 0.2.0.1-alpha. Related to a
+      bug reported by doorss.
+    - Fix compilation on mingw when a pthreads compatibility library
+      has been installed. (We don't want to use it, so we shouldn't
+      be including pthread.h.) Fixes bug 2313; bugfix on 0.1.0.1-rc.
+    - Fix a bug where we would declare that we had run out of virtual
+      addresses when the address space was only half-exhausted. Bugfix
+      on 0.1.2.1-alpha.
+    - Correctly handle the case where AutomapHostsOnResolve is set but
+      no virtual addresses are available. Fixes bug 2328; bugfix on
+      0.1.2.1-alpha. Bug found by doorss.
+    - Correctly handle wrapping around to when we run out of virtual
+      address space. Found by cypherpunks, bugfix on 0.2.0.5-alpha.
+    - The 0.2.1.28 tarball was missing src/common/OpenBSD_malloc_Linux.c
+      because we built it with a too-old version of automake. Thus that
+      release broke ./configure --enable-openbsd-malloc, which is popular
+      among really fast exit relays on Linux.
+
+  o Minor features:
+    - Update to the January 1 2011 Maxmind GeoLite Country database.
+    - Introduce output size checks on all of our decryption functions.
+
+  o Build changes:
+    - Tor does not build packages correctly with Automake 1.6 and earlier;
+      added a check to Makefile.am to make sure that we're building with
+      Automake 1.7 or later.
+
+
+Changes in version 0.2.2.20-alpha - 2010-12-17
+  Tor 0.2.2.20-alpha does some code cleanup to reduce the risk of remotely
+  exploitable bugs. We also fix a variety of other significant bugs,
+  change the IP address for one of our directory authorities, and update
+  the minimum version that Tor relays must run to join the network.
+
+  o Major bugfixes:
+    - Fix a remotely exploitable bug that could be used to crash instances
+      of Tor remotely by overflowing on the heap. Remote-code execution
+      hasn't been confirmed, but can't be ruled out. Everyone should
+      upgrade. Bugfix on the 0.1.1 series and later.
+    - Fix a bug that could break accounting on 64-bit systems with large
+      time_t values, making them hibernate for impossibly long intervals.
+      Fixes bug 2146. Bugfix on 0.0.9pre6; fix by boboper.
+    - Fix a logic error in directory_fetches_from_authorities() that
+      would cause all _non_-exits refusing single-hop-like circuits
+      to fetch from authorities, when we wanted to have _exits_ fetch
+      from authorities. Fixes more of 2097. Bugfix on 0.2.2.16-alpha;
+      fix by boboper.
+    - Fix a stream fairness bug that would cause newer streams on a given
+      circuit to get preference when reading bytes from the origin or
+      destination. Fixes bug 2210. Fix by Mashael AlSabah. This bug was
+      introduced before the first Tor release, in svn revision r152.
+
+  o Directory authority changes:
+    - Change IP address and ports for gabelmoo (v3 directory authority).
+
+  o Minor bugfixes:
+    - Avoid crashes when AccountingMax is set on clients. Fixes bug 2235.
+      Bugfix on 0.2.2.18-alpha. Diagnosed by boboper.
+    - Fix an off-by-one error in calculating some controller command
+      argument lengths. Fortunately, this mistake is harmless since
+      the controller code does redundant NUL termination too. Found by
+      boboper. Bugfix on 0.1.1.1-alpha.
+    - Do not dereference NULL if a bridge fails to build its
+      extra-info descriptor. Found by an anonymous commenter on
+      Trac. Bugfix on 0.2.2.19-alpha.
+
+  o Minor features:
+    - Update to the December 1 2010 Maxmind GeoLite Country database.
+    - Directory authorities now reject relays running any versions of
+      Tor between 0.2.1.3-alpha and 0.2.1.18 inclusive; they have
+      known bugs that keep RELAY_EARLY cells from working on rendezvous
+      circuits. Followup to fix for bug 2081.
+    - Directory authorities now reject relays running any version of Tor
+      older than 0.2.0.26-rc. That version is the earliest that fetches
+      current directory information correctly. Fixes bug 2156.
+    - Report only the top 10 ports in exit-port stats in order not to
+      exceed the maximum extra-info descriptor length of 50 KB. Implements
+      task 2196.
+
+
+Changes in version 0.2.1.28 - 2010-12-17
+  Tor 0.2.1.28 does some code cleanup to reduce the risk of remotely
+  exploitable bugs. We also took this opportunity to change the IP address
+  for one of our directory authorities, and to update the geoip database
+  we ship.
+
+  o Major bugfixes:
+    - Fix a remotely exploitable bug that could be used to crash instances
+      of Tor remotely by overflowing on the heap. Remote-code execution
+      hasn't been confirmed, but can't be ruled out. Everyone should
+      upgrade. Bugfix on the 0.1.1 series and later.
+
+  o Directory authority changes:
+    - Change IP address and ports for gabelmoo (v3 directory authority).
+
+  o Minor features:
+    - Update to the December 1 2010 Maxmind GeoLite Country database.
+
+
+Changes in version 0.2.1.27 - 2010-11-23
+  Yet another OpenSSL security patch broke its compatibility with Tor:
+  Tor 0.2.1.27 makes relays work with openssl 0.9.8p and 1.0.0.b. We
+  also took this opportunity to fix several crash bugs, integrate a new
+  directory authority, and update the bundled GeoIP database.
+
+  o Major bugfixes:
+    - Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b:
+      No longer set the tlsext_host_name extension on server SSL objects;
+      but continue to set it on client SSL objects. Our goal in setting
+      it was to imitate a browser, not a vhosting server. Fixes bug 2204;
+      bugfix on 0.2.1.1-alpha.
+    - Do not log messages to the controller while shrinking buffer
+      freelists. Doing so would sometimes make the controller connection
+      try to allocate a buffer chunk, which would mess up the internals
+      of the freelist and cause an assertion failure. Fixes bug 1125;
+      fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha.
+    - Learn our external IP address when we're a relay or bridge, even if
+      we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha,
+      where we introduced bridge relays that don't need to publish to
+      be useful. Fixes bug 2050.
+    - Do even more to reject (and not just ignore) annotations on
+      router descriptors received anywhere but from the cache. Previously
+      we would ignore such annotations at first, but cache them to disk
+      anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
+    - When you're using bridges and your network goes away and your
+      bridges get marked as down, recover when you attempt a new socks
+      connection (if the network is back), rather than waiting up to an
+      hour to try fetching new descriptors for your bridges. Bugfix on
+      0.2.0.3-alpha; fixes bug 1981.
+
+  o Major features:
+    - Move to the November 2010 Maxmind GeoLite country db (rather
+      than the June 2009 ip-to-country GeoIP db) for our statistics that
+      count how many users relays are seeing from each country. Now we'll
+      have more accurate data, especially for many African countries.
+
+  o New directory authorities:
+    - Set up maatuska (run by Linus Nordberg) as the eighth v3 directory
+      authority.
+
+  o Minor bugfixes:
+    - Fix an assertion failure that could occur in directory caches or
+      bridge users when using a very short voting interval on a testing
+      network. Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on
+      0.2.0.8-alpha.
+    - Enforce multiplicity rules when parsing annotations. Bugfix on
+      0.2.0.8-alpha. Found by piebeer.
+    - Allow handshaking OR connections to take a full KeepalivePeriod
+      seconds to handshake. Previously, we would close them after
+      IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they
+      were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san
+      for analysis help.
+    - When building with --enable-gcc-warnings on OpenBSD, disable
+      warnings in system headers. This makes --enable-gcc-warnings
+      pass on OpenBSD 4.8.
+
+  o Minor features:
+    - Exit nodes didn't recognize EHOSTUNREACH as a plausible error code,
+      and so sent back END_STREAM_REASON_MISC. Clients now recognize a new
+      stream ending reason for this case: END_STREAM_REASON_NOROUTE.
+      Servers can start sending this code when enough clients recognize
+      it. Bugfix on 0.1.0.1-rc; fixes part of bug 1793.
+    - Build correctly on mingw with more recent versions of OpenSSL 0.9.8.
+      Patch from mingw-san.
+
+  o Removed files:
+    - Remove the old debian/ directory from the main Tor distribution.
+      The official Tor-for-debian git repository lives at the URL
+      https://git.torproject.org/debian/tor.git
+    - Stop shipping the old doc/website/ directory in the tarball. We
+      changed the website format in late 2010, and what we shipped in
+      0.2.1.26 really wasn't that useful anyway.
+
+
+Changes in version 0.2.2.19-alpha - 2010-11-22
+  Yet another OpenSSL security patch broke its compatibility with Tor:
+  Tor 0.2.2.19-alpha makes relays work with OpenSSL 0.9.8p and 1.0.0.b.
+
+  o Major bugfixes:
+    - Resolve an incompatibility with OpenSSL 0.9.8p and OpenSSL 1.0.0b:
+      No longer set the tlsext_host_name extension on server SSL objects;
+      but continue to set it on client SSL objects. Our goal in setting
+      it was to imitate a browser, not a vhosting server. Fixes bug 2204;
+      bugfix on 0.2.1.1-alpha.
+
+  o Minor bugfixes:
+    - Try harder not to exceed the maximum length of 50 KB when writing
+      statistics to extra-info descriptors. This bug was triggered by very
+      fast relays reporting exit-port, entry, and dirreq statistics.
+      Reported by Olaf Selke. Bugfix on 0.2.2.1-alpha. Fixes bug 2183.
+    - Publish a router descriptor even if generating an extra-info
+      descriptor fails. Previously we would not publish a router
+      descriptor without an extra-info descriptor; this can cause fast
+      exit relays collecting exit-port statistics to drop from the
+      consensus. Bugfix on 0.1.2.9-rc; fixes bug 2195.
+
+
+Changes in version 0.2.2.18-alpha - 2010-11-16
+  Tor 0.2.2.18-alpha fixes several crash bugs that have been nagging
+  us lately, makes unpublished bridge relays able to detect their IP
+  address, and fixes a wide variety of other bugs to get us much closer
+  to a stable release.
+
+  o Major bugfixes:
+    - Do even more to reject (and not just ignore) annotations on
+      router descriptors received anywhere but from the cache. Previously
+      we would ignore such annotations at first, but cache them to disk
+      anyway. Bugfix on 0.2.0.8-alpha. Found by piebeer.
+    - Do not log messages to the controller while shrinking buffer
+      freelists. Doing so would sometimes make the controller connection
+      try to allocate a buffer chunk, which would mess up the internals
+      of the freelist and cause an assertion failure. Fixes bug 1125;
+      fixed by Robert Ransom. Bugfix on 0.2.0.16-alpha.
+    - Learn our external IP address when we're a relay or bridge, even if
+      we set PublishServerDescriptor to 0. Bugfix on 0.2.0.3-alpha,
+      where we introduced bridge relays that don't need to publish to
+      be useful. Fixes bug 2050.
+    - Maintain separate TLS contexts and certificates for incoming and
+      outgoing connections in bridge relays. Previously we would use the
+      same TLS contexts and certs for incoming and outgoing connections.
+      Bugfix on 0.2.0.3-alpha; addresses bug 988.
+    - Maintain separate identity keys for incoming and outgoing TLS
+      contexts in bridge relays. Previously we would use the same
+      identity keys for incoming and outgoing TLS contexts. Bugfix on
+      0.2.0.3-alpha; addresses the other half of bug 988.
+    - Avoid an assertion failure when we as an authority receive a
+      duplicate upload of a router descriptor that we already have,
+      but which we previously considered an obsolete descriptor.
+      Fixes another case of bug 1776. Bugfix on 0.2.2.16-alpha.
+    - Avoid a crash bug triggered by looking at a dangling pointer while
+      setting the network status consensus. Found by Robert Ransom.
+      Bugfix on 0.2.2.17-alpha. Fixes bug 2097.
+    - Fix a logic error where servers that _didn't_ act as exits would
+      try to keep their server lists more aggressively up to date than
+      exits, when it was supposed to be the other way around. Bugfix
+      on 0.2.2.17-alpha.
+
+  o Minor bugfixes (on Tor 0.2.1.x and earlier):
+    - When we're trying to guess whether we know our IP address as
+      a relay, we would log various ways that we failed to guess
+      our address, but never log that we ended up guessing it
+      successfully. Now add a log line to help confused and anxious
+      relay operators. Bugfix on 0.1.2.1-alpha; fixes bug 1534.
+    - Bring the logic that gathers routerinfos and assesses the
+      acceptability of circuits into line. This prevents a Tor OP from
+      getting locked in a cycle of choosing its local OR as an exit for a
+      path (due to a .exit request) and then rejecting the circuit because
+      its OR is not listed yet. It also prevents Tor clients from using an
+      OR running in the same instance as an exit (due to a .exit request)
+      if the OR does not meet the same requirements expected of an OR
+      running elsewhere. Fixes bug 1859; bugfix on 0.1.0.1-rc.
+    - Correctly describe errors that occur when generating a TLS object.
+      Previously we would attribute them to a failure while generating a
+      TLS context. Patch by Robert Ransom. Bugfix on 0.1.0.4-rc; fixes
+      bug 1994.
+    - Enforce multiplicity rules when parsing annotations. Bugfix on
+      0.2.0.8-alpha. Found by piebeer.
+    - Fix warnings that newer versions of autoconf produced during
+      ./autogen.sh. These warnings appear to be harmless in our case,
+      but they were extremely verbose. Fixes bug 2020.
+
+  o Minor bugfixes (on Tor 0.2.2.x):
+    - Enable protection of small arrays whenever we build with gcc
+      hardening features, not only when also building with warnings
+      enabled. Fixes bug 2031; bugfix on 0.2.2.14-alpha. Reported by keb.
+
+  o Minor features:
+    - Make hidden services work better in private Tor networks by not
+      requiring any uptime to join the hidden service descriptor
+      DHT. Implements ticket 2088.
+    - Rate-limit the "your application is giving Tor only an IP address"
+      warning. Addresses bug 2000; bugfix on 0.0.8pre2.
+    - When AllowSingleHopExits is set, print a warning to explain to the
+      relay operator why most clients are avoiding her relay.
+    - Update to the November 1 2010 Maxmind GeoLite Country database.
+
+  o Code simplifications and refactoring:
+    - When we fixed bug 1038 we had to put in a restriction not to send
+      RELAY_EARLY cells on rend circuits. This was necessary as long
+      as relays using Tor 0.2.1.3-alpha through 0.2.1.18-alpha were
+      active. Now remove this obsolete check. Resolves bug 2081.
+    - Some options used different conventions for uppercasing of acronyms
+      when comparing manpage and source. Fix those in favor of the
+      manpage, as it makes sense to capitalize acronyms.
+    - Remove the torrc.complete file. It hasn't been kept up to date
+      and users will have better luck checking out the manpage.
+    - Remove the obsolete "NoPublish" option; it has been flagged
+      as obsolete and has produced a warning since 0.1.1.18-rc.
+    - Remove everything related to building the expert bundle for OS X.
+      It has confused many users, doesn't work right on OS X 10.6,
+      and is hard to get rid of once installed. Resolves bug 1274.
+
+
+Changes in version 0.2.2.17-alpha - 2010-09-30
+  Tor 0.2.2.17-alpha introduces a feature to make it harder for clients
+  to use one-hop circuits (which can put the exit relays at higher risk,
+  plus unbalance the network); fixes a big bug in bandwidth accounting
+  for relays that want to limit their monthly bandwidth use; fixes a
+  big pile of bugs in how clients tolerate temporary network failure;
+  and makes our adaptive circuit build timeout feature (which improves
+  client performance if your network is fast while not breaking things
+  if your network is slow) better handle bad networks.
+
+  o Major features:
+    - Exit relays now try harder to block exit attempts from unknown
+      relays, to make it harder for people to use them as one-hop proxies
+      a la tortunnel. Controlled by the refuseunknownexits consensus
+      parameter (currently enabled), or you can override it on your
+      relay with the RefuseUnknownExits torrc option. Resolves bug 1751.
+
+  o Major bugfixes (0.2.1.x and earlier):
+    - Fix a bug in bandwidth accounting that could make us use twice
+      the intended bandwidth when our interval start changes due to
+      daylight saving time. Now we tolerate skew in stored vs computed
+      interval starts: if the start of the period changes by no more than
+      50% of the period's duration, we remember bytes that we transferred
+      in the old period. Fixes bug 1511; bugfix on 0.0.9pre5.
+    - Always search the Windows system directory for system DLLs, and
+      nowhere else. Bugfix on 0.1.1.23; fixes bug 1954.
+    - When you're using bridges and your network goes away and your
+      bridges get marked as down, recover when you attempt a new socks
+      connection (if the network is back), rather than waiting up to an
+      hour to try fetching new descriptors for your bridges. Bugfix on
+      0.2.0.3-alpha; fixes bug 1981.
+
+  o Major bugfixes (on 0.2.2.x):
+    - Fix compilation on Windows. Bugfix on 0.2.2.16-alpha; related to
+      bug 1797.
+    - Fix a segfault that could happen when operating a bridge relay with
+      no GeoIP database set. Fixes bug 1964; bugfix on 0.2.2.15-alpha.
+    - The consensus bandwidth-weights (used by clients to choose fast
+      relays) entered an unexpected edge case in September where
+      Exits were much scarcer than Guards, resulting in bad weight
+      recommendations. Now we compute them using new constraints that
+      should succeed in all cases. Also alter directory authorities to
+      not include the bandwidth-weights line if they fail to produce
+      valid values. Fixes bug 1952; bugfix on 0.2.2.10-alpha.
+    - When weighting bridges during path selection, we used to trust
+      the bandwidths they provided in their descriptor, only capping them
+      at 10MB/s. This turned out to be problematic for two reasons:
+      Bridges could claim to handle a lot more traffic then they
+      actually would, thus making more clients pick them and have a
+      pretty effective DoS attack. The other issue is that new bridges
+      that might not have a good estimate for their bw capacity yet
+      would not get used at all unless no other bridges are available
+      to a client. Fixes bug 1912; bugfix on 0.2.2.7-alpha.
+
+  o Major bugfixes (on the circuit build timeout feature, 0.2.2.x):
+    - Ignore cannibalized circuits when recording circuit build times.
+      This should provide for a minor performance improvement for hidden
+      service users using 0.2.2.14-alpha, and should remove two spurious
+      notice log messages. Bugfix on 0.2.2.14-alpha; fixes bug 1740.
+    - Simplify the logic that causes us to decide if the network is
+      unavailable for purposes of recording circuit build times. If we
+      receive no cells whatsoever for the entire duration of a circuit's
+      full measured lifetime, the network is probably down. Also ignore
+      one-hop directory fetching circuit timeouts when calculating our
+      circuit build times. These changes should hopefully reduce the
+      cases where we see ridiculous circuit build timeouts for people
+      with spotty wireless connections. Fixes part of bug 1772; bugfix
+      on 0.2.2.2-alpha.
+    - Prevent the circuit build timeout from becoming larger than
+      the maximum build time we have ever seen. Also, prevent the time
+      period for measurement circuits from becoming larger than twice that
+      value. Fixes the other part of bug 1772; bugfix on 0.2.2.2-alpha.
+
+  o Minor features:
+    - When we run out of directory information such that we can't build
+      circuits, but then get enough that we can build circuits, log when
+      we actually construct a circuit, so the user has a better chance of
+      knowing what's going on. Fixes bug 1362.
+    - Be more generous with how much bandwidth we'd use up (with
+      accounting enabled) before entering "soft hibernation". Previously,
+      we'd refuse new connections and circuits once we'd used up 95% of
+      our allotment. Now, we use up 95% of our allotment, AND make sure
+      that we have no more than 500MB (or 3 hours of expected traffic,
+      whichever is lower) remaining before we enter soft hibernation.
+    - If we've configured EntryNodes and our network goes away and/or all
+      our entrynodes get marked down, optimistically retry them all when
+      a new socks application request appears. Fixes bug 1882.
+    - Add some more defensive programming for architectures that can't
+      handle unaligned integer accesses. We don't know of any actual bugs
+      right now, but that's the best time to fix them. Fixes bug 1943.
+    - Support line continuations in the torrc config file. If a line
+      ends with a single backslash character, the newline is ignored, and
+      the configuration value is treated as continuing on the next line.
+      Resolves bug 1929.
+
+  o Minor bugfixes (on 0.2.1.x and earlier):
+    - For bandwidth accounting, calculate our expected bandwidth rate
+      based on the time during which we were active and not in
+      soft-hibernation during the last interval. Previously, we were
+      also considering the time spent in soft-hibernation. If this
+      was a long time, we would wind up underestimating our bandwidth
+      by a lot, and skewing our wakeup time towards the start of the
+      accounting interval. Fixes bug 1789. Bugfix on 0.0.9pre5.
+
+  o Minor bugfixes (on 0.2.2.x):
+    - Resume generating CIRC FAILED REASON=TIMEOUT control port messages,
+      which were disabled by the circuit build timeout changes in
+      0.2.2.14-alpha. Bugfix on 0.2.2.14-alpha; fixes bug 1739.
+    - Make sure we don't warn about missing bandwidth weights when
+      choosing bridges or other relays not in the consensus. Bugfix on
+      0.2.2.10-alpha; fixes bug 1805.
+    - In our logs, do not double-report signatures from unrecognized
+      authorities both as "from unknown authority" and "not
+      present". Fixes bug 1956, bugfix on 0.2.2.16-alpha.
+
+
+Changes in version 0.2.2.16-alpha - 2010-09-17
+  Tor 0.2.2.16-alpha fixes a variety of old stream fairness bugs (most
+  evident at exit relays), and also continues to resolve all the little
+  bugs that have been filling up trac lately.
+
+  o Major bugfixes (stream-level fairness):
+    - When receiving a circuit-level SENDME for a blocked circuit, try
+      to package cells fairly from all the streams that had previously
+      been blocked on that circuit. Previously, we had started with the
+      oldest stream, and allowed each stream to potentially exhaust
+      the circuit's package window. This gave older streams on any
+      given circuit priority over newer ones. Fixes bug 1937. Detected
+      originally by Camilo Viecco. This bug was introduced before the
+      first Tor release, in svn commit r152: it is the new winner of
+      the longest-lived bug prize.
+    - When the exit relay got a circuit-level sendme cell, it started
+      reading on the exit streams, even if had 500 cells queued in the
+      circuit queue already, so the circuit queue just grew and grew in
+      some cases. We fix this by not re-enabling reading on receipt of a
+      sendme cell when the cell queue is blocked. Fixes bug 1653. Bugfix
+      on 0.2.0.1-alpha. Detected by Mashael AlSabah. Original patch by
+      "yetonetime".
+    - Newly created streams were allowed to read cells onto circuits,
+      even if the circuit's cell queue was blocked and waiting to drain.
+      This created potential unfairness, as older streams would be
+      blocked, but newer streams would gladly fill the queue completely.
+      We add code to detect this situation and prevent any stream from
+      getting more than one free cell. Bugfix on 0.2.0.1-alpha. Partially
+      fixes bug 1298.
+
+  o Minor features:
+    - Update to the September 1 2010 Maxmind GeoLite Country database.
+    - Warn when CookieAuthFileGroupReadable is set but CookieAuthFile is
+      not. This would lead to a cookie that is still not group readable.
+      Closes bug 1843. Suggested by katmagic.
+    - When logging a rate-limited warning, we now mention how many messages
+      got suppressed since the last warning.
+    - Add new "perconnbwrate" and "perconnbwburst" consensus params to
+      do individual connection-level rate limiting of clients. The torrc
+      config options with the same names trump the consensus params, if
+      both are present. Replaces the old "bwconnrate" and "bwconnburst"
+      consensus params which were broken from 0.2.2.7-alpha through
+      0.2.2.14-alpha. Closes bug 1947.
+    - When a router changes IP address or port, authorities now launch
+      a new reachability test for it. Implements ticket 1899.
+    - Make the formerly ugly "2 unknown, 7 missing key, 0 good, 0 bad,
+      2 no signature, 4 required" messages about consensus signatures
+      easier to read, and make sure they get logged at the same severity
+      as the messages explaining which keys are which. Fixes bug 1290.
+    - Don't warn when we have a consensus that we can't verify because
+      of missing certificates, unless those certificates are ones
+      that we have been trying and failing to download. Fixes bug 1145.
+    - If you configure your bridge with a known identity fingerprint,
+      and the bridge authority is unreachable (as it is in at least
+      one country now), fall back to directly requesting the descriptor
+      from the bridge. Finishes the feature started in 0.2.0.10-alpha;
+      closes bug 1138.
+    - When building with --enable-gcc-warnings on OpenBSD, disable
+      warnings in system headers. This makes --enable-gcc-warnings
+      pass on OpenBSD 4.8.
+
+  o Minor bugfixes (on 0.2.1.x and earlier):
+    - Authorities will now attempt to download consensuses if their
+      own efforts to make a live consensus have failed. This change
+      means authorities that restart will fetch a valid consensus, and
+      it means authorities that didn't agree with the current consensus
+      will still fetch and serve it if it has enough signatures. Bugfix
+      on 0.2.0.9-alpha; fixes bug 1300.
+    - Ensure DNS requests launched by "RESOLVE" commands from the
+      controller respect the __LeaveStreamsUnattached setconf options. The
+      same goes for requests launched via DNSPort or transparent
+      proxying. Bugfix on 0.2.0.1-alpha; fixes bug 1525.
+    - Allow handshaking OR connections to take a full KeepalivePeriod
+      seconds to handshake. Previously, we would close them after
+      IDLE_OR_CONN_TIMEOUT (180) seconds, the same timeout as if they
+      were open. Bugfix on 0.2.1.26; fixes bug 1840. Thanks to mingw-san
+      for analysis help.
+    - Rate-limit "Failed to hand off onionskin" warnings.
+    - Never relay a cell for a circuit we have already destroyed.
+      Between marking a circuit as closeable and finally closing it,
+      it may have been possible for a few queued cells to get relayed,
+      even though they would have been immediately dropped by the next
+      OR in the circuit. Fixes bug 1184; bugfix on 0.2.0.1-alpha.
+    - Never queue a cell for a circuit that's already been marked
+      for close.
+    - Never vote for a server as "Running" if we have a descriptor for
+      it claiming to be hibernating, and that descriptor was published
+      more recently than our last contact with the server. Bugfix on
+      0.2.0.3-alpha; fixes bug 911.
+    - Squash a compile warning on OpenBSD. Reported by Tas; fixes
+      bug 1848.
+
+  o Minor bugfixes (on 0.2.2.x):
+    - Fix a regression introduced in 0.2.2.7-alpha that marked relays
+      down if a directory fetch fails and you've configured either
+      bridges or EntryNodes. The intent was to mark the relay as down
+      _unless_ you're using bridges or EntryNodes, since if you are
+      then you could quickly run out of entry points.
+    - Fix the Windows directory-listing code. A bug introduced in
+      0.2.2.14-alpha could make Windows directory servers forget to load
+      some of their cached v2 networkstatus files.
+    - Really allow clients to use relays as bridges. Fixes bug 1776;
+      bugfix on 0.2.2.15-alpha.
+    - Demote a warn to info that happens when the CellStatistics option
+      was just enabled. Bugfix on 0.2.2.15-alpha; fixes bug 1921.
+      Reported by Moritz Bartl.
+    - On Windows, build correctly either with or without Unicode support.
+      This is necessary so that Tor can support fringe platforms like
+      Windows 98 (which has no Unicode), or Windows CE (which has no
+      non-Unicode). Bugfix on 0.2.2.14-alpha; fixes bug 1797.
+
+  o Testing
+    - Add a unit test for cross-platform directory-listing code.
+
+
+Changes in version 0.2.2.15-alpha - 2010-08-18
+  Tor 0.2.2.15-alpha fixes a big bug in hidden service availability,
+  fixes a variety of other bugs that were preventing performance
+  experiments from moving forward, fixes several bothersome memory leaks,
+  and generally closes a lot of smaller bugs that have been filling up
+  trac lately.
+
+  o Major bugfixes:
+    - Stop assigning the HSDir flag to relays that disable their
+      DirPort (and thus will refuse to answer directory requests). This
+      fix should dramatically improve the reachability of hidden services:
+      hidden services and hidden service clients pick six HSDir relays
+      to store and retrieve the hidden service descriptor, and currently
+      about half of the HSDir relays will refuse to work. Bugfix on
+      0.2.0.10-alpha; fixes part of bug 1693.
+    - The PerConnBWRate and Burst config options, along with the
+      bwconnrate and bwconnburst consensus params, initialized each conn's
+      token bucket values only when the connection is established. Now we
+      update them if the config options change, and update them every time
+      we get a new consensus. Otherwise we can encounter an ugly edge
+      case where we initialize an OR conn to client-level bandwidth,
+      but then later the relay joins the consensus and we leave it
+      throttled. Bugfix on 0.2.2.7-alpha; fixes bug 1830.
+    - Fix a regression that caused Tor to rebind its ports if it receives
+      SIGHUP while hibernating. Bugfix in 0.1.1.6-alpha; closes bug 919.
+
+  o Major features:
+    - Lower the maximum weighted-fractional-uptime cutoff to 98%. This
+      should give us approximately 40-50% more Guard-flagged nodes,
+      improving the anonymity the Tor network can provide and also
+      decreasing the dropoff in throughput that relays experience when
+      they first get the Guard flag.
+    - Allow enabling or disabling the *Statistics config options while
+      Tor is running.
+
+  o Minor features:
+    - Update to the August 1 2010 Maxmind GeoLite Country database.
+    - Have the controller interface give a more useful message than
+      "Internal Error" in response to failed GETINFO requests.
+    - Warn when the same option is provided more than once in a torrc
+      file, on the command line, or in a single SETCONF statement, and
+      the option is one that only accepts a single line. Closes bug 1384.
+    - Build correctly on mingw with more recent versions of OpenSSL 0.9.8.
+      Patch from mingw-san.
+    - Add support for the country code "{??}" in torrc options like
+      ExcludeNodes, to indicate all routers of unknown country. Closes
+      bug 1094.
+    - Relays report the number of bytes spent on answering directory
+      requests in extra-info descriptors similar to {read,write}-history.
+      Implements enhancement 1790.
+
+  o Minor bugfixes (on 0.2.1.x and earlier):
+    - Complain if PublishServerDescriptor is given multiple arguments that
+      include 0 or 1. This configuration will be rejected in the future.
+      Bugfix on 0.2.0.1-alpha; closes bug 1107.
+    - Disallow BridgeRelay 1 and ORPort 0 at once in the configuration.
+      Bugfix on 0.2.0.13-alpha; closes bug 928.
+    - Change "Application request when we're believed to be offline."
+      notice to "Application request when we haven't used client
+      functionality lately.", to clarify that it's not an error. Bugfix
+      on 0.0.9.3; fixes bug 1222.
+    - Fix a bug in the controller interface where "GETINFO ns/asdaskljkl"
+      would return "551 Internal error" rather than "552 Unrecognized key
+      ns/asdaskljkl". Bugfix on 0.1.2.3-alpha.
+    - Users can't configure a regular relay to be their bridge. It didn't
+      work because when Tor fetched the bridge descriptor, it found
+      that it already had it, and didn't realize that the purpose of the
+      descriptor had changed. Now we replace routers with a purpose other
+      than bridge with bridge descriptors when fetching them. Bugfix on
+      0.1.1.9-alpha. Bug 1776 not yet fixed because now we immediately
+      refetch the descriptor with router purpose 'general', disabling
+      it as a bridge.
+    - Fix a rare bug in rend_fn unit tests: we would fail a test when
+      a randomly generated port is 0. Diagnosed by Matt Edman. Bugfix
+      on 0.2.0.10-alpha; fixes bug 1808.
+    - Exit nodes didn't recognize EHOSTUNREACH as a plausible error code,
+      and so sent back END_STREAM_REASON_MISC. Clients now recognize a new
+      stream ending reason for this case: END_STREAM_REASON_NOROUTE.
+      Servers can start sending this code when enough clients recognize
+      it. Also update the spec to reflect this new reason. Bugfix on
+      0.1.0.1-rc; fixes part of bug 1793.
+    - Delay geoip stats collection by bridges for 6 hours, not 2 hours,
+      when we switch from being a public relay to a bridge. Otherwise
+      there will still be clients that see the relay in their consensus,
+      and the stats will end up wrong. Bugfix on 0.2.1.15-rc; fixes bug
+      932 even more.
+    - Instead of giving an assertion failure on an internal mismatch
+      on estimated freelist size, just log a BUG warning and try later.
+      Mitigates but does not fix bug 1125.
+    - Fix an assertion failure that could occur in caches or bridge users
+      when using a very short voting interval on a testing network.
+      Diagnosed by Robert Hogan. Fixes bug 1141; bugfix on 0.2.0.8-alpha.
+
+  o Minor bugfixes (on 0.2.2.x):
+    - Alter directory authorities to always consider Exit-flagged nodes
+      as potential Guard nodes in their votes. The actual decision to
+      use Exits as Guards is done in the consensus bandwidth weights.
+      Fixes bug 1294; bugfix on 0.2.2.10-alpha.
+    - When the controller is reporting the purpose of circuits that
+      didn't finish building before the circuit build timeout, it was
+      printing UNKNOWN_13. Now print EXPIRED. Bugfix on 0.2.2.14-alpha.
+    - Our libevent version parsing code couldn't handle versions like
+      1.4.14b-stable and incorrectly warned the user about using an
+      old and broken version of libevent. Treat 1.4.14b-stable like
+      1.4.14-stable when parsing the version. Fixes bug 1731; bugfix
+      on 0.2.2.1-alpha.
+    - Don't use substitution references like $(VAR:MOD) when
+      $(asciidoc_files) is empty -- make(1) on NetBSD transforms
+      '$(:x)' to 'x' rather than the empty string. This bites us in
+      doc/ when configured with --disable-asciidoc. Bugfix on
+      0.2.2.9-alpha; fixes bug 1773.
+    - Remove a spurious hidden service server-side log notice about
+      "Ancient non-dirty circuits". Bugfix on 0.2.2.14-alpha; fixes
+      bug 1741.
+    - Fix compilation with --with-dmalloc set. Bugfix on 0.2.2.6-alpha;
+      fixes bug 1832.
+    - Correctly report written bytes on linked connections. Found while
+      implementing 1790. Bugfix on 0.2.2.4-alpha.
+    - Fix three memory leaks: one in circuit_build_times_parse_state(),
+      one in dirvote_add_signatures_to_pending_consensus(), and one every
+      time we parse a v3 network consensus. Bugfixes on 0.2.2.14-alpha,
+      0.2.2.6-alpha, and 0.2.2.10-alpha respectively; fixes bug 1831.
+
+  o Code simplifications and refactoring:
+    - Take a first step towards making or.h smaller by splitting out
+      function definitions for all source files in src/or/. Leave
+      structures and defines in or.h for now.
+    - Remove a bunch of unused function declarations as well as a block of
+      #if 0'd code from the unit tests. Closes bug 1824.
+    - New unit tests for exit-port history statistics; refactored exit
+      statistics code to be more easily tested.
+    - Remove the old debian/ directory from the main Tor distribution.
+      The official Tor-for-debian git repository lives at the URL
+      https://git.torproject.org/debian/tor.git
+
+
+Changes in version 0.2.2.14-alpha - 2010-07-12
+  Tor 0.2.2.14-alpha greatly improves client-side handling of
+  circuit build timeouts, which are used to estimate speed and improve
+  performance. We also move to a much better GeoIP database, port Tor to
+  Windows CE, introduce new compile flags that improve code security,
+  add an eighth v3 directory authority, and address a lot of more
+  minor issues.
+
+  o Major bugfixes:
+    - Tor directory authorities no longer crash when started with a
+      cached-microdesc-consensus file in their data directory. Bugfix
+      on 0.2.2.6-alpha; fixes bug 1532.
+    - Treat an unset $HOME like an empty $HOME rather than triggering an
+      assert. Bugfix on 0.0.8pre1; fixes bug 1522.
+    - Ignore negative and large circuit build timeout values that can
+      happen during a suspend or hibernate. These values caused various
+      asserts to fire. Bugfix on 0.2.2.2-alpha; fixes bug 1245.
+    - Alter calculation of Pareto distribution parameter 'Xm' for
+      Circuit Build Timeout learning to use the weighted average of the
+      top N=3 modes (because we have three entry guards). Considering
+      multiple modes should improve the timeout calculation in some cases,
+      and prevent extremely high timeout values. Bugfix on 0.2.2.2-alpha;
+      fixes bug 1335.
+    - Alter calculation of Pareto distribution parameter 'Alpha' to use a
+      right censored distribution model. This approach improves over the
+      synthetic timeout generation approach that was producing insanely
+      high timeout values. Now we calculate build timeouts using truncated
+      times. Bugfix on 0.2.2.2-alpha; fixes bugs 1245 and 1335.
+    - Do not close circuits that are under construction when they reach
+      the circuit build timeout. Instead, leave them building (but do not
+      use them) for up until the time corresponding to the 95th percentile
+      on the Pareto CDF or 60 seconds, whichever is greater. This is done
+      to provide better data for the new Pareto model. This percentile
+      can be controlled by the consensus.
+
+  o Major features:
+    - Move to the June 2010 Maxmind GeoLite country db (rather than the
+      June 2009 ip-to-country GeoIP db) for our statistics that count
+      how many users relays are seeing from each country. Now we have
+      more accurate data for many African countries.
+    - Port Tor to build and run correctly on Windows CE systems, using
+      the wcecompat library. Contributed by Valerio Lupi.
+    - New "--enable-gcc-hardening" ./configure flag (off by default)
+      to turn on gcc compile time hardening options. It ensures
+      that signed ints have defined behavior (-fwrapv), enables
+      -D_FORTIFY_SOURCE=2 (requiring -O2), adds stack smashing protection
+      with canaries (-fstack-protector-all), turns on ASLR protection if
+      supported by the kernel (-fPIE, -pie), and adds additional security
+      related warnings. Verified to work on Mac OS X and Debian Lenny.
+    - New "--enable-linker-hardening" ./configure flag (off by default)
+      to turn on ELF specific hardening features (relro, now). This does
+      not work with Mac OS X or any other non-ELF binary format.
+
+  o New directory authorities:
+    - Set up maatuska (run by Linus Nordberg) as the eighth v3 directory
+      authority.
+
+  o Minor features:
+    - New config option "WarnUnsafeSocks 0" disables the warning that
+      occurs whenever Tor receives a socks handshake using a version of
+      the socks protocol that can only provide an IP address (rather
+      than a hostname). Setups that do DNS locally over Tor are fine,
+      and we shouldn't spam the logs in that case.
+    - Convert the HACKING file to asciidoc, and add a few new sections
+      to it, explaining how we use Git, how we make changelogs, and
+      what should go in a patch.
+    - Add a TIMEOUT_RATE keyword to the BUILDTIMEOUT_SET control port
+      event, to give information on the current rate of circuit timeouts
+      over our stored history.
+    - Add ability to disable circuit build time learning via consensus
+      parameter and via a LearnCircuitBuildTimeout config option. Also
+      automatically disable circuit build time calculation if we are
+      either a AuthoritativeDirectory, or if we fail to write our state
+      file. Fixes bug 1296.
+    - More gracefully handle corrupt state files, removing asserts
+      in favor of saving a backup and resetting state.
+    - Rename the "log.h" header to "torlog.h" so as to conflict with fewer
+      system headers.
+
+  o Minor bugfixes:
+    - Build correctly on OSX with zlib 1.2.4 and higher with all warnings
+      enabled.
+    - When a2x fails, mention that the user could disable manpages instead
+      of trying to fix their asciidoc installation.
+    - Where available, use Libevent 2.0's periodic timers so that our
+      once-per-second cleanup code gets called even more closely to
+      once per second than it would otherwise. Fixes bug 943.
+    - If you run a bridge that listens on multiple IP addresses, and
+      some user configures a bridge address that uses a different IP
+      address than your bridge writes in its router descriptor, and the
+      user doesn't specify an identity key, their Tor would discard the
+      descriptor because "it isn't one of our configured bridges", and
+      fail to bootstrap. Now believe the descriptor and bootstrap anyway.
+      Bugfix on 0.2.0.3-alpha.
+    - If OpenSSL fails to make a duplicate of a private or public key, log
+      an error message and try to exit cleanly. May help with debugging
+      if bug 1209 ever remanifests.
+    - Save a couple bytes in memory allocation every time we escape
+      certain characters in a string. Patch from Florian Zumbiehl.
+    - Make it explicit that we don't cannibalize one-hop circuits. This
+      happens in the wild, but doesn't turn out to be a problem because
+      we fortunately don't use those circuits. Many thanks to outofwords
+      for the initial analysis and to swissknife who confirmed that
+      two-hop circuits are actually created.
+    - Make directory mirrors report non-zero dirreq-v[23]-shares again.
+      Fixes bug 1564; bugfix on 0.2.2.9-alpha.
+    - Eliminate a case where a circuit build time warning was displayed
+      after network connectivity resumed. Bugfix on 0.2.2.2-alpha.
+
+
+Changes in version 0.2.1.26 - 2010-05-02
+  Tor 0.2.1.26 addresses the recent connection and memory overload
+  problems we've been seeing on relays, especially relays with their
+  DirPort open. If your relay has been crashing, or you turned it off
+  because it used too many resources, give this release a try.
+
+  This release also fixes yet another instance of broken OpenSSL libraries
+  that was causing some relays to drop out of the consensus.
+
+  o Major bugfixes:
+    - Teach relays to defend themselves from connection overload. Relays
+      now close idle circuits early if it looks like they were intended
+      for directory fetches. Relays are also more aggressive about closing
+      TLS connections that have no circuits on them. Such circuits are
+      unlikely to be re-used, and tens of thousands of them were piling
+      up at the fast relays, causing the relays to run out of sockets
+      and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
+      their directory fetches over TLS).
+    - Fix SSL renegotiation behavior on OpenSSL versions like on Centos
+      that claim to be earlier than 0.9.8m, but which have in reality
+      backported huge swaths of 0.9.8m or 0.9.8n renegotiation
+      behavior. Possible fix for some cases of bug 1346.
+    - Directory mirrors were fetching relay descriptors only from v2
+      directory authorities, rather than v3 authorities like they should.
+      Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
+      to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.
+
+  o Minor bugfixes:
+    - Finally get rid of the deprecated and now harmful notion of "clique
+      mode", where directory authorities maintain TLS connections to
+      every other relay.
+
+  o Testsuite fixes:
+    - In the util/threads test, no longer free the test_mutex before all
+      worker threads have finished. Bugfix on 0.2.1.6-alpha.
+    - The master thread could starve the worker threads quite badly on
+      certain systems, causing them to run only partially in the allowed
+      window. This resulted in test failures. Now the master thread sleeps
+      occasionally for a few microseconds while the two worker-threads
+      compete for the mutex. Bugfix on 0.2.0.1-alpha.
+
+
+Changes in version 0.2.2.13-alpha - 2010-04-24
+  Tor 0.2.2.13-alpha addresses the recent connection and memory overload
+  problems we've been seeing on relays, especially relays with their
+  DirPort open. If your relay has been crashing, or you turned it off
+  because it used too many resources, give this release a try.
+
+  o Major bugfixes:
+    - Teach relays to defend themselves from connection overload. Relays
+      now close idle circuits early if it looks like they were intended
+      for directory fetches. Relays are also more aggressive about closing
+      TLS connections that have no circuits on them. Such circuits are
+      unlikely to be re-used, and tens of thousands of them were piling
+      up at the fast relays, causing the relays to run out of sockets
+      and memory. Bugfix on 0.2.0.22-rc (where clients started tunneling
+      their directory fetches over TLS).
+
+  o Minor features:
+    - Finally get rid of the deprecated and now harmful notion of "clique
+      mode", where directory authorities maintain TLS connections to
+      every other relay.
+    - Directory authorities now do an immediate reachability check as soon
+      as they hear about a new relay. This change should slightly reduce
+      the time between setting up a relay and getting listed as running
+      in the consensus. It should also improve the time between setting
+      up a bridge and seeing use by bridge users.
+    - Directory authorities no longer launch a TLS connection to every
+      relay as they startup. Now that we have 2k+ descriptors cached,
+      the resulting network hiccup is becoming a burden. Besides,
+      authorities already avoid voting about Running for the first half
+      hour of their uptime.
+
+
+Changes in version 0.2.2.12-alpha - 2010-04-20
+  Tor 0.2.2.12-alpha fixes a critical bug in how directory authorities
+  handle and vote on descriptors. It was causing relays to drop out of
+  the consensus.
+
+  o Major bugfixes:
+    - Many relays have been falling out of the consensus lately because
+      not enough authorities know about their descriptor for them to get
+      a majority of votes. When we deprecated the v2 directory protocol,
+      we got rid of the only way that v3 authorities can hear from each
+      other about other descriptors. Now authorities examine every v3
+      vote for new descriptors, and fetch them from that authority. Bugfix
+      on 0.2.1.23.
+    - Fix two typos in tor_vasprintf() that broke the compile on Windows,
+      and a warning in or.h related to bandwidth_weight_rule_t that
+      prevented clean compile on OS X. Fixes bug 1363; bugfix on
+      0.2.2.11-alpha.
+    - Fix a segfault on relays when DirReqStatistics is enabled
+      and 24 hours pass. Bug found by keb. Fixes bug 1365; bugfix on
+      0.2.2.11-alpha.
+
+  o Minor bugfixes:
+    - Demote a confusing TLS warning that relay operators might get when
+      someone tries to talk to their OrPort. It is neither the operator's
+      fault nor can they do anything about it. Fixes bug 1364; bugfix
+      on 0.2.0.14-alpha.
+
+
+Changes in version 0.2.2.11-alpha - 2010-04-15
+  Tor 0.2.2.11-alpha fixes yet another instance of broken OpenSSL
+  libraries that was causing some relays to drop out of the consensus.
+
+  o Major bugfixes:
+    - Directory mirrors were fetching relay descriptors only from v2
+      directory authorities, rather than v3 authorities like they should.
+      Only 2 v2 authorities remain (compared to 7 v3 authorities), leading
+      to a serious bottleneck. Bugfix on 0.2.0.9-alpha. Fixes bug 1324.
+    - Fix a parsing error that made every possible value of
+      CircPriorityHalflifeMsec get treated as "1 msec". Bugfix
+      on 0.2.2.7-alpha. Rename CircPriorityHalflifeMsec to
+      CircuitPriorityHalflifeMsec, so authorities can tell newer relays
+      about the option without breaking older ones.
+    - Fix SSL renegotiation behavior on OpenSSL versions like on Centos
+      that claim to be earlier than 0.9.8m, but which have in reality
+      backported huge swaths of 0.9.8m or 0.9.8n renegotiation
+      behavior. Possible fix for some cases of bug 1346.
+
+  o Minor features:
+    - Experiment with a more aggressive approach to preventing clients
+      from making one-hop exit streams. Exit relays who want to try it
+      out can set "RefuseUnknownExits 1" in their torrc, and then look
+      for "Attempt by %s to open a stream" log messages. Let us know
+      how it goes!
+    - Add support for statically linking zlib by specifying
+      --enable-static-zlib, to go with our support for statically linking
+      openssl and libevent. Resolves bug 1358.
+
+  o Minor bugfixes:
+    - Fix a segfault that happens whenever a Tor client that is using
+      libevent2's bufferevents gets a hup signal. Bugfix on 0.2.2.5-alpha;
+      fixes bug 1341.
+    - When we cleaned up the contrib/tor-exit-notice.html file, we left
+      out the first line. Fixes bug 1295.
+    - When building the manpage from a tarball, we required asciidoc, but
+      the asciidoc -> roff/html conversion was already done for the
+      tarball. Make 'make' complain only when we need asciidoc (either
+      because we're compiling directly from git, or because we altered
+      the asciidoc manpage in the tarball). Bugfix on 0.2.2.9-alpha.
+    - When none of the directory authorities vote on any params, Tor
+      segfaulted when trying to make the consensus from the votes. We
+      didn't trigger the bug in practice, because authorities do include
+      params in their votes. Bugfix on 0.2.2.10-alpha; fixes bug 1322.
+
+  o Testsuite fixes:
+    - In the util/threads test, no longer free the test_mutex before all
+      worker threads have finished. Bugfix on 0.2.1.6-alpha.
+    - The master thread could starve the worker threads quite badly on
+      certain systems, causing them to run only partially in the allowed
+      window. This resulted in test failures. Now the master thread sleeps
+      occasionally for a few microseconds while the two worker-threads
+      compete for the mutex. Bugfix on 0.2.0.1-alpha.
+
+
+Changes in version 0.2.2.10-alpha - 2010-03-07
+  Tor 0.2.2.10-alpha fixes a regression introduced in 0.2.2.9-alpha that
+  could prevent relays from guessing their IP address correctly. It also
+  starts the groundwork for another client-side performance boost, since
+  currently we're not making efficient use of relays that have both the
+  Guard flag and the Exit flag.
+
+  o Major bugfixes:
+    - Fix a regression from our patch for bug 1244 that caused relays
+      to guess their IP address incorrectly if they didn't set Address
+      in their torrc and/or their address fails to resolve. Bugfix on
+      0.2.2.9-alpha; fixes bug 1269.
+
+  o Major features (performance):
+    - Directory authorities now compute consensus weightings that instruct
+      clients how to weight relays flagged as Guard, Exit, Guard+Exit,
+      and no flag. Clients that use these weightings will distribute
+      network load more evenly across these different relay types. The
+      weightings are in the consensus so we can change them globally in
+      the future. Extra thanks to "outofwords" for finding some nasty
+      security bugs in the first implementation of this feature.
+
+  o Minor features (performance):
+    - Always perform router selections using weighted relay bandwidth,
+      even if we don't need a high capacity circuit at the time. Non-fast
+      circuits now only differ from fast ones in that they can use relays
+      not marked with the Fast flag. This "feature" could turn out to
+      be a horrible bug; we should investigate more before it goes into
+      a stable release.
+
+  o Minor features:
+    - Allow disabling building of the manpages. Skipping the manpage
+      speeds up the build considerably.
+
+  o Minor bugfixes (on 0.2.2.x):
+    - Fix a memleak in the EXTENDCIRCUIT logic. Spotted by coverity.
+      Bugfix on 0.2.2.9-alpha.
+    - Disallow values larger than INT32_MAX for PerConnBWRate|Burst
+      config option. Bugfix on 0.2.2.7-alpha.
+    - Ship the asciidoc-helper file in the tarball, so that people can
+      build from source if they want to, and touching the .1.txt files
+      doesn't break the build. Bugfix on 0.2.2.9-alpha.
+
+  o Minor bugfixes (on 0.2.1.x or earlier):
+    - Fix a dereference-then-NULL-check sequence when publishing
+      descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes
+      bug 1255.
+    - Fix another dereference-then-NULL-check sequence. Bugfix on
+      0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
+    - Make sure we treat potentially not NUL-terminated strings correctly.
+      Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.
+
+  o Code simplifications and refactoring:
+    - Fix some urls in the exit notice file and make it XHTML1.1 strict
+      compliant. Based on a patch from Christian Kujau.
+    - Don't use sed in asciidoc-helper anymore.
+    - Make the build process fail if asciidoc cannot be found and
+      building with asciidoc isn't disabled.
+
+
+Changes in version 0.2.2.9-alpha - 2010-02-22
+  Tor 0.2.2.9-alpha makes Tor work again on the latest OS X, updates the
+  location of a directory authority, and cleans up a bunch of small bugs.
+
+  o Directory authority changes:
+    - Change IP address for dannenberg (v3 directory authority), and
+      remove moria2 (obsolete v1, v2 directory authority and v0 hidden
+      service directory authority) from the list.
+
+  o Major bugfixes:
+    - Make Tor work again on the latest OS X: when deciding whether to
+      use strange flags to turn TLS renegotiation on, detect the OpenSSL
+      version at run-time, not compile time. We need to do this because
+      Apple doesn't update its dev-tools headers when it updates its
+      libraries in a security patch.
+    - Fix a potential buffer overflow in lookup_last_hid_serv_request()
+      that could happen on 32-bit platforms with 64-bit time_t. Also fix
+      a memory leak when requesting a hidden service descriptor we've
+      requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
+      by aakova.
+    - Authorities could be tricked into giving out the Exit flag to relays
+      that didn't allow exiting to any ports. This bug could screw
+      with load balancing and stats. Bugfix on 0.1.1.6-alpha; fixes bug
+      1238. Bug discovered by Martin Kowalczyk.
+    - When freeing a session key, zero it out completely. We only zeroed
+      the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and
+      patched by ekir. Fixes bug 1254.
+
+  o Minor bugfixes:
+    - Fix static compilation by listing the openssl libraries in the right
+      order. Bugfix on Tor 0.2.2.8-alpha; fixes bug 1237.
+    - Resume handling .exit hostnames in a special way: originally we
+      stripped the .exit part and used the requested exit relay. In
+      0.2.2.1-alpha we stopped treating them in any special way, meaning
+      if you use a .exit address then Tor will pass it on to the exit
+      relay. Now we reject the .exit stream outright, since that behavior
+      might be more expected by the user. Found and diagnosed by Scott
+      Bennett and Downie on or-talk.
+    - Don't spam the controller with events when we have no file
+      descriptors available. Bugfix on 0.2.1.5-alpha. (Rate-limiting
+      for log messages was already solved from bug 748.)
+    - Avoid a bogus overlapped memcpy in tor_addr_copy(). Reported by
+      "memcpyfail".
+    - Make the DNSPort option work with libevent 2.x. Don't alter the
+      behavior for libevent 1.x. Fixes bug 1143. Found by SwissTorExit.
+    - Emit a GUARD DROPPED controller event for a case we missed.
+    - Make more fields in the controller protocol case-insensitive, since
+      control-spec.txt said they were.
+    - Refactor resolve_my_address() to not use gethostbyname() anymore.
+      Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
+    - Fix a spec conformance issue: the network-status-version token
+      must be the first token in a v3 consensus or vote. Discovered by
+      parakeep. Bugfix on 0.2.0.3-alpha.
+
+  o Code simplifications and refactoring:
+    - Generate our manpage and HTML documentation using Asciidoc. This
+      change should make it easier to maintain the documentation, and
+      produce nicer HTML.
+    - Remove the --enable-iphone option. According to reports from Marco
+      Bonetti, Tor builds fine without any special tweaking on recent
+      iPhone SDK versions.
+    - Removed some unnecessary files from the source distribution. The
+      AUTHORS file has now been merged into the people page on the
+      website. The roadmaps and design doc can now be found in the
+      projects directory in svn.
+    - Enabled various circuit build timeout constants to be controlled
+      by consensus parameters. Also set better defaults for these
+      parameters based on experimentation on broadband and simulated
+      high latency links.
+
+  o Minor features:
+    - The 'EXTENDCIRCUIT' control port command can now be used with
+      a circ id of 0 and no path. This feature will cause Tor to build
+      a new 'fast' general purpose circuit using its own path selection
+      algorithms.
+    - Added a BUILDTIMEOUT_SET controller event to describe changes
+      to the circuit build timeout.
+    - Future-proof the controller protocol a bit by ignoring keyword
+      arguments we do not recognize.
+    - Expand homedirs passed to tor-checkkey. This should silence a
+      coverity complaint about passing a user-supplied string into
+      open() without checking it.
+
+
+Changes in version 0.2.1.25 - 2010-03-16
+  Tor 0.2.1.25 fixes a regression introduced in 0.2.1.23 that could
+  prevent relays from guessing their IP address correctly. It also fixes
+  several minor potential security bugs.
+
+  o Major bugfixes:
+    - Fix a regression from our patch for bug 1244 that caused relays
+      to guess their IP address incorrectly if they didn't set Address
+      in their torrc and/or their address fails to resolve. Bugfix on
+      0.2.1.23; fixes bug 1269.
+    - When freeing a session key, zero it out completely. We only zeroed
+      the first ptrsize bytes. Bugfix on 0.0.2pre8. Discovered and
+      patched by ekir. Fixes bug 1254.
+
+  o Minor bugfixes:
+    - Fix a dereference-then-NULL-check sequence when publishing
+      descriptors. Bugfix on 0.2.1.5-alpha. Discovered by ekir; fixes
+      bug 1255.
+    - Fix another dereference-then-NULL-check sequence. Bugfix on
+      0.2.1.14-rc. Discovered by ekir; fixes bug 1256.
+    - Make sure we treat potentially not NUL-terminated strings correctly.
+      Bugfix on 0.1.1.13-alpha. Discovered by rieo; fixes bug 1257.
+
+
+
+Changes in version 0.2.1.24 - 2010-02-21
+  Tor 0.2.1.24 makes Tor work again on the latest OS X -- this time
+  for sure!
+
+  o Minor bugfixes:
+    - Work correctly out-of-the-box with even more vendor-patched versions
+      of OpenSSL. In particular, make it so Debian and OS X don't need
+      customized patches to run/build.
+
+
+Changes in version 0.2.1.23 - 2010-02-13
+  Tor 0.2.1.23 fixes a huge client-side performance bug, makes Tor work
+  again on the latest OS X, and updates the location of a directory
+  authority.
+
+  o Major bugfixes (performance):
+    - We were selecting our guards uniformly at random, and then weighting
+      which of our guards we'd use uniformly at random. This imbalance
+      meant that Tor clients were severely limited on throughput (and
+      probably latency too) by the first hop in their circuit. Now we
+      select guards weighted by currently advertised bandwidth. We also
+      automatically discard guards picked using the old algorithm. Fixes
+      bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
+
+  o Major bugfixes:
+    - Make Tor work again on the latest OS X: when deciding whether to
+      use strange flags to turn TLS renegotiation on, detect the OpenSSL
+      version at run-time, not compile time. We need to do this because
+      Apple doesn't update its dev-tools headers when it updates its
+      libraries in a security patch.
+    - Fix a potential buffer overflow in lookup_last_hid_serv_request()
+      that could happen on 32-bit platforms with 64-bit time_t. Also fix
+      a memory leak when requesting a hidden service descriptor we've
+      requested before. Fixes bug 1242, bugfix on 0.2.0.18-alpha. Found
+      by aakova.
+
+  o Directory authority changes:
+    - Change IP address for dannenberg (v3 directory authority), and
+      remove moria2 (obsolete v1, v2 directory authority and v0 hidden
+      service directory authority) from the list.
+
+  o Minor bugfixes:
+    - Refactor resolve_my_address() to not use gethostbyname() anymore.
+      Fixes bug 1244; bugfix on 0.0.2pre25. Reported by Mike Mestnik.
+
+  o Minor features:
+    - Avoid a mad rush at the beginning of each month when each client
+      rotates half of its guards. Instead we spread the rotation out
+      throughout the month, but we still avoid leaving a precise timestamp
+      in the state file about when we first picked the guard. Improves
+      over the behavior introduced in 0.1.2.17.
+
+
+Changes in version 0.2.2.8-alpha - 2010-01-26
+  Tor 0.2.2.8-alpha fixes a crash bug in 0.2.2.7-alpha that has been
+  causing bridge relays to disappear. If you're running a bridge,
+  please upgrade.
+
+  o Major bugfixes:
+    - Fix a memory corruption bug on bridges that occurred during the
+      inclusion of stats data in extra-info descriptors. Also fix the
+      interface for geoip_get_bridge_stats* to prevent similar bugs in
+      the future. Diagnosis by Tas, patch by Karsten and Sebastian.
+      Fixes bug 1208; bugfix on 0.2.2.7-alpha.
+
+  o Minor bugfixes:
+    - Ignore OutboundBindAddress when connecting to localhost.
+      Connections to localhost need to come _from_ localhost, or else
+      local servers (like DNS and outgoing HTTP/SOCKS proxies) will often
+      refuse to listen.
+
+
+Changes in version 0.2.2.7-alpha - 2010-01-19
+  Tor 0.2.2.7-alpha fixes a huge client-side performance bug, as well
+  as laying the groundwork for further relay-side performance fixes. It
+  also starts cleaning up client behavior with respect to the EntryNodes,
+  ExitNodes, and StrictNodes config options.
+
+  This release also rotates two directory authority keys, due to a
+  security breach of some of the Torproject servers.
+
+  o Directory authority changes:
+    - Rotate keys (both v3 identity and relay identity) for moria1
+      and gabelmoo.
+
+  o Major features (performance):
+    - We were selecting our guards uniformly at random, and then weighting
+      which of our guards we'd use uniformly at random. This imbalance
+      meant that Tor clients were severely limited on throughput (and
+      probably latency too) by the first hop in their circuit. Now we
+      select guards weighted by currently advertised bandwidth. We also
+      automatically discard guards picked using the old algorithm. Fixes
+      bug 1217; bugfix on 0.2.1.3-alpha. Found by Mike Perry.
+    - When choosing which cells to relay first, relays can now favor
+      circuits that have been quiet recently, to provide lower latency
+      for low-volume circuits. By default, relays enable or disable this
+      feature based on a setting in the consensus. You can override
+      this default by using the new "CircuitPriorityHalflife" config
+      option. Design and code by Ian Goldberg, Can Tang, and Chris
+      Alexander.
+    - Add separate per-conn write limiting to go with the per-conn read
+      limiting. We added a global write limit in Tor 0.1.2.5-alpha,
+      but never per-conn write limits.
+    - New consensus params "bwconnrate" and "bwconnburst" to let us
+      rate-limit client connections as they enter the network. It's
+      controlled in the consensus so we can turn it on and off for
+      experiments. It's starting out off. Based on proposal 163.
+
+  o Major features (relay selection options):
+    - Switch to a StrictNodes config option, rather than the previous
+      "StrictEntryNodes" / "StrictExitNodes" separation that was missing a
+      "StrictExcludeNodes" option.
+    - If EntryNodes, ExitNodes, ExcludeNodes, or ExcludeExitNodes
+      change during a config reload, mark and discard all our origin
+      circuits. This fix should address edge cases where we change the
+      config options and but then choose a circuit that we created before
+      the change.
+    - If EntryNodes or ExitNodes are set, be more willing to use an
+      unsuitable (e.g. slow or unstable) circuit. The user asked for it,
+      they get it.
+    - Make EntryNodes config option much more aggressive even when
+      StrictNodes is not set. Before it would prepend your requested
+      entrynodes to your list of guard nodes, but feel free to use others
+      after that. Now it chooses only from your EntryNodes if any of
+      those are available, and only falls back to others if a) they're
+      all down and b) StrictNodes is not set.
+    - Now we refresh your entry guards from EntryNodes at each consensus
+      fetch -- rather than just at startup and then they slowly rot as
+      the network changes.
+
+  o Major bugfixes:
+    - Stop bridge directory authorities from answering dbg-stability.txt
+      directory queries, which would let people fetch a list of all
+      bridge identities they track. Bugfix on 0.2.1.6-alpha.
+
+  o Minor features:
+    - Log a notice when we get a new control connection. Now it's easier
+      for security-conscious users to recognize when a local application
+      is knocking on their controller door. Suggested by bug 1196.
+    - New config option "CircuitStreamTimeout" to override our internal
+      timeout schedule for how many seconds until we detach a stream from
+      a circuit and try a new circuit. If your network is particularly
+      slow, you might want to set this to a number like 60.
+    - New controller command "getinfo config-text". It returns the
+      contents that Tor would write if you send it a SAVECONF command,
+      so the controller can write the file to disk itself.
+    - New options for SafeLogging to allow scrubbing only log messages
+      generated while acting as a relay.
+    - Ship the bridges spec file in the tarball too.
+    - Avoid a mad rush at the beginning of each month when each client
+      rotates half of its guards. Instead we spread the rotation out
+      throughout the month, but we still avoid leaving a precise timestamp
+      in the state file about when we first picked the guard. Improves
+      over the behavior introduced in 0.1.2.17.
+
+  o Minor bugfixes (compiling):
+    - Fix compilation on OS X 10.3, which has a stub mlockall() but
+      hides it. Bugfix on 0.2.2.6-alpha.
+    - Fix compilation on Solaris by removing support for the
+      DisableAllSwap config option. Solaris doesn't have an rlimit for
+      mlockall, so we cannot use it safely. Fixes bug 1198; bugfix on
+      0.2.2.6-alpha.
+
+  o Minor bugfixes (crashes):
+    - Do not segfault when writing buffer stats when we haven't observed
+      a single circuit to report about. Found by Fabian Lanze. Bugfix on
+      0.2.2.1-alpha.
+    - If we're in the pathological case where there's no exit bandwidth
+      but there is non-exit bandwidth, or no guard bandwidth but there
+      is non-guard bandwidth, don't crash during path selection. Bugfix
+      on 0.2.0.3-alpha.
+    - Fix an impossible-to-actually-trigger buffer overflow in relay
+      descriptor generation. Bugfix on 0.1.0.15.
+
+  o Minor bugfixes (privacy):
+    - Fix an instance where a Tor directory mirror might accidentally
+      log the IP address of a misbehaving Tor client. Bugfix on
+      0.1.0.1-rc.
+    - Don't list Windows capabilities in relay descriptors. We never made
+      use of them, and maybe it's a bad idea to publish them. Bugfix
+      on 0.1.1.8-alpha.
+
+  o Minor bugfixes (other):
+    - Resolve an edge case in path weighting that could make us misweight
+      our relay selection. Fixes bug 1203; bugfix on 0.0.8rc1.
+    - Fix statistics on client numbers by country as seen by bridges that
+      were broken in 0.2.2.1-alpha. Also switch to reporting full 24-hour
+      intervals instead of variable 12-to-48-hour intervals.
+    - After we free an internal connection structure, overwrite it
+      with a different memory value than we use for overwriting a freed
+      internal circuit structure. Should help with debugging. Suggested
+      by bug 1055.
+    - Update our OpenSSL 0.9.8l fix so that it works with OpenSSL 0.9.8m
+      too.
+
+  o Removed features:
+    - Remove the HSAuthorityRecordStats option that version 0 hidden
+      service authorities could have used to track statistics of overall
+      hidden service usage.
+
+
+Changes in version 0.2.1.22 - 2010-01-19
+  Tor 0.2.1.22 fixes a critical privacy problem in bridge directory
+  authorities -- it would tell you its whole history of bridge descriptors
+  if you make the right directory request. This stable update also
+  rotates two of the seven v3 directory authority keys and locations.
+
+  o Directory authority changes:
+    - Rotate keys (both v3 identity and relay identity) for moria1
+      and gabelmoo.
+
+  o Major bugfixes:
+    - Stop bridge directory authorities from answering dbg-stability.txt
+      directory queries, which would let people fetch a list of all
+      bridge identities they track. Bugfix on 0.2.1.6-alpha.
+
+
+Changes in version 0.2.1.21 - 2009-12-21
+  Tor 0.2.1.21 fixes an incompatibility with the most recent OpenSSL
+  library. If you use Tor on Linux / Unix and you're getting SSL
+  renegotiation errors, upgrading should help. We also recommend an
+  upgrade if you're an exit relay.
+
+  o Major bugfixes:
+    - Work around a security feature in OpenSSL 0.9.8l that prevents our
+      handshake from working unless we explicitly tell OpenSSL that we
+      are using SSL renegotiation safely. We are, of course, but OpenSSL
+      0.9.8l won't work unless we say we are.
+    - Avoid crashing if the client is trying to upload many bytes and the
+      circuit gets torn down at the same time, or if the flip side
+      happens on the exit relay. Bugfix on 0.2.0.1-alpha; fixes bug 1150.
+
+  o Minor bugfixes:
+    - Do not refuse to learn about authority certs and v2 networkstatus
+      documents that are older than the latest consensus. This bug might
+      have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha.
+      Spotted and fixed by xmux.
+    - Fix a couple of very-hard-to-trigger memory leaks, and one hard-to-
+      trigger platform-specific option misparsing case found by Coverity
+      Scan.
+    - Fix a compilation warning on Fedora 12 by removing an impossible-to-
+      trigger assert. Fixes bug 1173.
+
+
+Changes in version 0.2.2.6-alpha - 2009-11-19
+  Tor 0.2.2.6-alpha lays the groundwork for many upcoming features:
+  support for the new lower-footprint "microdescriptor" directory design,
+  future-proofing our consensus format against new hash functions or
+  other changes, and an Android port. It also makes Tor compatible with
+  the upcoming OpenSSL 0.9.8l release, and fixes a variety of bugs.
+
+  o Major features:
+    - Directory authorities can now create, vote on, and serve multiple
+      parallel formats of directory data as part of their voting process.
+      Partially implements Proposal 162: "Publish the consensus in
+      multiple flavors".
+    - Directory authorities can now agree on and publish small summaries
+      of router information that clients can use in place of regular
+      server descriptors. This transition will eventually allow clients
+      to use far less bandwidth for downloading information about the
+      network. Begins the implementation of Proposal 158: "Clients
+      download consensus + microdescriptors".
+    - The directory voting system is now extensible to use multiple hash
+      algorithms for signatures and resource selection. Newer formats
+      are signed with SHA256, with a possibility for moving to a better
+      hash algorithm in the future.
+    - New DisableAllSwap option. If set to 1, Tor will attempt to lock all
+      current and future memory pages via mlockall(). On supported
+      platforms (modern Linux and probably BSD but not Windows or OS X),
+      this should effectively disable any and all attempts to page out
+      memory. This option requires that you start your Tor as root --
+      if you use DisableAllSwap, please consider using the User option
+      to properly reduce the privileges of your Tor.
+    - Numerous changes, bugfixes, and workarounds from Nathan Freitas
+      to help Tor build correctly for Android phones.
+
+  o Major bugfixes:
+    - Work around a security feature in OpenSSL 0.9.8l that prevents our
+      handshake from working unless we explicitly tell OpenSSL that we
+      are using SSL renegotiation safely. We are, but OpenSSL 0.9.8l
+      won't work unless we say we are.
+
+  o Minor bugfixes:
+    - Fix a crash bug when trying to initialize the evdns module in
+      Libevent 2. Bugfix on 0.2.1.16-rc.
+    - Stop logging at severity 'warn' when some other Tor client tries
+      to establish a circuit with us using weak DH keys. It's a protocol
+      violation, but that doesn't mean ordinary users need to hear about
+      it. Fixes the bug part of bug 1114. Bugfix on 0.1.0.13.
+    - Do not refuse to learn about authority certs and v2 networkstatus
+      documents that are older than the latest consensus. This bug might
+      have degraded client bootstrapping. Bugfix on 0.2.0.10-alpha.
+      Spotted and fixed by xmux.
+    - Fix numerous small code-flaws found by Coverity Scan Rung 3.
+    - If all authorities restart at once right before a consensus vote,
+      nobody will vote about "Running", and clients will get a consensus
+      with no usable relays. Instead, authorities refuse to build a
+      consensus if this happens. Bugfix on 0.2.0.10-alpha; fixes bug 1066.
+    - If your relay can't keep up with the number of incoming create
+      cells, it would log one warning per failure into your logs. Limit
+      warnings to 1 per minute. Bugfix on 0.0.2pre10; fixes bug 1042.
+    - Bridges now use "reject *:*" as their default exit policy. Bugfix
+      on 0.2.0.3-alpha; fixes bug 1113.
+    - Fix a memory leak on directory authorities during voting that was
+      introduced in 0.2.2.1-alpha. Found via valgrind.
+
+
+Changes in version 0.2.1.20 - 2009-10-15
+  Tor 0.2.1.20 fixes a crash bug when you're accessing many hidden
+  services at once, prepares for more performance improvements, and
+  fixes a bunch of smaller bugs.
+
+  The Windows and OS X bundles also include a more recent Vidalia,
+  and switch from Privoxy to Polipo.
+
+  The OS X installers are now drag and drop. It's best to un-install
+  Tor/Vidalia and then install this new bundle, rather than upgrade. If
+  you want to upgrade, you'll need to update the paths for Tor and Polipo
+  in the Vidalia Settings window.
+
+  o Major bugfixes:
+    - Send circuit or stream sendme cells when our window has decreased
+      by 100 cells, not when it has decreased by 101 cells. Bug uncovered
+      by Karsten when testing the "reduce circuit window" performance
+      patch. Bugfix on the 54th commit on Tor -- from July 2002,
+      before the release of Tor 0.0.0. This is the new winner of the
+      oldest-bug prize.
+    - Fix a remotely triggerable memory leak when a consensus document
+      contains more than one signature from the same voter. Bugfix on
+      0.2.0.3-alpha.
+    - Avoid segfault in rare cases when finishing an introduction circuit
+      as a client and finding out that we don't have an introduction key
+      for it. Fixes bug 1073. Reported by Aaron Swartz.
+
+  o Major features:
+    - Tor now reads the "circwindow" parameter out of the consensus,
+      and uses that value for its circuit package window rather than the
+      default of 1000 cells. Begins the implementation of proposal 168.
+
+  o New directory authorities:
+    - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
+      authority.
+    - Move moria1 and tonga to alternate IP addresses.
+
+  o Minor bugfixes:
+    - Fix a signed/unsigned compile warning in 0.2.1.19.
+    - Fix possible segmentation fault on directory authorities. Bugfix on
+      0.2.1.14-rc.
+    - Fix an extremely rare infinite recursion bug that could occur if
+      we tried to log a message after shutting down the log subsystem.
+      Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
+    - Fix an obscure bug where hidden services on 64-bit big-endian
+      systems might mis-read the timestamp in v3 introduce cells, and
+      refuse to connect back to the client. Discovered by "rotor".
+      Bugfix on 0.2.1.6-alpha.
+    - We were triggering a CLOCK_SKEW controller status event whenever
+      we connect via the v2 connection protocol to any relay that has
+      a wrong clock. Instead, we should only inform the controller when
+      it's a trusted authority that claims our clock is wrong. Bugfix
+      on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
+    - We were telling the controller about CHECKING_REACHABILITY and
+      REACHABILITY_FAILED status events whenever we launch a testing
+      circuit or notice that one has failed. Instead, only tell the
+      controller when we want to inform the user of overall success or
+      overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
+      by SwissTorExit.
+    - Don't warn when we're using a circuit that ends with a node
+      excluded in ExcludeExitNodes, but the circuit is not used to access
+      the outside world. This should help fix bug 1090. Bugfix on
+      0.2.1.6-alpha.
+    - Work around a small memory leak in some versions of OpenSSL that
+      stopped the memory used by the hostname TLS extension from being
+      freed.
+
+  o Minor features:
+    - Add a "getinfo status/accepted-server-descriptor" controller
+      command, which is the recommended way for controllers to learn
+      whether our server descriptor has been successfully received by at
+      least on directory authority. Un-recommend good-server-descriptor
+      getinfo and status events until we have a better design for them.
+
+
+Changes in version 0.2.2.5-alpha - 2009-10-11
+  Tor 0.2.2.5-alpha fixes a few compile problems in 0.2.2.4-alpha.
+
+  o Major bugfixes:
+    - Make the tarball compile again. Oops. Bugfix on 0.2.2.4-alpha.
+
+  o Directory authorities:
+    - Temporarily (just for this release) move dizum to an alternate
+      IP address.
+
+
+Changes in version 0.2.2.4-alpha - 2009-10-10
+  Tor 0.2.2.4-alpha fixes more crash bugs in 0.2.2.2-alpha. It also
+  introduces a new unit test framework, shifts directry authority
+  addresses around to reduce the impact from recent blocking events,
+  and fixes a few smaller bugs.
+
+  o Major bugfixes:
+    - Fix several more asserts in the circuit_build_times code, for
+      example one that causes Tor to fail to start once we have
+      accumulated 5000 build times in the state file. Bugfixes on
+      0.2.2.2-alpha; fixes bug 1108.
+
+  o New directory authorities:
+    - Move moria1 and Tonga to alternate IP addresses.
+
+  o Minor features:
+    - Log SSL state transitions at debug level during handshake, and
+      include SSL states in error messages. This may help debug future
+      SSL handshake issues.
+    - Add a new "Handshake" log domain for activities that happen
+      during the TLS handshake.
+    - Revert to the "June 3 2009" ip-to-country file. The September one
+      seems to have removed most US IP addresses.
+    - Directory authorities now reject Tor relays with versions less than
+      0.1.2.14. This step cuts out four relays from the current network,
+      none of which are very big.
+
+  o Minor bugfixes:
+    - Fix a couple of smaller issues with gathering statistics. Bugfixes
+      on 0.2.2.1-alpha.
+    - Fix two memory leaks in the error case of
+      circuit_build_times_parse_state(). Bugfix on 0.2.2.2-alpha.
+    - Don't count one-hop circuits when we're estimating how long it
+      takes circuits to build on average. Otherwise we'll set our circuit
+      build timeout lower than we should. Bugfix on 0.2.2.2-alpha.
+    - Directory authorities no longer change their opinion of, or vote on,
+      whether a router is Running, unless they have themselves been
+      online long enough to have some idea. Bugfix on 0.2.0.6-alpha.
+      Fixes bug 1023.
+
+  o Code simplifications and refactoring:
+    - Revise our unit tests to use the "tinytest" framework, so we
+      can run tests in their own processes, have smarter setup/teardown
+      code, and so on. The unit test code has moved to its own
+      subdirectory, and has been split into multiple modules.
+
+
+Changes in version 0.2.2.3-alpha - 2009-09-23
+  Tor 0.2.2.3-alpha fixes a few crash bugs in 0.2.2.2-alpha.
+
+  o Major bugfixes:
+    - Fix an overzealous assert in our new circuit build timeout code.
+      Bugfix on 0.2.2.2-alpha; fixes bug 1103.
+
+  o Minor bugfixes:
+    - If the networkstatus consensus tells us that we should use a
+      negative circuit package window, ignore it. Otherwise we'll
+      believe it and then trigger an assert. Bugfix on 0.2.2.2-alpha.
+
+
+Changes in version 0.2.2.2-alpha - 2009-09-21
+  Tor 0.2.2.2-alpha introduces our latest performance improvement for
+  clients: Tor tracks the average time it takes to build a circuit, and
+  avoids using circuits that take too long to build. For fast connections,
+  this feature can cut your expected latency in half. For slow or flaky
+  connections, it could ruin your Tor experience. Let us know if it does!
+
+  o Major features:
+    - Tor now tracks how long it takes to build client-side circuits
+      over time, and adapts its timeout to local network performance.
+      Since a circuit that takes a long time to build will also provide
+      bad performance, we get significant latency improvements by
+      discarding the slowest 20% of circuits. Specifically, Tor creates
+      circuits more aggressively than usual until it has enough data
+      points for a good timeout estimate. Implements proposal 151.
+      We are especially looking for reports (good and bad) from users with
+      both EDGE and broadband connections that can move from broadband
+      to EDGE and find out if the build-time data in the .tor/state gets
+      reset without loss of Tor usability. You should also see a notice
+      log message telling you that Tor has reset its timeout.
+    - Directory authorities can now vote on arbitrary integer values as
+      part of the consensus process. This is designed to help set
+      network-wide parameters. Implements proposal 167.
+    - Tor now reads the "circwindow" parameter out of the consensus,
+      and uses that value for its circuit package window rather than the
+      default of 1000 cells. Begins the implementation of proposal 168.
+
+  o Major bugfixes:
+    - Fix a remotely triggerable memory leak when a consensus document
+      contains more than one signature from the same voter. Bugfix on
+      0.2.0.3-alpha.
+
+  o Minor bugfixes:
+    - Fix an extremely rare infinite recursion bug that could occur if
+      we tried to log a message after shutting down the log subsystem.
+      Found by Matt Edman. Bugfix on 0.2.0.16-alpha.
+    - Fix parsing for memory or time units given without a space between
+      the number and the unit. Bugfix on 0.2.2.1-alpha; fixes bug 1076.
+    - A networkstatus vote must contain exactly one signature. Spec
+      conformance issue. Bugfix on 0.2.0.3-alpha.
+    - Fix an obscure bug where hidden services on 64-bit big-endian
+      systems might mis-read the timestamp in v3 introduce cells, and
+      refuse to connect back to the client. Discovered by "rotor".
+      Bugfix on 0.2.1.6-alpha.
+    - We were triggering a CLOCK_SKEW controller status event whenever
+      we connect via the v2 connection protocol to any relay that has
+      a wrong clock. Instead, we should only inform the controller when
+      it's a trusted authority that claims our clock is wrong. Bugfix
+      on 0.2.0.20-rc; starts to fix bug 1074. Reported by SwissTorExit.
+    - We were telling the controller about CHECKING_REACHABILITY and
+      REACHABILITY_FAILED status events whenever we launch a testing
+      circuit or notice that one has failed. Instead, only tell the
+      controller when we want to inform the user of overall success or
+      overall failure. Bugfix on 0.1.2.6-alpha. Fixes bug 1075. Reported
+      by SwissTorExit.
+    - Don't warn when we're using a circuit that ends with a node
+      excluded in ExcludeExitNodes, but the circuit is not used to access
+      the outside world. This should help fix bug 1090, but more problems
+      remain. Bugfix on 0.2.1.6-alpha.
+    - Work around a small memory leak in some versions of OpenSSL that
+      stopped the memory used by the hostname TLS extension from being
+      freed.
+    - Make our 'torify' script more portable; if we have only one of
+      'torsocks' or 'tsocks' installed, don't complain to the user;
+      and explain our warning about tsocks better.
+
+  o Minor features:
+    - Add a "getinfo status/accepted-server-descriptor" controller
+      command, which is the recommended way for controllers to learn
+      whether our server descriptor has been successfully received by at
+      least on directory authority. Un-recommend good-server-descriptor
+      getinfo and status events until we have a better design for them.
+    - Update to the "September 4 2009" ip-to-country file.
+
+
+Changes in version 0.2.2.1-alpha - 2009-08-26
+  Tor 0.2.2.1-alpha disables ".exit" address notation by default, allows
+  Tor clients to bootstrap on networks where only port 80 is reachable,
+  makes it more straightforward to support hardware crypto accelerators,
+  and starts the groundwork for gathering stats safely at relays.
+
+  o Security fixes:
+    - Start the process of disabling ".exit" address notation, since it
+      can be used for a variety of esoteric application-level attacks
+      on users. To reenable it, set "AllowDotExit 1" in your torrc. Fix
+      on 0.0.9rc5.
+
+  o New directory authorities:
+    - Set up urras (run by Jacob Appelbaum) as the seventh v3 directory
+      authority.
+
+  o Major features:
+    - New AccelName and AccelDir options add support for dynamic OpenSSL
+      hardware crypto acceleration engines.
+    - Tor now supports tunneling all of its outgoing connections over
+      a SOCKS proxy, using the SOCKS4Proxy and/or SOCKS5Proxy
+      configuration options. Code by Christopher Davis.
+
+  o Major bugfixes:
+    - Send circuit or stream sendme cells when our window has decreased
+      by 100 cells, not when it has decreased by 101 cells. Bug uncovered
+      by Karsten when testing the "reduce circuit window" performance
+      patch. Bugfix on the 54th commit on Tor -- from July 2002,
+      before the release of Tor 0.0.0. This is the new winner of the
+      oldest-bug prize.
+
+  o New options for gathering stats safely:
+    - Directory mirrors that set "DirReqStatistics 1" write statistics
+      about directory requests to disk every 24 hours. As compared to the
+      --enable-geoip-stats flag in 0.2.1.x, there are a few improvements:
+      1) stats are written to disk exactly every 24 hours; 2) estimated
+      shares of v2 and v3 requests are determined as mean values, not at
+      the end of a measurement period; 3) unresolved requests are listed
+      with country code '??'; 4) directories also measure download times.
+    - Exit nodes that set "ExitPortStatistics 1" write statistics on the
+      number of exit streams and transferred bytes per port to disk every
+      24 hours.
+    - Relays that set "CellStatistics 1" write statistics on how long
+      cells spend in their circuit queues to disk every 24 hours.
+    - Entry nodes that set "EntryStatistics 1" write statistics on the
+      rough number and origins of connecting clients to disk every 24
+      hours.
+    - Relays that write any of the above statistics to disk and set
+      "ExtraInfoStatistics 1" include the past 24 hours of statistics in
+      their extra-info documents.
+
+  o Minor features:
+    - New --digests command-line switch to output the digests of the
+      source files Tor was built with.
+    - The "torify" script now uses torsocks where available.
+    - The memarea code now uses a sentinel value at the end of each area
+      to make sure nothing writes beyond the end of an area. This might
+      help debug some conceivable causes of bug 930.
+    - Time and memory units in the configuration file can now be set to
+      fractional units. For example, "2.5 GB" is now a valid value for
+      AccountingMax.
+    - Certain Tor clients (such as those behind check.torproject.org) may
+      want to fetch the consensus in an extra early manner. To enable this
+      a user may now set FetchDirInfoExtraEarly to 1. This also depends on
+      setting FetchDirInfoEarly to 1. Previous behavior will stay the same
+      as only certain clients who must have this information sooner should
+      set this option.
+    - Instead of adding the svn revision to the Tor version string, report
+      the git commit (when we're building from a git checkout).
+
+  o Minor bugfixes:
+    - If any of the v3 certs we download are unparseable, we should
+      actually notice the failure so we don't retry indefinitely. Bugfix
+      on 0.2.0.x; reported by "rotator".
+    - If the cached cert file is unparseable, warn but don't exit.
+    - Fix possible segmentation fault on directory authorities. Bugfix on
+      0.2.1.14-rc.
+    - When Tor fails to parse a descriptor of any kind, dump it to disk.
+      Might help diagnosing bug 1051.
+
+  o Deprecated and removed features:
+    - The controller no longer accepts the old obsolete "addr-mappings/"
+      or "unregistered-servers-" GETINFO values.
+    - Hidden services no longer publish version 0 descriptors, and clients
+      do not request or use version 0 descriptors. However, the old hidden
+      service authorities still accept and serve version 0 descriptors
+      when contacted by older hidden services/clients.
+    - The EXTENDED_EVENTS and VERBOSE_NAMES controller features are now
+      always on; using them is necessary for correct forward-compatible
+      controllers.
+    - Remove support for .noconnect style addresses. Nobody was using
+      them, and they provided another avenue for detecting Tor users
+      via application-level web tricks.
+
+  o Packaging changes:
+    - Upgrade Vidalia from 0.1.15 to 0.2.3 in the Windows and OS X
+      installer bundles. See
+      https://trac.vidalia-project.net/browser/vidalia/tags/vidalia-0.2.3/CHANGELOG
+      for details of what's new in Vidalia 0.2.3.
+    - Windows Vidalia Bundle: update Privoxy from 3.0.6 to 3.0.14-beta.
+    - OS X Vidalia Bundle: move to Polipo 1.0.4 with Tor specific
+      configuration file, rather than the old Privoxy.
+    - OS X Vidalia Bundle: Vidalia, Tor, and Polipo are compiled as
+      x86-only for better compatibility with OS X 10.6, aka Snow Leopard.
+    - OS X Tor Expert Bundle: Tor is compiled as x86-only for
+      better compatibility with OS X 10.6, aka Snow Leopard.
+    - OS X Vidalia Bundle: The multi-package installer is now replaced
+      by a simple drag and drop to the /Applications folder. This change
+      occurred with the upgrade to Vidalia 0.2.3.
+
+
+Changes in version 0.2.1.19 - 2009-07-28
+  Tor 0.2.1.19 fixes a major bug with accessing and providing hidden
+  services on Tor 0.2.1.3-alpha through 0.2.1.18.
+
+  o Major bugfixes:
+    - Make accessing hidden services on 0.2.1.x work right again.
+      Bugfix on 0.2.1.3-alpha; workaround for bug 1038. Diagnosis and
+      part of patch provided by "optimist".
+
+  o Minor features:
+    - When a relay/bridge is writing out its identity key fingerprint to
+      the "fingerprint" file and to its logs, write it without spaces. Now
+      it will look like the fingerprints in our bridges documentation,
+      and confuse fewer users.
+
+  o Minor bugfixes:
+    - Relays no longer publish a new server descriptor if they change
+      their MaxAdvertisedBandwidth config option but it doesn't end up
+      changing their advertised bandwidth numbers. Bugfix on 0.2.0.28-rc;
+      fixes bug 1026. Patch from Sebastian.
+    - Avoid leaking memory every time we get a create cell but we have
+      so many already queued that we refuse it. Bugfix on 0.2.0.19-alpha;
+      fixes bug 1034. Reported by BarkerJr.
+
+
+Changes in version 0.2.1.18 - 2009-07-24
+  Tor 0.2.1.18 lays the foundations for performance improvements,
+  adds status events to help users diagnose bootstrap problems, adds
+  optional authentication/authorization for hidden services, fixes a
+  variety of potential anonymity problems, and includes a huge pile of
+  other features and bug fixes.
+
+  o Build fixes:
+    - Add LIBS=-lrt to Makefile.am so the Tor RPMs use a static libevent.
+
+
+Changes in version 0.2.1.17-rc - 2009-07-07
+  Tor 0.2.1.17-rc marks the fourth -- and hopefully last -- release
+  candidate for the 0.2.1.x series. It lays the groundwork for further
+  client performance improvements, and also fixes a big bug with directory
+  authorities that were causing them to assign Guard and Stable flags
+  poorly.
+
+  The Windows bundles also finally include the geoip database that we
+  thought we'd been shipping since 0.2.0.x (oops), and the OS X bundles
+  should actually install Torbutton rather than giving you a cryptic
+  failure message (oops).
+
+  o Major features:
+    - Clients now use the bandwidth values in the consensus, rather than
+      the bandwidth values in each relay descriptor. This approach opens
+      the door to more accurate bandwidth estimates once the directory
+      authorities start doing active measurements. Implements more of
+      proposal 141.
+
+  o Major bugfixes:
+    - When Tor clients restart after 1-5 days, they discard all their
+      cached descriptors as too old, but they still use the cached
+      consensus document. This approach is good for robustness, but
+      bad for performance: since they don't know any bandwidths, they
+      end up choosing at random rather than weighting their choice by
+      speed. Fixed by the above feature of putting bandwidths in the
+      consensus. Bugfix on 0.2.0.x.
+    - Directory authorities were neglecting to mark relays down in their
+      internal histories if the relays fall off the routerlist without
+      ever being found unreachable. So there were relays in the histories
+      that haven't been seen for eight months, and are listed as being
+      up for eight months. This wreaked havoc on the "median wfu"
+      and "median mtbf" calculations, in turn making Guard and Stable
+      flags very wrong, hurting network performance. Fixes bugs 696 and
+      969. Bugfix on 0.2.0.6-alpha.
+
+  o Minor bugfixes:
+    - Serve the DirPortFrontPage page even when we have been approaching
+      our quotas recently. Fixes bug 1013; bugfix on 0.2.1.8-alpha.
+    - The control port would close the connection before flushing long
+      replies, such as the network consensus, if a QUIT command was issued
+      before the reply had completed. Now, the control port flushes all
+      pending replies before closing the connection. Also fixed a spurious
+      warning when a QUIT command is issued after a malformed or rejected
+      AUTHENTICATE command, but before the connection was closed. Patch
+      by Marcus Griep. Bugfix on 0.2.0.x; fixes bugs 1015 and 1016.
+    - When we can't find an intro key for a v2 hidden service descriptor,
+      fall back to the v0 hidden service descriptor and log a bug message.
+      Workaround for bug 1024.
+    - Fix a log message that did not respect the SafeLogging option.
+      Resolves bug 1027.
+
+  o Minor features:
+    - If we're a relay and we change our IP address, be more verbose
+      about the reason that made us change. Should help track down
+      further bugs for relays on dynamic IP addresses.
+
+
+Changes in version 0.2.0.35 - 2009-06-24
+  o Security fix:
+    - Avoid crashing in the presence of certain malformed descriptors.
+      Found by lark, and by automated fuzzing.
+    - Fix an edge case where a malicious exit relay could convince a
+      controller that the client's DNS question resolves to an internal IP
+      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
+
+  o Major bugfixes:
+    - Finally fix the bug where dynamic-IP relays disappear when their
+      IP address changes: directory mirrors were mistakenly telling
+      them their old address if they asked via begin_dir, so they
+      never got an accurate answer about their new address, so they
+      just vanished after a day. For belt-and-suspenders, relays that
+      don't set Address in their config now avoid using begin_dir for
+      all direct connections. Should fix bugs 827, 883, and 900.
+    - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
+      that would occur on some exit nodes when DNS failures and timeouts
+      occurred in certain patterns. Fix for bug 957.
+
+  o Minor bugfixes:
+    - When starting with a cache over a few days old, do not leak
+      memory for the obsolete router descriptors in it. Bugfix on
+      0.2.0.33; fixes bug 672.
+    - Hidden service clients didn't use a cached service descriptor that
+      was older than 15 minutes, but wouldn't fetch a new one either,
+      because there was already one in the cache. Now, fetch a v2
+      descriptor unless the same descriptor was added to the cache within
+      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
+
+
+Changes in version 0.2.1.16-rc - 2009-06-20
+  Tor 0.2.1.16-rc speeds up performance for fast exit relays, and fixes
+  a bunch of minor bugs.
+
+  o Security fixes:
+    - Fix an edge case where a malicious exit relay could convince a
+      controller that the client's DNS question resolves to an internal IP
+      address. Bug found and fixed by "optimist"; bugfix on 0.1.2.8-beta.
+
+  o Major performance improvements (on 0.2.0.x):
+    - Disable and refactor some debugging checks that forced a linear scan
+      over the whole server-side DNS cache. These accounted for over 50%
+      of CPU time on a relatively busy exit node's gprof profile. Found
+      by Jacob.
+    - Disable some debugging checks that appeared in exit node profile
+      data.
+
+  o Minor features:
+    - Update to the "June 3 2009" ip-to-country file.
+    - Do not have tor-resolve automatically refuse all .onion addresses;
+      if AutomapHostsOnResolve is set in your torrc, this will work fine.
+
+  o Minor bugfixes (on 0.2.0.x):
+    - Log correct error messages for DNS-related network errors on
+      Windows.
+    - Fix a race condition that could cause crashes or memory corruption
+      when running as a server with a controller listening for log
+      messages.
+    - Avoid crashing when we have a policy specified in a DirPolicy or
+      SocksPolicy or ReachableAddresses option with ports set on it,
+      and we re-load the policy. May fix bug 996.
+    - Hidden service clients didn't use a cached service descriptor that
+      was older than 15 minutes, but wouldn't fetch a new one either,
+      because there was already one in the cache. Now, fetch a v2
+      descriptor unless the same descriptor was added to the cache within
+      the last 15 minutes. Fixes bug 997; reported by Marcus Griep.
+
+  o Minor bugfixes (on 0.2.1.x):
+    - Don't warn users about low port and hibernation mix when they
+      provide a *ListenAddress directive to fix that. Bugfix on
+      0.2.1.15-rc.
+    - When switching back and forth between bridge mode, do not start
+      gathering GeoIP data until two hours have passed.
+    - Do not complain that the user has requested an excluded node as
+      an exit when the node is not really an exit. This could happen
+      because the circuit was for testing, or an introduction point.
+      Fix for bug 984.
+
+
+Changes in version 0.2.1.15-rc - 2009-05-25
+  Tor 0.2.1.15-rc marks the second release candidate for the 0.2.1.x
+  series. It fixes a major bug on fast exit relays, as well as a variety
+  of more minor bugs.
+
+  o Major bugfixes (on 0.2.0.x):
+    - Fix a timing-dependent, allocator-dependent, DNS-related crash bug
+      that would occur on some exit nodes when DNS failures and timeouts
+      occurred in certain patterns. Fix for bug 957.
+
+  o Minor bugfixes (on 0.2.0.x):
+    - Actually return -1 in the error case for read_bandwidth_usage().
+      Harmless bug, since we currently don't care about the return value
+      anywhere. Bugfix on 0.2.0.9-alpha.
+    - Provide a more useful log message if bug 977 (related to buffer
+      freelists) ever reappears, and do not crash right away.
+    - Fix an assertion failure on 64-bit platforms when we allocated
+      memory right up to the end of a memarea, then realigned the memory
+      one step beyond the end. Fixes a possible cause of bug 930.
+    - Protect the count of open sockets with a mutex, so we can't
+      corrupt it when two threads are closing or opening sockets at once.
+      Fix for bug 939. Bugfix on 0.2.0.1-alpha.
+    - Don't allow a bridge to publish its router descriptor to a
+      non-bridge directory authority. Fixes part of bug 932.
+    - When we change to or from being a bridge, reset our counts of
+      client usage by country. Fixes bug 932.
+    - Fix a bug that made stream bandwidth get misreported to the
+      controller.
+    - Stop using malloc_usable_size() to use more area than we had
+      actually allocated: it was safe, but made valgrind really unhappy.
+    - Fix a memory leak when v3 directory authorities load their keys
+      and cert from disk. Bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (on 0.2.1.x):
+    - Fix use of freed memory when deciding to mark a non-addable
+      descriptor as never-downloadable. Bugfix on 0.2.1.9-alpha.
+
+
+Changes in version 0.2.1.14-rc - 2009-04-12
+  Tor 0.2.1.14-rc marks the first release candidate for the 0.2.1.x
+  series. It begins fixing some major performance problems, and also
+  finally addresses the bug that was causing relays on dynamic IP
+  addresses to fall out of the directory.
+
+  o Major features:
+    - Clients replace entry guards that were chosen more than a few months
+      ago. This change should significantly improve client performance,
+      especially once more people upgrade, since relays that have been
+      a guard for a long time are currently overloaded.
+
+  o Major bugfixes (on 0.2.0):
+    - Finally fix the bug where dynamic-IP relays disappear when their
+      IP address changes: directory mirrors were mistakenly telling
+      them their old address if they asked via begin_dir, so they
+      never got an accurate answer about their new address, so they
+      just vanished after a day. For belt-and-suspenders, relays that
+      don't set Address in their config now avoid using begin_dir for
+      all direct connections. Should fix bugs 827, 883, and 900.
+    - Relays were falling out of the networkstatus consensus for
+      part of a day if they changed their local config but the
+      authorities discarded their new descriptor as "not sufficiently
+      different". Now directory authorities accept a descriptor as changed
+      if bandwidthrate or bandwidthburst changed. Partial fix for bug 962;
+      patch by Sebastian.
+    - Avoid crashing in the presence of certain malformed descriptors.
+      Found by lark, and by automated fuzzing.
+
+  o Minor features:
+    - When generating circuit events with verbose nicknames for
+      controllers, try harder to look up nicknames for routers on a
+      circuit. (Previously, we would look in the router descriptors we had
+      for nicknames, but not in the consensus.) Partial fix for bug 941.
+    - If the bridge config line doesn't specify a port, assume 443.
+      This makes bridge lines a bit smaller and easier for users to
+      understand.
+    - Raise the minimum bandwidth to be a relay from 20000 bytes to 20480
+      bytes (aka 20KB/s), to match our documentation. Also update
+      directory authorities so they always assign the Fast flag to relays
+      with 20KB/s of capacity. Now people running relays won't suddenly
+      find themselves not seeing any use, if the network gets faster
+      on average.
+    - Update to the "April 3 2009" ip-to-country file.
+
+  o Minor bugfixes:
+    - Avoid trying to print raw memory to the logs when we decide to
+      give up on downloading a given relay descriptor. Bugfix on
+      0.2.1.9-alpha.
+    - In tor-resolve, when the Tor client to use is specified by
+      :, actually use the specified port rather than
+      defaulting to 9050. Bugfix on 0.2.1.6-alpha.
+    - Make directory usage recording work again. Bugfix on 0.2.1.6-alpha.
+    - When starting with a cache over a few days old, do not leak
+      memory for the obsolete router descriptors in it. Bugfix on
+      0.2.0.33.
+    - Avoid double-free on list of successfully uploaded hidden
+      service discriptors. Fix for bug 948. Bugfix on 0.2.1.6-alpha.
+    - Change memarea_strndup() implementation to work even when
+      duplicating a string at the end of a page. This bug was
+      harmless for now, but could have meant crashes later. Fix by
+      lark. Bugfix on 0.2.1.1-alpha.
+    - Limit uploaded directory documents to be 16M rather than 500K.
+      The directory authorities were refusing v3 consensus votes from
+      other authorities, since the votes are now 504K. Fixes bug 959;
+      bugfix on 0.0.2pre17 (where we raised it from 50K to 500K ;).
+    - Directory authorities should never send a 503 "busy" response to
+      requests for votes or keys. Bugfix on 0.2.0.8-alpha; exposed by
+      bug 959.
+
+
+Changes in version 0.2.1.13-alpha - 2009-03-09
+  Tor 0.2.1.13-alpha includes another big pile of minor bugfixes and
+  cleanups. We're finally getting close to a release candidate.
+
+  o Major bugfixes:
+    - Correctly update the list of which countries we exclude as
+      exits, when the GeoIP file is loaded or reloaded. Diagnosed by
+      lark. Bugfix on 0.2.1.6-alpha.
+
+  o Minor bugfixes (on 0.2.0.x and earlier):
+    - Automatically detect MacOSX versions earlier than 10.4.0, and
+      disable kqueue from inside Tor when running with these versions.
+      We previously did this from the startup script, but that was no
+      help to people who didn't use the startup script. Resolves bug 863.
+    - When we had picked an exit node for a connection, but marked it as
+      "optional", and it turned out we had no onion key for the exit,
+      stop wanting that exit and try again. This situation may not
+      be possible now, but will probably become feasible with proposal
+      158. Spotted by rovv. Fixes another case of bug 752.
+    - Clients no longer cache certificates for authorities they do not
+      recognize. Bugfix on 0.2.0.9-alpha.
+    - When we can't transmit a DNS request due to a network error, retry
+      it after a while, and eventually transmit a failing response to
+      the RESOLVED cell. Bugfix on 0.1.2.5-alpha.
+    - If the controller claimed responsibility for a stream, but that
+      stream never finished making its connection, it would live
+      forever in circuit_wait state. Now we close it after SocksTimeout
+      seconds. Bugfix on 0.1.2.7-alpha; reported by Mike Perry.
+    - Drop begin cells to a hidden service if they come from the middle
+      of a circuit. Patch from lark.
+    - When we erroneously receive two EXTEND cells for the same circuit
+      ID on the same connection, drop the second. Patch from lark.
+    - Fix a crash that occurs on exit nodes when a nameserver request
+      timed out. Bugfix on 0.1.2.1-alpha; our CLEAR debugging code had
+      been suppressing the bug since 0.1.2.10-alpha. Partial fix for
+      bug 929.
+    - Do not assume that a stack-allocated character array will be
+      64-bit aligned on platforms that demand that uint64_t access is
+      aligned. Possible fix for bug 604.
+    - Parse dates and IPv4 addresses in a locale- and libc-independent
+      manner, to avoid platform-dependent behavior on malformed input.
+    - Build correctly when configured to build outside the main source
+      path. Patch from Michael Gold.
+    - We were already rejecting relay begin cells with destination port
+      of 0. Now also reject extend cells with destination port or address
+      of 0. Suggested by lark.
+
+  o Minor bugfixes (on 0.2.1.x):
+    - Don't re-extend introduction circuits if we ran out of RELAY_EARLY
+      cells. Bugfix on 0.2.1.3-alpha. Fixes more of bug 878.
+    - If we're an exit node, scrub the IP address to which we are exiting
+      in the logs. Bugfix on 0.2.1.8-alpha.
+
+  o Minor features:
+    - On Linux, use the prctl call to re-enable core dumps when the user
+      is option is set.
+    - New controller event NEWCONSENSUS that lists the networkstatus
+      lines for every recommended relay. Now controllers like Torflow
+      can keep up-to-date on which relays they should be using.
+    - Update to the "February 26 2009" ip-to-country file.
+
+
+Changes in version 0.2.0.34 - 2009-02-08
+  Tor 0.2.0.34 features several more security-related fixes. You should
+  upgrade, especially if you run an exit relay (remote crash) or a
+  directory authority (remote infinite loop), or you're on an older
+  (pre-XP) or not-recently-patched Windows (remote exploit).
+
+  This release marks end-of-life for Tor 0.1.2.x. Those Tor versions
+  have many known flaws, and nobody should be using them. You should
+  upgrade. If you're using a Linux or BSD and its packages are obsolete,
+  stop using those packages and upgrade anyway.
+
+  o Security fixes:
+    - Fix an infinite-loop bug on handling corrupt votes under certain
+      circumstances. Bugfix on 0.2.0.8-alpha.
+    - Fix a temporary DoS vulnerability that could be performed by
+      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
+    - Avoid a potential crash on exit nodes when processing malformed
+      input. Remote DoS opportunity. Bugfix on 0.2.0.33.
+    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
+      Spec conformance issue. Bugfix on Tor 0.0.2pre27.
+
+  o Minor bugfixes:
+    - Fix compilation on systems where time_t is a 64-bit integer.
+      Patch from Matthias Drochner.
+    - Don't consider expiring already-closed client connections. Fixes
+      bug 893. Bugfix on 0.0.2pre20.
+
+
+Changes in version 0.2.1.12-alpha - 2009-02-08
+  Tor 0.2.1.12-alpha features several more security-related fixes. You
+  should upgrade, especially if you run an exit relay (remote crash) or
+  a directory authority (remote infinite loop), or you're on an older
+  (pre-XP) or not-recently-patched Windows (remote exploit). It also
+  includes a big pile of minor bugfixes and cleanups.
+
+  o Security fixes:
+    - Fix an infinite-loop bug on handling corrupt votes under certain
+      circumstances. Bugfix on 0.2.0.8-alpha.
+    - Fix a temporary DoS vulnerability that could be performed by
+      a directory mirror. Bugfix on 0.2.0.9-alpha; reported by lark.
+    - Avoid a potential crash on exit nodes when processing malformed
+      input. Remote DoS opportunity. Bugfix on 0.2.1.7-alpha.
+
+  o Minor bugfixes:
+    - Let controllers actually ask for the "clients_seen" event for
+      getting usage summaries on bridge relays. Bugfix on 0.2.1.10-alpha;
+      reported by Matt Edman.
+    - Fix a compile warning on OSX Panther. Fixes bug 913; bugfix against
+      0.2.1.11-alpha.
+    - Fix a bug in address parsing that was preventing bridges or hidden
+      service targets from being at IPv6 addresses.
+    - Solve a bug that kept hardware crypto acceleration from getting
+      enabled when accounting was turned on. Fixes bug 907. Bugfix on
+      0.0.9pre6.
+    - Remove a bash-ism from configure.in to build properly on non-Linux
+      platforms. Bugfix on 0.2.1.1-alpha.
+    - Fix code so authorities _actually_ send back X-Descriptor-Not-New
+      headers. Bugfix on 0.2.0.10-alpha.
+    - Don't consider expiring already-closed client connections. Fixes
+      bug 893. Bugfix on 0.0.2pre20.
+    - Fix another interesting corner-case of bug 891 spotted by rovv:
+      Previously, if two hosts had different amounts of clock drift, and
+      one of them created a new connection with just the wrong timing,
+      the other might decide to deprecate the new connection erroneously.
+      Bugfix on 0.1.1.13-alpha.
+    - Resolve a very rare crash bug that could occur when the user forced
+      a nameserver reconfiguration during the middle of a nameserver
+      probe. Fixes bug 526. Bugfix on 0.1.2.1-alpha.
+    - Support changing value of ServerDNSRandomizeCase during SIGHUP.
+      Bugfix on 0.2.1.7-alpha.
+    - If we're using bridges and our network goes away, be more willing
+      to forgive our bridges and try again when we get an application
+      request. Bugfix on 0.2.0.x.
+
+  o Minor features:
+    - Support platforms where time_t is 64 bits long. (Congratulations,
+      NetBSD!) Patch from Matthias Drochner.
+    - Add a 'getinfo status/clients-seen' controller command, in case
+      controllers want to hear clients_seen events but connect late.
+
+  o Build changes:
+    - Disable GCC's strict alias optimization by default, to avoid the
+      likelihood of its introducing subtle bugs whenever our code violates
+      the letter of C99's alias rules.
+
+
+Changes in version 0.2.0.33 - 2009-01-21
+  Tor 0.2.0.33 fixes a variety of bugs that were making relays less
+  useful to users. It also finally fixes a bug where a relay or client
+  that's been off for many days would take a long time to bootstrap.
+
+  This update also fixes an important security-related bug reported by
+  Ilja van Sprundel. You should upgrade. (We'll send out more details
+  about the bug once people have had some time to upgrade.)
+
+  o Security fixes:
+    - Fix a heap-corruption bug that may be remotely triggerable on
+      some platforms. Reported by Ilja van Sprundel.
+
+  o Major bugfixes:
+    - When a stream at an exit relay is in state "resolving" or
+      "connecting" and it receives an "end" relay cell, the exit relay
+      would silently ignore the end cell and not close the stream. If
+      the client never closes the circuit, then the exit relay never
+      closes the TCP connection. Bug introduced in Tor 0.1.2.1-alpha;
+      reported by "wood".
+    - When sending CREATED cells back for a given circuit, use a 64-bit
+      connection ID to find the right connection, rather than an addr:port
+      combination. Now that we can have multiple OR connections between
+      the same ORs, it is no longer possible to use addr:port to uniquely
+      identify a connection.
+    - Bridge relays that had DirPort set to 0 would stop fetching
+      descriptors shortly after startup, and then briefly resume
+      after a new bandwidth test and/or after publishing a new bridge
+      descriptor. Bridge users that try to bootstrap from them would
+      get a recent networkstatus but would get descriptors from up to
+      18 hours earlier, meaning most of the descriptors were obsolete
+      already. Reported by Tas; bugfix on 0.2.0.13-alpha.
+    - Prevent bridge relays from serving their 'extrainfo' document
+      to anybody who asks, now that extrainfo docs include potentially
+      sensitive aggregated client geoip summaries. Bugfix on
+      0.2.0.13-alpha.
+    - If the cached networkstatus consensus is more than five days old,
+      discard it rather than trying to use it. In theory it could be
+      useful because it lists alternate directory mirrors, but in practice
+      it just means we spend many minutes trying directory mirrors that
+      are long gone from the network. Also discard router descriptors as
+      we load them if they are more than five days old, since the onion
+      key is probably wrong by now. Bugfix on 0.2.0.x. Fixes bug 887.
+
+  o Minor bugfixes:
+    - Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug
+      could make gcc generate non-functional binary search code. Bugfix
+      on 0.2.0.10-alpha.
+    - Build correctly on platforms without socklen_t.
+    - Compile without warnings on solaris.
+    - Avoid potential crash on internal error during signature collection.
+      Fixes bug 864. Patch from rovv.
+    - Correct handling of possible malformed authority signing key
+      certificates with internal signature types. Fixes bug 880.
+      Bugfix on 0.2.0.3-alpha.
+    - Fix a hard-to-trigger resource leak when logging credential status.
+      CID 349.
+    - When we can't initialize DNS because the network is down, do not
+      automatically stop Tor from starting. Instead, we retry failed
+      dns_init() every 10 minutes, and change the exit policy to reject
+      *:* until one succeeds. Fixes bug 691.
+    - Use 64 bits instead of 32 bits for connection identifiers used with
+      the controller protocol, to greatly reduce risk of identifier reuse.
+    - When we're choosing an exit node for a circuit, and we have
+      no pending streams, choose a good general exit rather than one that
+      supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
+    - Fix another case of assuming, when a specific exit is requested,
+      that we know more than the user about what hosts it allows.
+      Fixes one case of bug 752. Patch from rovv.
+    - Clip the MaxCircuitDirtiness config option to a minimum of 10
+      seconds. Warn the user if lower values are given in the
+      configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
+    - Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the
+      user if lower values are given in the configuration. Bugfix on
+      0.1.1.17-rc. Patch by Sebastian.
+    - Fix a memory leak when we decline to add a v2 rendezvous descriptor to
+      the cache because we already had a v0 descriptor with the same ID.
+      Bugfix on 0.2.0.18-alpha.
+    - Fix a race condition when freeing keys shared between main thread
+      and CPU workers that could result in a memory leak. Bugfix on
+      0.1.0.1-rc. Fixes bug 889.
+    - Send a valid END cell back when a client tries to connect to a
+      nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
+      840. Patch from rovv.
+    - Check which hops rendezvous stream cells are associated with to
+      prevent possible guess-the-streamid injection attacks from
+      intermediate hops. Fixes another case of bug 446. Based on patch
+      from rovv.
+    - If a broken client asks a non-exit router to connect somewhere,
+      do not even do the DNS lookup before rejecting the connection.
+      Fixes another case of bug 619. Patch from rovv.
+    - When a relay gets a create cell it can't decrypt (e.g. because it's
+      using the wrong onion key), we were dropping it and letting the
+      client time out. Now actually answer with a destroy cell. Fixes
+      bug 904. Bugfix on 0.0.2pre8.
+
+  o Minor bugfixes (hidden services):
+    - Do not throw away existing introduction points on SIGHUP. Bugfix on
+      0.0.6pre1. Patch by Karsten. Fixes bug 874.
+
+  o Minor features:
+    - Report the case where all signatures in a detached set are rejected
+      differently than the case where there is an error handling the
+      detached set.
+    - When we realize that another process has modified our cached
+      descriptors, print out a more useful error message rather than
+      triggering an assertion. Fixes bug 885. Patch from Karsten.
+    - Implement the 0x20 hack to better resist DNS poisoning: set the
+      case on outgoing DNS requests randomly, and reject responses that do
+      not match the case correctly. This logic can be disabled with the
+      ServerDNSRandomizeCase setting, if you are using one of the 0.3%
+      of servers that do not reliably preserve case in replies. See
+      "Increased DNS Forgery Resistance through 0x20-Bit Encoding"
+      for more info.
+    - Check DNS replies for more matching fields to better resist DNS
+      poisoning.
+    - Never use OpenSSL compression: it wastes RAM and CPU trying to
+      compress cells, which are basically all encrypted, compressed, or
+      both.
+
+
+Changes in version 0.2.1.11-alpha - 2009-01-20
+  Tor 0.2.1.11-alpha finishes fixing the "if your Tor is off for a
+  week it will take a long time to bootstrap again" bug. It also fixes
+  an important security-related bug reported by Ilja van Sprundel. You
+  should upgrade. (We'll send out more details about the bug once people
+  have had some time to upgrade.)
+
+  o Security fixes:
+    - Fix a heap-corruption bug that may be remotely triggerable on
+      some platforms. Reported by Ilja van Sprundel.
+
+  o Major bugfixes:
+    - Discard router descriptors as we load them if they are more than
+      five days old. Otherwise if Tor is off for a long time and then
+      starts with cached descriptors, it will try to use the onion
+      keys in those obsolete descriptors when building circuits. Bugfix
+      on 0.2.0.x. Fixes bug 887.
+
+  o Minor features:
+    - Try to make sure that the version of Libevent we're running with
+      is binary-compatible with the one we built with. May address bug
+      897 and others.
+    - Make setting ServerDNSRandomizeCase to 0 actually work. Bugfix
+      for bug 905. Bugfix on 0.2.1.7-alpha.
+    - Add a new --enable-local-appdata configuration switch to change
+      the default location of the datadir on win32 from APPDATA to
+      LOCAL_APPDATA. In the future, we should migrate to LOCAL_APPDATA
+      entirely. Patch from coderman.
+
+  o Minor bugfixes:
+    - Make outbound DNS packets respect the OutboundBindAddress setting.
+      Fixes the bug part of bug 798. Bugfix on 0.1.2.2-alpha.
+    - When our circuit fails at the first hop (e.g. we get a destroy
+      cell back), avoid using that OR connection anymore, and also
+      tell all the one-hop directory requests waiting for it that they
+      should fail. Bugfix on 0.2.1.3-alpha.
+    - In the torify(1) manpage, mention that tsocks will leak your
+      DNS requests.
+
+
+Changes in version 0.2.1.10-alpha - 2009-01-06
+  Tor 0.2.1.10-alpha fixes two major bugs in bridge relays (one that
+  would make the bridge relay not so useful if it had DirPort set to 0,
+  and one that could let an attacker learn a little bit of information
+  about the bridge's users), and a bug that would cause your Tor relay
+  to ignore a circuit create request it can't decrypt (rather than reply
+  with an error). It also fixes a wide variety of other bugs.
+
+  o Major bugfixes:
+    - If the cached networkstatus consensus is more than five days old,
+      discard it rather than trying to use it. In theory it could
+      be useful because it lists alternate directory mirrors, but in
+      practice it just means we spend many minutes trying directory
+      mirrors that are long gone from the network. Helps bug 887 a bit;
+      bugfix on 0.2.0.x.
+    - Bridge relays that had DirPort set to 0 would stop fetching
+      descriptors shortly after startup, and then briefly resume
+      after a new bandwidth test and/or after publishing a new bridge
+      descriptor. Bridge users that try to bootstrap from them would
+      get a recent networkstatus but would get descriptors from up to
+      18 hours earlier, meaning most of the descriptors were obsolete
+      already. Reported by Tas; bugfix on 0.2.0.13-alpha.
+    - Prevent bridge relays from serving their 'extrainfo' document
+      to anybody who asks, now that extrainfo docs include potentially
+      sensitive aggregated client geoip summaries. Bugfix on
+      0.2.0.13-alpha.
+
+  o Minor features:
+    - New controller event "clients_seen" to report a geoip-based summary
+      of which countries we've seen clients from recently. Now controllers
+      like Vidalia can show bridge operators that they're actually making
+      a difference.
+    - Build correctly against versions of OpenSSL 0.9.8 or later built
+      without support for deprecated functions.
+    - Update to the "December 19 2008" ip-to-country file.
+
+  o Minor bugfixes (on 0.2.0.x):
+    - Authorities now vote for the Stable flag for any router whose
+      weighted MTBF is at least 5 days, regardless of the mean MTBF.
+    - Do not remove routers as too old if we do not have any consensus
+      document. Bugfix on 0.2.0.7-alpha.
+    - Do not accept incomplete ipv4 addresses (like 192.168.0) as valid.
+      Spec conformance issue. Bugfix on Tor 0.0.2pre27.
+    - When an exit relay resolves a stream address to a local IP address,
+      do not just keep retrying that same exit relay over and
+      over. Instead, just close the stream. Addresses bug 872. Bugfix
+      on 0.2.0.32. Patch from rovv.
+    - If a hidden service sends us an END cell, do not consider
+      retrying the connection; just close it. Patch from rovv.
+    - When we made bridge authorities stop serving bridge descriptors over
+      unencrypted links, we also broke DirPort reachability testing for
+      bridges. So bridges with a non-zero DirPort were printing spurious
+      warns to their logs. Bugfix on 0.2.0.16-alpha. Fixes bug 709.
+    - When a relay gets a create cell it can't decrypt (e.g. because it's
+      using the wrong onion key), we were dropping it and letting the
+      client time out. Now actually answer with a destroy cell. Fixes
+      bug 904. Bugfix on 0.0.2pre8.
+    - Squeeze 2-5% out of client performance (according to oprofile) by
+      improving the implementation of some policy-manipulation functions.
+
+  o Minor bugfixes (on 0.2.1.x):
+    - Make get_interface_address() function work properly again; stop
+      guessing the wrong parts of our address as our address.
+    - Do not cannibalize a circuit if we're out of RELAY_EARLY cells to
+      send on that circuit. Otherwise we might violate the proposal-110
+      limit. Bugfix on 0.2.1.3-alpha. Partial fix for bug 878. Diagnosis
+      thanks to Karsten.
+    - When we're sending non-EXTEND cells to the first hop in a circuit,
+      for example to use an encrypted directory connection, we don't need
+      to use RELAY_EARLY cells: the first hop knows what kind of cell
+      it is, and nobody else can even see the cell type. Conserving
+      RELAY_EARLY cells makes it easier to cannibalize circuits like
+      this later.
+    - Stop logging nameserver addresses in reverse order.
+    - If we are retrying a directory download slowly over and over, do
+      not automatically give up after the 254th failure. Bugfix on
+      0.2.1.9-alpha.
+    - Resume reporting accurate "stream end" reasons to the local control
+      port. They were lost in the changes for Proposal 148. Bugfix on
+      0.2.1.9-alpha.
+
+  o Deprecated and removed features:
+    - The old "tor --version --version" command, which would print out
+      the subversion "Id" of most of the source files, is now removed. It
+      turned out to be less useful than we'd expected, and harder to
+      maintain.
+
+  o Code simplifications and refactoring:
+    - Change our header file guard macros to be less likely to conflict
+      with system headers. Adam Langley noticed that we were conflicting
+      with log.h on Android.
+    - Tool-assisted documentation cleanup. Nearly every function or
+      static variable in Tor should have its own documentation now.
+
+
+Changes in version 0.2.1.9-alpha - 2008-12-25
+  Tor 0.2.1.9-alpha fixes many more bugs, some of them security-related.
+
+  o New directory authorities:
+    - gabelmoo (the authority run by Karsten Loesing) now has a new
+      IP address.
+
+  o Security fixes:
+    - Never use a connection with a mismatched address to extend a
+      circuit, unless that connection is canonical. A canonical
+      connection is one whose address is authenticated by the router's
+      identity key, either in a NETINFO cell or in a router descriptor.
+    - Avoid a possible memory corruption bug when receiving hidden service
+      descriptors. Bugfix on 0.2.1.6-alpha.
+
+  o Major bugfixes:
+    - Fix a logic error that would automatically reject all but the first
+      configured DNS server. Bugfix on 0.2.1.5-alpha. Possible fix for
+      part of bug 813/868. Bug spotted by coderman.
+    - When a stream at an exit relay is in state "resolving" or
+      "connecting" and it receives an "end" relay cell, the exit relay
+      would silently ignore the end cell and not close the stream. If
+      the client never closes the circuit, then the exit relay never
+      closes the TCP connection. Bug introduced in 0.1.2.1-alpha;
+      reported by "wood".
+    - When we can't initialize DNS because the network is down, do not
+      automatically stop Tor from starting. Instead, retry failed
+      dns_init() every 10 minutes, and change the exit policy to reject
+      *:* until one succeeds. Fixes bug 691.
+
+  o Minor features:
+    - Give a better error message when an overzealous init script says
+      "sudo -u username tor --user username". Makes Bug 882 easier for
+      users to diagnose.
+    - When a directory authority gives us a new guess for our IP address,
+      log which authority we used. Hopefully this will help us debug
+      the recent complaints about bad IP address guesses.
+    - Detect svn revision properly when we're using git-svn.
+    - Try not to open more than one descriptor-downloading connection
+      to an authority at once. This should reduce load on directory
+      authorities. Fixes bug 366.
+    - Add cross-certification to newly generated certificates, so that
+      a signing key is enough information to look up a certificate.
+      Partial implementation of proposal 157.
+    - Start serving certificates by 
+      pairs. Partial implementation of proposal 157.
+    - Clients now never report any stream end reason except 'MISC'.
+      Implements proposal 148.
+    - On platforms with a maximum syslog string length, truncate syslog
+      messages to that length ourselves, rather than relying on the
+      system to do it for us.
+    - Optimize out calls to time(NULL) that occur for every IO operation,
+      or for every cell. On systems where time() is a slow syscall,
+      this fix will be slightly helpful.
+    - Exit servers can now answer resolve requests for ip6.arpa addresses.
+    - When we download a descriptor that we then immediately (as
+      a directory authority) reject, do not retry downloading it right
+      away. Should save some bandwidth on authorities. Fix for bug
+      888. Patch by Sebastian Hahn.
+    - When a download gets us zero good descriptors, do not notify
+      Tor that new directory information has arrived.
+    - Avoid some nasty corner cases in the logic for marking connections
+      as too old or obsolete or noncanonical for circuits. Partial
+      bugfix on bug 891.
+
+  o Minor features (controller):
+    - New CONSENSUS_ARRIVED event to note when a new consensus has
+      been fetched and validated.
+    - When we realize that another process has modified our cached
+      descriptors file, print out a more useful error message rather
+      than triggering an assertion. Fixes bug 885. Patch from Karsten.
+    - Add an internal-use-only __ReloadTorrcOnSIGHUP option for
+      controllers to prevent SIGHUP from reloading the
+      configuration. Fixes bug 856.
+
+  o Minor bugfixes:
+    - Resume using the correct "REASON=" stream when telling the
+      controller why we closed a stream. Bugfix in 0.2.1.1-alpha.
+    - When a canonical connection appears later in our internal list
+      than a noncanonical one for a given OR ID, always use the
+      canonical one. Bugfix on 0.2.0.12-alpha. Fixes bug 805.
+      Spotted by rovv.
+    - Clip the MaxCircuitDirtiness config option to a minimum of 10
+      seconds. Warn the user if lower values are given in the
+      configuration. Bugfix on 0.1.0.1-rc. Patch by Sebastian.
+    - Clip the CircuitBuildTimeout to a minimum of 30 seconds. Warn the
+      user if lower values are given in the configuration. Bugfix on
+      0.1.1.17-rc. Patch by Sebastian.
+    - Fix a race condition when freeing keys shared between main thread
+      and CPU workers that could result in a memory leak. Bugfix on
+      0.1.0.1-rc. Fixes bug 889.
+
+  o Minor bugfixes (hidden services):
+    - Do not throw away existing introduction points on SIGHUP (bugfix on
+      0.0.6pre1); also, do not stall hidden services because we're
+      throwing away introduction points; bugfix on 0.2.1.7-alpha. Spotted
+      by John Brooks. Patch by Karsten. Fixes bug 874.
+    - Fix a memory leak when we decline to add a v2 rendezvous
+      descriptor to the cache because we already had a v0 descriptor
+      with the same ID. Bugfix on 0.2.0.18-alpha.
+
+  o Deprecated and removed features:
+    - RedirectExits has been removed. It was deprecated since
+      0.2.0.3-alpha.
+    - Finally remove deprecated "EXTENDED_FORMAT" controller feature. It
+      has been called EXTENDED_EVENTS since 0.1.2.4-alpha.
+    - Cell pools are now always enabled; --disable-cell-pools is ignored.
+
+  o Code simplifications and refactoring:
+    - Rename the confusing or_is_obsolete field to the more appropriate
+      is_bad_for_new_circs, and move it to or_connection_t where it
+      belongs.
+    - Move edge-only flags from connection_t to edge_connection_t: not
+      only is this better coding, but on machines of plausible alignment,
+      it should save 4-8 bytes per connection_t. "Every little bit helps."
+    - Rename ServerDNSAllowBrokenResolvConf to ServerDNSAllowBrokenConfig
+      for consistency; keep old option working for backward compatibility.
+    - Simplify the code for finding connections to use for a circuit.
+
+
+Changes in version 0.2.1.8-alpha - 2008-12-08
+  Tor 0.2.1.8-alpha fixes some crash bugs in earlier alpha releases,
+  builds better on unusual platforms like Solaris and old OS X, and
+  fixes a variety of other issues.
+
+  o Major features:
+    - New DirPortFrontPage option that takes an html file and publishes
+      it as "/" on the DirPort. Now relay operators can provide a
+      disclaimer without needing to set up a separate webserver. There's
+      a sample disclaimer in contrib/tor-exit-notice.html.
+
+  o Security fixes:
+    - When the client is choosing entry guards, now it selects at most
+      one guard from a given relay family. Otherwise we could end up with
+      all of our entry points into the network run by the same operator.
+      Suggested by Camilo Viecco. Fix on 0.1.1.11-alpha.
+
+  o Major bugfixes:
+    - Fix a DOS opportunity during the voting signature collection process
+      at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
+    - Fix a possible segfault when establishing an exit connection. Bugfix
+      on 0.2.1.5-alpha.
+
+  o Minor bugfixes:
+    - Get file locking working on win32. Bugfix on 0.2.1.6-alpha. Fixes
+      bug 859.
+    - Made Tor a little less aggressive about deleting expired
+      certificates. Partial fix for bug 854.
+    - Stop doing unaligned memory access that generated bus errors on
+      sparc64. Bugfix on 0.2.0.10-alpha. Fix for bug 862.
+    - Fix a crash bug when changing EntryNodes from the controller. Bugfix
+      on 0.2.1.6-alpha. Fix for bug 867. Patched by Sebastian.
+    - Make USR2 log-level switch take effect immediately. Bugfix on
+      0.1.2.8-beta.
+    - If one win32 nameserver fails to get added, continue adding the
+      rest, and don't automatically fail.
+    - Use fcntl() for locking when flock() is not available. Should fix
+      compilation on Solaris. Should fix Bug 873. Bugfix on 0.2.1.6-alpha.
+    - Do not mark smartlist_bsearch_idx() function as ATTR_PURE. This bug
+      could make gcc generate non-functional binary search code. Bugfix
+      on 0.2.0.10-alpha.
+    - Build correctly on platforms without socklen_t.
+    - Avoid potential crash on internal error during signature collection.
+      Fixes bug 864. Patch from rovv.
+    - Do not use C's stdio library for writing to log files. This will
+      improve logging performance by a minute amount, and will stop
+      leaking fds when our disk is full. Fixes bug 861.
+    - Stop erroneous use of O_APPEND in cases where we did not in fact
+      want to re-seek to the end of a file before every last write().
+    - Correct handling of possible malformed authority signing key
+      certificates with internal signature types. Fixes bug 880. Bugfix
+      on 0.2.0.3-alpha.
+    - Fix a hard-to-trigger resource leak when logging credential status.
+      CID 349.
+
+  o Minor features:
+    - Directory mirrors no longer fetch the v1 directory or
+      running-routers files. They are obsolete, and nobody asks for them
+      anymore. This is the first step to making v1 authorities obsolete.
+
+  o Minor features (controller):
+    - Return circuit purposes in response to GETINFO circuit-status. Fixes
+      bug 858.
+
+
+Changes in version 0.2.0.32 - 2008-11-20
+  Tor 0.2.0.32 fixes a major security problem in Debian and Ubuntu
+  packages (and maybe other packages) noticed by Theo de Raadt, fixes
+  a smaller security flaw that might allow an attacker to access local
+  services, further improves hidden service performance, and fixes a
+  variety of other issues.
+
+  o Security fixes:
+    - The "User" and "Group" config options did not clear the
+      supplementary group entries for the Tor process. The "User" option
+      is now more robust, and we now set the groups to the specified
+      user's primary group. The "Group" option is now ignored. For more
+      detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
+      in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
+      and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848 and 857.
+    - The "ClientDNSRejectInternalAddresses" config option wasn't being
+      consistently obeyed: if an exit relay refuses a stream because its
+      exit policy doesn't allow it, we would remember what IP address
+      the relay said the destination address resolves to, even if it's
+      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
+
+  o Major bugfixes:
+    - Fix a DOS opportunity during the voting signature collection process
+      at directory authorities. Spotted by rovv. Bugfix on 0.2.0.x.
+
+  o Major bugfixes (hidden services):
+    - When fetching v0 and v2 rendezvous service descriptors in parallel,
+      we were failing the whole hidden service request when the v0
+      descriptor fetch fails, even if the v2 fetch is still pending and
+      might succeed. Similarly, if the last v2 fetch fails, we were
+      failing the whole hidden service request even if a v0 fetch is
+      still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
+    - When extending a circuit to a hidden service directory to upload a
+      rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
+      requests failed, because the router descriptor has not been
+      downloaded yet. In these cases, do not attempt to upload the
+      rendezvous descriptor, but wait until the router descriptor is
+      downloaded and retry. Likewise, do not attempt to fetch a rendezvous
+      descriptor from a hidden service directory for which the router
+      descriptor has not yet been downloaded. Fixes bug 767. Bugfix
+      on 0.2.0.10-alpha.
+
+  o Minor bugfixes:
+    - Fix several infrequent memory leaks spotted by Coverity.
+    - When testing for libevent functions, set the LDFLAGS variable
+      correctly. Found by Riastradh.
+    - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
+      bootstrapping with tunneled directory connections. Bugfix on
+      0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
+    - When asked to connect to A.B.exit:80, if we don't know the IP for A
+      and we know that server B rejects most-but-not all connections to
+      port 80, we would previously reject the connection. Now, we assume
+      the user knows what they were asking for. Fixes bug 752. Bugfix
+      on 0.0.9rc5. Diagnosed by BarkerJr.
+    - If we overrun our per-second write limits a little, count this as
+      having used up our write allocation for the second, and choke
+      outgoing directory writes. Previously, we had only counted this when
+      we had met our limits precisely. Fixes bug 824. Patch from by rovv.
+      Bugfix on 0.2.0.x (??).
+    - Remove the old v2 directory authority 'lefkada' from the default
+      list. It has been gone for many months.
+    - Stop doing unaligned memory access that generated bus errors on
+      sparc64. Bugfix on 0.2.0.10-alpha. Fixes bug 862.
+    - Make USR2 log-level switch take effect immediately. Bugfix on
+      0.1.2.8-beta.
+
+  o Minor bugfixes (controller):
+    - Make DNS resolved events into "CLOSED", not "FAILED". Bugfix on
+      0.1.2.5-alpha. Fix by Robert Hogan. Resolves bug 807.
+
+
+Changes in version 0.2.1.7-alpha - 2008-11-08
+  Tor 0.2.1.7-alpha fixes a major security problem in Debian and Ubuntu
+  packages (and maybe other packages) noticed by Theo de Raadt, fixes
+  a smaller security flaw that might allow an attacker to access local
+  services, adds better defense against DNS poisoning attacks on exit
+  relays, further improves hidden service performance, and fixes a
+  variety of other issues.
+
+  o Security fixes:
+    - The "ClientDNSRejectInternalAddresses" config option wasn't being
+      consistently obeyed: if an exit relay refuses a stream because its
+      exit policy doesn't allow it, we would remember what IP address
+      the relay said the destination address resolves to, even if it's
+      an internal IP address. Bugfix on 0.2.0.7-alpha; patch by rovv.
+    - The "User" and "Group" config options did not clear the
+      supplementary group entries for the Tor process. The "User" option
+      is now more robust, and we now set the groups to the specified
+      user's primary group. The "Group" option is now ignored. For more
+      detailed logging on credential switching, set CREDENTIAL_LOG_LEVEL
+      in common/compat.c to LOG_NOTICE or higher. Patch by Jacob Appelbaum
+      and Steven Murdoch. Bugfix on 0.0.2pre14. Fixes bug 848.
+    - Do not use or believe expired v3 authority certificates. Patch
+      from Karsten. Bugfix in 0.2.0.x. Fixes bug 851.
+
+  o Minor features:
+    - Now NodeFamily and MyFamily config options allow spaces in
+      identity fingerprints, so it's easier to paste them in.
+      Suggested by Lucky Green.
+    - Implement the 0x20 hack to better resist DNS poisoning: set the
+      case on outgoing DNS requests randomly, and reject responses that do
+      not match the case correctly. This logic can be disabled with the
+      ServerDNSRandomizeCase setting, if you are using one of the 0.3%
+      of servers that do not reliably preserve case in replies. See
+      "Increased DNS Forgery Resistance through 0x20-Bit Encoding"
+      for more info.
+    - Preserve case in replies to DNSPort requests in order to support
+      the 0x20 hack for resisting DNS poisoning attacks.
+
+  o Hidden service performance improvements:
+    - When the client launches an introduction circuit, retry with a
+      new circuit after 30 seconds rather than 60 seconds.
+    - Launch a second client-side introduction circuit in parallel
+      after a delay of 15 seconds (based on work by Christian Wilms).
+    - Hidden services start out building five intro circuits rather
+      than three, and when the first three finish they publish a service
+      descriptor using those. Now we publish our service descriptor much
+      faster after restart.
+
+  o Minor bugfixes:
+    - Minor fix in the warning messages when you're having problems
+      bootstrapping; also, be more forgiving of bootstrap problems when
+      we're still making incremental progress on a given bootstrap phase.
+    - When we're choosing an exit node for a circuit, and we have
+      no pending streams, choose a good general exit rather than one that
+      supports "all the pending streams". Bugfix on 0.1.1.x. Fix by rovv.
+    - Send a valid END cell back when a client tries to connect to a
+      nonexistent hidden service port. Bugfix on 0.1.2.15. Fixes bug
+      840. Patch from rovv.
+    - If a broken client asks a non-exit router to connect somewhere,
+      do not even do the DNS lookup before rejecting the connection.
+      Fixes another case of bug 619. Patch from rovv.
+    - Fix another case of assuming, when a specific exit is requested,
+      that we know more than the user about what hosts it allows.
+      Fixes another case of bug 752. Patch from rovv.
+    - Check which hops rendezvous stream cells are associated with to
+      prevent possible guess-the-streamid injection attacks from
+      intermediate hops. Fixes another case of bug 446. Based on patch
+      from rovv.
+    - Avoid using a negative right-shift when comparing 32-bit
+      addresses. Possible fix for bug 845 and bug 811.
+    - Make the assert_circuit_ok() function work correctly on circuits that
+      have already been marked for close.
+    - Fix read-off-the-end-of-string error in unit tests when decoding
+      introduction points.
+    - Fix uninitialized size field for memory area allocation: may improve
+      memory performance during directory parsing.
+    - Treat duplicate certificate fetches as failures, so that we do
+      not try to re-fetch an expired certificate over and over and over.
+    - Do not say we're fetching a certificate when we'll in fact skip it
+      because of a pending download.
+
+
+Changes in version 0.2.1.6-alpha - 2008-09-30
+  Tor 0.2.1.6-alpha further improves performance and robustness of
+  hidden services, starts work on supporting per-country relay selection,
+  and fixes a variety of smaller issues.
+
+  o Major features:
+    - Implement proposal 121: make it possible to build hidden services
+      that only certain clients are allowed to connect to. This is
+      enforced at several points, so that unauthorized clients are unable
+      to send INTRODUCE cells to the service, or even (depending on the
+      type of authentication) to learn introduction points. This feature
+      raises the bar for certain kinds of active attacks against hidden
+      services. Code by Karsten Loesing.
+    - Relays now store and serve v2 hidden service descriptors by default,
+      i.e., the new default value for HidServDirectoryV2 is 1. This is
+      the last step in proposal 114, which aims to make hidden service
+      lookups more reliable.
+    - Start work to allow node restrictions to include country codes. The
+      syntax to exclude nodes in a country with country code XX is
+      "ExcludeNodes {XX}". Patch from Robert Hogan. It still needs some
+      refinement to decide what config options should take priority if
+      you ask to both use a particular node and exclude it.
+    - Allow ExitNodes list to include IP ranges and country codes, just
+      like the Exclude*Nodes lists. Patch from Robert Hogan.
+
+  o Major bugfixes:
+    - Fix a bug when parsing ports in tor_addr_port_parse() that caused
+      Tor to fail to start if you had it configured to use a bridge
+      relay. Fixes bug 809. Bugfix on 0.2.1.5-alpha.
+    - When extending a circuit to a hidden service directory to upload a
+      rendezvous descriptor using a BEGIN_DIR cell, almost 1/6 of all
+      requests failed, because the router descriptor had not been
+      downloaded yet. In these cases, we now wait until the router
+      descriptor is downloaded, and then retry. Likewise, clients
+      now skip over a hidden service directory if they don't yet have
+      its router descriptor, rather than futilely requesting it and
+      putting mysterious complaints in the logs. Fixes bug 767. Bugfix
+      on 0.2.0.10-alpha.
+    - When fetching v0 and v2 rendezvous service descriptors in parallel,
+      we were failing the whole hidden service request when the v0
+      descriptor fetch fails, even if the v2 fetch is still pending and
+      might succeed. Similarly, if the last v2 fetch fails, we were
+      failing the whole hidden service request even if a v0 fetch is
+      still pending. Fixes bug 814. Bugfix on 0.2.0.10-alpha.
+    - DNS replies need to have names matching their requests, but
+      these names should be in the questions section, not necessarily
+      in the answers section. Fixes bug 823. Bugfix on 0.2.1.5-alpha.
+
+  o Minor features:
+    - Update to the "September 1 2008" ip-to-country file.
+    - Allow ports 465 and 587 in the default exit policy again. We had
+      rejected them in 0.1.0.15, because back in 2005 they were commonly
+      misconfigured and ended up as spam targets. We hear they are better
+      locked down these days.
+    - Use a lockfile to make sure that two Tor processes are not
+      simultaneously running with the same datadir.
+    - Serve the latest v3 networkstatus consensus via the control
+      port. Use "getinfo dir/status-vote/current/consensus" to fetch it.
+    - Better logging about stability/reliability calculations on directory
+      servers.
+    - Drop the requirement to have an open dir port for storing and
+      serving v2 hidden service descriptors.
+    - Directory authorities now serve a /tor/dbg-stability.txt URL to
+      help debug WFU and MTBF calculations.
+    - Implement most of Proposal 152: allow specialized servers to permit
+      single-hop circuits, and clients to use those servers to build
+      single-hop circuits when using a specialized controller. Patch
+      from Josh Albrecht. Resolves feature request 768.
+    - Add a -p option to tor-resolve for specifying the SOCKS port: some
+      people find host:port too confusing.
+    - Make TrackHostExit mappings expire a while after their last use, not
+      after their creation. Patch from Robert Hogan.
+    - Provide circuit purposes along with circuit events to the controller.
+
+  o Minor bugfixes:
+    - Fix compile on OpenBSD 4.4-current. Bugfix on 0.2.1.5-alpha.
+      Reported by Tas.
+    - Fixed some memory leaks -- some quite frequent, some almost
+      impossible to trigger -- based on results from Coverity.
+    - When testing for libevent functions, set the LDFLAGS variable
+      correctly. Found by Riastradh.
+    - Fix an assertion bug in parsing policy-related options; possible fix
+      for bug 811.
+    - Catch and report a few more bootstrapping failure cases when Tor
+      fails to establish a TCP connection. Cleanup on 0.2.1.x.
+    - Avoid a bug where the FastFirstHopPK 0 option would keep Tor from
+      bootstrapping with tunneled directory connections. Bugfix on
+      0.1.2.5-alpha. Fixes bug 797. Found by Erwin Lam.
+    - When asked to connect to A.B.exit:80, if we don't know the IP for A
+      and we know that server B rejects most-but-not all connections to
+      port 80, we would previously reject the connection. Now, we assume
+      the user knows what they were asking for. Fixes bug 752. Bugfix
+      on 0.0.9rc5. Diagnosed by BarkerJr.
+    - If we are not using BEGIN_DIR cells, don't attempt to contact hidden
+      service directories if they have no advertised dir port. Bugfix
+      on 0.2.0.10-alpha.
+    - If we overrun our per-second write limits a little, count this as
+      having used up our write allocation for the second, and choke
+      outgoing directory writes. Previously, we had only counted this when
+      we had met our limits precisely. Fixes bug 824. Patch by rovv.
+      Bugfix on 0.2.0.x (??).
+    - Avoid a "0 divided by 0" calculation when calculating router uptime
+      at directory authorities. Bugfix on 0.2.0.8-alpha.
+    - Make DNS resolved controller events into "CLOSED", not
+      "FAILED". Bugfix on 0.1.2.5-alpha. Fix by Robert Hogan. Resolves
+      bug 807.
+    - Fix a bug where an unreachable relay would establish enough
+      reachability testing circuits to do a bandwidth test -- if
+      we already have a connection to the middle hop of the testing
+      circuit, then it could establish the last hop by using the existing
+      connection. Bugfix on 0.1.2.2-alpha, exposed when we made testing
+      circuits no longer use entry guards in 0.2.1.3-alpha.
+    - If we have correct permissions on $datadir, we complain to stdout
+      and fail to start. But dangerous permissions on
+      $datadir/cached-status/ would cause us to open a log and complain
+      there. Now complain to stdout and fail to start in both cases. Fixes
+      bug 820, reported by seeess.
+    - Remove the old v2 directory authority 'lefkada' from the default
+      list. It has been gone for many months.
+
+  o Code simplifications and refactoring:
+    - Revise the connection_new functions so that a more typesafe variant
+      exists. This will work better with Coverity, and let us find any
+      actual mistakes we're making here.
+    - Refactor unit testing logic so that dmalloc can be used sensibly
+      with unit tests to check for memory leaks.
+    - Move all hidden-service related fields from connection and circuit
+      structure to substructures: this way they won't eat so much memory.
+
+
+Changes in version 0.2.0.31 - 2008-09-03
+  Tor 0.2.0.31 addresses two potential anonymity issues, starts to fix
+  a big bug we're seeing where in rare cases traffic from one Tor stream
+  gets mixed into another stream, and fixes a variety of smaller issues.
+
+  o Major bugfixes:
+    - Make sure that two circuits can never exist on the same connection
+      with the same circuit ID, even if one is marked for close. This
+      is conceivably a bugfix for bug 779. Bugfix on 0.1.0.4-rc.
+    - Relays now reject risky extend cells: if the extend cell includes
+      a digest of all zeroes, or asks to extend back to the relay that
+      sent the extend cell, tear down the circuit. Ideas suggested
+      by rovv.
+    - If not enough of our entry guards are available so we add a new
+      one, we might use the new one even if it overlapped with the
+      current circuit's exit relay (or its family). Anonymity bugfix
+      pointed out by rovv.
+
+  o Minor bugfixes:
+    - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
+      794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
+    - Correctly detect the presence of the linux/netfilter_ipv4.h header
+      when building against recent kernels. Bugfix on 0.1.2.1-alpha.
+    - Pick size of default geoip filename string correctly on windows.
+      Fixes bug 806. Bugfix on 0.2.0.30.
+    - Make the autoconf script accept the obsolete --with-ssl-dir
+      option as an alias for the actually-working --with-openssl-dir
+      option. Fix the help documentation to recommend --with-openssl-dir.
+      Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
+    - When using the TransPort option on OpenBSD, and using the User
+      option to change UID and drop privileges, make sure to open
+      /dev/pf before dropping privileges. Fixes bug 782. Patch from
+      Christopher Davis. Bugfix on 0.1.2.1-alpha.
+    - Try to attach connections immediately upon receiving a RENDEZVOUS2
+      or RENDEZVOUS_ESTABLISHED cell. This can save a second or two
+      on the client side when connecting to a hidden service. Bugfix
+      on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743.
+    - When closing an application-side connection because its circuit is
+      getting torn down, generate the stream event correctly. Bugfix on
+      0.1.2.x. Anonymous patch.
+
+
+Changes in version 0.2.1.5-alpha - 2008-08-31
+  Tor 0.2.1.5-alpha moves us closer to handling IPv6 destinations, puts
+  in a lot of the infrastructure for adding authorization to hidden
+  services, lays the groundwork for having clients read their load
+  balancing information out of the networkstatus consensus rather than
+  the individual router descriptors, addresses two potential anonymity
+  issues, and fixes a variety of smaller issues.
+
+  o Major features:
+    - Convert many internal address representations to optionally hold
+      IPv6 addresses.
+    - Generate and accept IPv6 addresses in many protocol elements.
+    - Make resolver code handle nameservers located at ipv6 addresses.
+    - Begin implementation of proposal 121 ("Client authorization for
+      hidden services"): configure hidden services with client
+      authorization, publish descriptors for them, and configure
+      authorization data for hidden services at clients. The next
+      step is to actually access hidden services that perform client
+      authorization.
+    - More progress toward proposal 141: Network status consensus
+      documents and votes now contain bandwidth information for each
+      router and a summary of that router's exit policy. Eventually this
+      will be used by clients so that they do not have to download every
+      known descriptor before building circuits.
+
+  o Major bugfixes (on 0.2.0.x and before):
+    - When sending CREATED cells back for a given circuit, use a 64-bit
+      connection ID to find the right connection, rather than an addr:port
+      combination. Now that we can have multiple OR connections between
+      the same ORs, it is no longer possible to use addr:port to uniquely
+      identify a connection.
+    - Relays now reject risky extend cells: if the extend cell includes
+      a digest of all zeroes, or asks to extend back to the relay that
+      sent the extend cell, tear down the circuit. Ideas suggested
+      by rovv.
+    - If not enough of our entry guards are available so we add a new
+      one, we might use the new one even if it overlapped with the
+      current circuit's exit relay (or its family). Anonymity bugfix
+      pointed out by rovv.
+
+  o Minor bugfixes:
+    - Recover 3-7 bytes that were wasted per memory chunk. Fixes bug
+      794; bug spotted by rovv. Bugfix on 0.2.0.1-alpha.
+    - When using the TransPort option on OpenBSD, and using the User
+      option to change UID and drop privileges, make sure to open /dev/pf
+      before dropping privileges. Fixes bug 782. Patch from Christopher
+      Davis. Bugfix on 0.1.2.1-alpha.
+    - Correctly detect the presence of the linux/netfilter_ipv4.h header
+      when building against recent kernels. Bugfix on 0.1.2.1-alpha.
+    - Add a missing safe_str() call for a debug log message.
+    - Use 64 bits instead of 32 bits for connection identifiers used with
+      the controller protocol, to greatly reduce risk of identifier reuse.
+    - Make the autoconf script accept the obsolete --with-ssl-dir
+      option as an alias for the actually-working --with-openssl-dir
+      option. Fix the help documentation to recommend --with-openssl-dir.
+      Based on a patch by "Dave". Bugfix on 0.2.0.1-alpha.
+
+  o Minor features:
+    - Rate-limit too-many-sockets messages: when they happen, they happen
+      a lot. Resolves bug 748.
+    - Resist DNS poisoning a little better by making sure that names in
+      answer sections match.
+    - Print the SOCKS5 error message string as well as the error code
+      when a tor-resolve request fails. Patch from Jacob.
+
+
+Changes in version 0.2.1.4-alpha - 2008-08-04
+  Tor 0.2.1.4-alpha fixes a pair of crash bugs in 0.2.1.3-alpha.
+
+  o Major bugfixes:
+    - The address part of exit policies was not correctly written
+      to router descriptors. This generated router descriptors that failed
+      their self-checks. Noticed by phobos, fixed by Karsten. Bugfix
+      on 0.2.1.3-alpha.
+    - Tor triggered a false assert when extending a circuit to a relay
+      but we already have a connection open to that relay. Noticed by
+      phobos, fixed by Karsten. Bugfix on 0.2.1.3-alpha.
+
+  o Minor bugfixes:
+    - Fix a hidden service logging bug: in some edge cases, the router
+      descriptor of a previously picked introduction point becomes
+      obsolete and we need to give up on it rather than continually
+      complaining that it has become obsolete. Observed by xiando. Bugfix
+      on 0.2.1.3-alpha.
+
+  o Removed features:
+    - Take out the TestVia config option, since it was a workaround for
+      a bug that was fixed in Tor 0.1.1.21.
+
+
+Changes in version 0.2.1.3-alpha - 2008-08-03
+  Tor 0.2.1.3-alpha implements most of the pieces to prevent
+  infinite-length circuit attacks (see proposal 110); fixes a bug that
+  might cause exit relays to corrupt streams they send back; allows
+  address patterns (e.g. 255.128.0.0/16) to appear in ExcludeNodes and
+  ExcludeExitNodes config options; and fixes a big pile of bugs.
+
+  o Bootstrapping bugfixes (on 0.2.1.x-alpha):
+    - Send a bootstrap problem "warn" event on the first problem if the
+      reason is NO_ROUTE (that is, our network is down).
+
+  o Major features:
+    - Implement most of proposal 110: The first K cells to be sent
+      along a circuit are marked as special "early" cells; only K "early"
+      cells will be allowed. Once this code is universal, we can block
+      certain kinds of DOS attack by requiring that EXTEND commands must
+      be sent using an "early" cell.
+
+  o Major bugfixes:
+    - Try to attach connections immediately upon receiving a RENDEZVOUS2
+      or RENDEZVOUS_ESTABLISHED cell. This can save a second or two
+      on the client side when connecting to a hidden service. Bugfix
+      on 0.0.6pre1. Found and fixed by Christian Wilms; resolves bug 743.
+    - Ensure that two circuits can never exist on the same connection
+      with the same circuit ID, even if one is marked for close. This
+      is conceivably a bugfix for bug 779; fixes a bug on 0.1.0.4-rc.
+
+  o Minor features:
+    - When relays do their initial bandwidth measurement, don't limit
+      to just our entry guards for the test circuits. Otherwise we tend
+      to have multiple test circuits going through a single entry guard,
+      which makes our bandwidth test less accurate. Fixes part of bug 654;
+      patch contributed by Josh Albrecht.
+    - Add an ExcludeExitNodes option so users can list a set of nodes
+      that should be be excluded from the exit node position, but
+      allowed elsewhere. Implements proposal 151.
+    - Allow address patterns (e.g., 255.128.0.0/16) to appear in
+      ExcludeNodes and ExcludeExitNodes lists.
+    - Change the implementation of ExcludeNodes and ExcludeExitNodes to
+      be more efficient. Formerly it was quadratic in the number of
+      servers; now it should be linear. Fixes bug 509.
+    - Save 16-22 bytes per open circuit by moving the n_addr, n_port,
+      and n_conn_id_digest fields into a separate structure that's
+      only needed when the circuit has not yet attached to an n_conn.
+
+  o Minor bugfixes:
+    - Change the contrib/tor.logrotate script so it makes the new
+      logs as "_tor:_tor" rather than the default, which is generally
+      "root:wheel". Fixes bug 676, reported by Serge Koksharov.
+    - Stop using __attribute__((nonnull)) with GCC: it can give us useful
+      warnings (occasionally), but it can also cause the compiler to
+      eliminate error-checking code. Suggested by Peter Gutmann.
+    - When a hidden service is giving up on an introduction point candidate
+      that was not included in the last published rendezvous descriptor,
+      don't reschedule publication of the next descriptor. Fixes bug 763.
+      Bugfix on 0.0.9.3.
+    - Mark RendNodes, RendExcludeNodes, HiddenServiceNodes, and
+      HiddenServiceExcludeNodes as obsolete: they never worked properly,
+      and nobody claims to be using them. Fixes bug 754. Bugfix on
+      0.1.0.1-rc. Patch from Christian Wilms.
+    - Fix a small alignment and memory-wasting bug on buffer chunks.
+      Spotted by rovv.
+
+  o Minor bugfixes (controller):
+    - When closing an application-side connection because its circuit
+      is getting torn down, generate the stream event correctly.
+      Bugfix on 0.1.2.x. Anonymous patch.
+
+  o Removed features:
+    - Remove all backward-compatibility code to support relays running
+      versions of Tor so old that they no longer work at all on the
+      Tor network.
+
+
+Changes in version 0.2.0.30 - 2008-07-15
+  o Minor bugfixes:
+    - Stop using __attribute__((nonnull)) with GCC: it can give us useful
+      warnings (occasionally), but it can also cause the compiler to
+      eliminate error-checking code. Suggested by Peter Gutmann.
+
+
+Changes in version 0.2.0.29-rc - 2008-07-08
+  Tor 0.2.0.29-rc fixes two big bugs with using bridges, fixes more
+  hidden-service performance bugs, and fixes a bunch of smaller bugs.
+
+  o Major bugfixes:
+    - If you have more than one bridge but don't know their keys,
+      you would only launch a request for the descriptor of the first one
+      on your list. (Tor considered launching requests for the others, but
+      found that it already had a connection on the way for $0000...0000
+      so it didn't open another.) Bugfix on 0.2.0.x.
+    - If you have more than one bridge but don't know their keys, and the
+      connection to one of the bridges failed, you would cancel all
+      pending bridge connections. (After all, they all have the same
+      digest.) Bugfix on 0.2.0.x.
+    - When a hidden service was trying to establish an introduction point,
+      and Tor had built circuits preemptively for such purposes, we
+      were ignoring all the preemptive circuits and launching a new one
+      instead. Bugfix on 0.2.0.14-alpha.
+    - When a hidden service was trying to establish an introduction point,
+      and Tor *did* manage to reuse one of the preemptively built
+      circuits, it didn't correctly remember which one it used,
+      so it asked for another one soon after, until there were no
+      more preemptive circuits, at which point it launched one from
+      scratch. Bugfix on 0.0.9.x.
+    - Make directory servers include the X-Your-Address-Is: http header in
+      their responses even for begin_dir conns. Now clients who only
+      ever use begin_dir connections still have a way to learn their IP
+      address. Fixes bug 737; bugfix on 0.2.0.22-rc. Reported by goldy.
+
+  o Minor bugfixes:
+    - Fix a macro/CPP interaction that was confusing some compilers:
+      some GCCs don't like #if/#endif pairs inside macro arguments.
+      Fixes bug 707.
+    - Fix macro collision between OpenSSL 0.9.8h and Windows headers.
+      Fixes bug 704; fix from Steven Murdoch.
+    - When opening /dev/null in finish_daemonize(), do not pass the
+      O_CREAT flag. Fortify was complaining, and correctly so. Fixes
+      bug 742; fix from Michael Scherer. Bugfix on 0.0.2pre19.
+    - Correctly detect transparent proxy support on Linux hosts that
+      require in.h to be included before netfilter_ipv4.h. Patch
+      from coderman.
+    - Disallow session resumption attempts during the renegotiation
+      stage of the v2 handshake protocol. Clients should never be trying
+      session resumption at this point, but apparently some did, in
+      ways that caused the handshake to fail. Bugfix on 0.2.0.20-rc. Bug
+      found by Geoff Goodell.
+
+
+Changes in version 0.2.1.2-alpha - 2008-06-20
+  Tor 0.2.1.2-alpha includes a new "TestingTorNetwork" config option to
+  make it easier to set up your own private Tor network; fixes several
+  big bugs with using more than one bridge relay; fixes a big bug with
+  offering hidden services quickly after Tor starts; and uses a better
+  API for reporting potential bootstrapping problems to the controller.
+
+  o Major features:
+    - New TestingTorNetwork config option to allow adjustment of
+      previously constant values that, while reasonable, could slow
+      bootstrapping. Implements proposal 135. Patch from Karsten.
+
+  o Major bugfixes:
+    - If you have more than one bridge but don't know their digests,
+      you would only learn a request for the descriptor of the first one
+      on your list. (Tor considered launching requests for the others, but
+      found that it already had a connection on the way for $0000...0000
+      so it didn't open another.) Bugfix on 0.2.0.x.
+    - If you have more than one bridge but don't know their digests,
+      and the connection to one of the bridges failed, you would cancel
+      all pending bridge connections. (After all, they all have the
+      same digest.) Bugfix on 0.2.0.x.
+    - When establishing a hidden service, introduction points that
+      originate from cannibalized circuits are completely ignored and not
+      included in rendezvous service descriptors. This might be another
+      reason for delay in making a hidden service available. Bugfix
+      from long ago (0.0.9.x?)
+
+  o Minor features:
+    - Allow OpenSSL to use dynamic locks if it wants.
+    - When building a consensus, do not include routers that are down.
+      This will cut down 30% to 40% on consensus size. Implements
+      proposal 138.
+    - In directory authorities' approved-routers files, allow
+      fingerprints with or without space.
+    - Add a "GETINFO /status/bootstrap-phase" controller option, so the
+      controller can query our current bootstrap state in case it attaches
+      partway through and wants to catch up.
+    - Send an initial "Starting" bootstrap status event, so we have a
+      state to start out in.
+
+  o Minor bugfixes:
+    - Asking for a conditional consensus at .../consensus/
+      would crash a dirserver if it did not already have a
+      consensus. Bugfix on 0.2.1.1-alpha.
+    - Clean up some macro/CPP interactions: some GCC versions don't like
+      #if/#endif pairs inside macro arguments. Fixes bug 707. Bugfix on
+      0.2.0.x.
+
+  o Bootstrapping bugfixes (on 0.2.1.1-alpha):
+    - Directory authorities shouldn't complain about bootstrapping
+      problems just because they do a lot of reachability testing and
+      some of the connection attempts fail.
+    - Start sending "count" and "recommendation" key/value pairs in
+      bootstrap problem status events, so the controller can hear about
+      problems even before Tor decides they're worth reporting for sure.
+    - If you're using bridges, generate "bootstrap problem" warnings
+      as soon as you run out of working bridges, rather than waiting
+      for ten failures -- which will never happen if you have less than
+      ten bridges.
+    - If we close our OR connection because there's been a circuit
+      pending on it for too long, we were telling our bootstrap status
+      events "REASON=NONE". Now tell them "REASON=TIMEOUT".
+
+
+Changes in version 0.2.1.1-alpha - 2008-06-13
+  Tor 0.2.1.1-alpha fixes a lot of memory fragmentation problems that
+  were making the Tor process bloat especially on Linux; makes our TLS
+  handshake blend in better; sends "bootstrap phase" status events to
+  the controller, so it can keep the user informed of progress (and
+  problems) fetching directory information and establishing circuits;
+  and adds a variety of smaller features.
+
+  o Major features:
+    - More work on making our TLS handshake blend in: modify the list
+      of ciphers advertised by OpenSSL in client mode to even more
+      closely resemble a common web browser. We cheat a little so that
+      we can advertise ciphers that the locally installed OpenSSL doesn't
+      know about.
+    - Start sending "bootstrap phase" status events to the controller,
+      so it can keep the user informed of progress fetching directory
+      information and establishing circuits. Also inform the controller
+      if we think we're stuck at a particular bootstrap phase. Implements
+      proposal 137.
+    - Resume using OpenSSL's RAND_poll() for better (and more portable)
+      cross-platform entropy collection again. We used to use it, then
+      stopped using it because of a bug that could crash systems that
+      called RAND_poll when they had a lot of fds open. It looks like the
+      bug got fixed in late 2006. Our new behavior is to call RAND_poll()
+      at startup, and to call RAND_poll() when we reseed later only if
+      we have a non-buggy OpenSSL version.
+
+  o Major bugfixes:
+    - When we choose to abandon a new entry guard because we think our
+      older ones might be better, close any circuits pending on that
+      new entry guard connection. This fix should make us recover much
+      faster when our network is down and then comes back. Bugfix on
+      0.1.2.8-beta; found by lodger.
+
+  o Memory fixes and improvements:
+    - Add a malloc_good_size implementation to OpenBSD_malloc_linux.c,
+      to avoid unused RAM in buffer chunks and memory pools.
+    - Speed up parsing and cut down on memory fragmentation by using
+      stack-style allocations for parsing directory objects. Previously,
+      this accounted for over 40% of allocations from within Tor's code
+      on a typical directory cache.
+    - Use a Bloom filter rather than a digest-based set to track which
+      descriptors we need to keep around when we're cleaning out old
+      router descriptors. This speeds up the computation significantly,
+      and may reduce fragmentation.
+    - Reduce the default smartlist size from 32 to 16; it turns out that
+      most smartlists hold around 8-12 elements tops.
+    - Make dumpstats() log the fullness and size of openssl-internal
+      buffers.
+    - If the user has applied the experimental SSL_MODE_RELEASE_BUFFERS
+      patch to their OpenSSL, turn it on to save memory on servers. This
+      patch will (with any luck) get included in a mainline distribution
+      before too long.
+    - Never use OpenSSL compression: it wastes RAM and CPU trying to
+      compress cells, which are basically all encrypted, compressed,
+      or both.
+
+  o Minor bugfixes:
+    - Stop reloading the router list from disk for no reason when we
+      run out of reachable directory mirrors. Once upon a time reloading
+      it would set the 'is_running' flag back to 1 for them. It hasn't
+      done that for a long time.
+    - In very rare situations new hidden service descriptors were
+      published earlier than 30 seconds after the last change to the
+      service. (We currently think that a hidden service descriptor
+      that's been stable for 30 seconds is worth publishing.)
+
+  o Minor features:
+    - Allow separate log levels to be configured for different logging
+      domains. For example, this allows one to log all notices, warnings,
+      or errors, plus all memory management messages of level debug or
+      higher, with: Log [MM] debug-err [*] notice-err file /var/log/tor.
+    - Add a couple of extra warnings to --enable-gcc-warnings for GCC 4.3,
+      and stop using a warning that had become unfixably verbose under
+      GCC 4.3.
+    - New --hush command-line option similar to --quiet. While --quiet
+      disables all logging to the console on startup, --hush limits the
+      output to messages of warning and error severity.
+    - Servers support a new URL scheme for consensus downloads that
+      allows the client to specify which authorities are trusted.
+      The server then only sends the consensus if the client will trust
+      it. Otherwise a 404 error is sent back. Clients use this
+      new scheme when the server supports it (meaning it's running
+      0.2.1.1-alpha or later). Implements proposal 134.
+    - New configure/torrc options (--enable-geoip-stats,
+      DirRecordUsageByCountry) to record how many IPs we've served
+      directory info to in each country code, how many status documents
+      total we've sent to each country code, and what share of the total
+      directory requests we should expect to see.
+    - Use the TLS1 hostname extension to more closely resemble browser
+      behavior.
+    - Lots of new unit tests.
+    - Add a macro to implement the common pattern of iterating through
+      two parallel lists in lockstep.
+
+
+Changes in version 0.2.0.28-rc - 2008-06-13
+  Tor 0.2.0.28-rc fixes an anonymity-related bug, fixes a hidden-service
+  performance bug, and fixes a bunch of smaller bugs.
+
+  o Anonymity fixes:
+    - Fix a bug where, when we were choosing the 'end stream reason' to
+      put in our relay end cell that we send to the exit relay, Tor
+      clients on Windows were sometimes sending the wrong 'reason'. The
+      anonymity problem is that exit relays may be able to guess whether
+      the client is running Windows, thus helping partition the anonymity
+      set. Down the road we should stop sending reasons to exit relays,
+      or otherwise prevent future versions of this bug.
+
+  o Major bugfixes:
+    - While setting up a hidden service, some valid introduction circuits
+      were overlooked and abandoned. This might be the reason for
+      the long delay in making a hidden service available. Bugfix on
+      0.2.0.14-alpha.
+
+  o Minor features:
+    - Update to the "June 9 2008" ip-to-country file.
+    - Run 'make test' as part of 'make dist', so we stop releasing so
+      many development snapshots that fail their unit tests.
+
+  o Minor bugfixes:
+    - When we're checking if we have enough dir info for each relay
+      to begin establishing circuits, make sure that we actually have
+      the descriptor listed in the consensus, not just any descriptor.
+      Bugfix on 0.1.2.x.
+    - Bridge relays no longer print "xx=0" in their extrainfo document
+      for every single country code in the geoip db. Bugfix on
+      0.2.0.27-rc.
+    - Only warn when we fail to load the geoip file if we were planning to
+      include geoip stats in our extrainfo document. Bugfix on 0.2.0.27-rc.
+    - If we change our MaxAdvertisedBandwidth and then reload torrc,
+      Tor won't realize it should publish a new relay descriptor. Fixes
+      bug 688, reported by mfr. Bugfix on 0.1.2.x.
+    - When we haven't had any application requests lately, don't bother
+      logging that we have expired a bunch of descriptors. Bugfix
+      on 0.1.2.x.
+    - Make relay cells written on a connection count as non-padding when
+      tracking how long a connection has been in use. Bugfix on
+      0.2.0.1-alpha. Spotted by lodger.
+    - Fix unit tests in 0.2.0.27-rc.
+    - Fix compile on Windows.
+
+
+Changes in version 0.2.0.27-rc - 2008-06-03
+  Tor 0.2.0.27-rc adds a few features we left out of the earlier
+  release candidates. In particular, we now include an IP-to-country
+  GeoIP database, so controllers can easily look up what country a
+  given relay is in, and so bridge relays can give us some sanitized
+  summaries about which countries are making use of bridges. (See proposal
+  126-geoip-fetching.txt for details.)
+
+  o Major features:
+    - Include an IP-to-country GeoIP file in the tarball, so bridge
+      relays can report sanitized summaries of the usage they're seeing.
+
+  o Minor features:
+    - Add a "PURPOSE=" argument to "STREAM NEW" events, as suggested by
+      Robert Hogan. Fixes the first part of bug 681.
+    - Make bridge authorities never serve extrainfo docs.
+    - Add support to detect Libevent versions in the 1.4.x series
+      on mingw.
+    - Fix build on gcc 4.3 with --enable-gcc-warnings set.
+    - Include a new contrib/tor-exit-notice.html file that exit relay
+      operators can put on their website to help reduce abuse queries.
+
+  o Minor bugfixes:
+    - When tunneling an encrypted directory connection, and its first
+      circuit fails, do not leave it unattached and ask the controller
+      to deal. Fixes the second part of bug 681.
+    - Make bridge authorities correctly expire old extrainfo documents
+      from time to time.
+
+
+Changes in version 0.2.0.26-rc - 2008-05-13
+  Tor 0.2.0.26-rc fixes a major security vulnerability caused by a bug
+  in Debian's OpenSSL packages. All users running any 0.2.0.x version
+  should upgrade, whether they're running Debian or not.
+
+  o Major security fixes:
+    - Use new V3 directory authority keys on the tor26, gabelmoo, and
+      moria1 V3 directory authorities. The old keys were generated with
+      a vulnerable version of Debian's OpenSSL package, and must be
+      considered compromised. Other authorities' keys were not generated
+      with an affected version of OpenSSL.
+
+  o Major bugfixes:
+    - List authority signatures as "unrecognized" based on DirServer
+      lines, not on cert cache. Bugfix on 0.2.0.x.
+
+  o Minor features:
+    - Add a new V3AuthUseLegacyKey option to make it easier for
+      authorities to change their identity keys if they have to.
+
+
+Changes in version 0.2.0.25-rc - 2008-04-23
+  Tor 0.2.0.25-rc makes Tor work again on OS X and certain BSDs.
+
+  o Major bugfixes:
+    - Remember to initialize threading before initializing logging.
+      Otherwise, many BSD-family implementations will crash hard on
+      startup. Fixes bug 671. Bugfix on 0.2.0.24-rc.
+
+  o Minor bugfixes:
+    - Authorities correctly free policies on bad servers on
+      exit. Fixes bug 672. Bugfix on 0.2.0.x.
+
+
+Changes in version 0.2.0.24-rc - 2008-04-22
+  Tor 0.2.0.24-rc adds dizum (run by Alex de Joode) as the new sixth
+  v3 directory authority, makes relays with dynamic IP addresses and no
+  DirPort notice more quickly when their IP address changes, fixes a few
+  rare crashes and memory leaks, and fixes a few other miscellaneous bugs.
+
+  o New directory authorities:
+    - Take lefkada out of the list of v3 directory authorities, since
+      it has been down for months.
+    - Set up dizum (run by Alex de Joode) as the new sixth v3 directory
+      authority.
+
+  o Major bugfixes:
+    - Detect address changes more quickly on non-directory mirror
+      relays. Bugfix on 0.2.0.18-alpha; fixes bug 652.
+
+  o Minor features (security):
+    - Reject requests for reverse-dns lookup of names that are in
+      a private address space. Patch from lodger.
+    - Non-exit relays no longer allow DNS requests. Fixes bug 619. Patch
+      from lodger.
+
+  o Minor bugfixes (crashes):
+    - Avoid a rare assert that can trigger when Tor doesn't have much
+      directory information yet and it tries to fetch a v2 hidden
+      service descriptor. Fixes bug 651, reported by nwf.
+    - Initialize log mutex before initializing dmalloc. Otherwise,
+      running with dmalloc would crash. Bugfix on 0.2.0.x-alpha.
+    - Use recursive pthread mutexes in order to avoid deadlock when
+      logging debug-level messages to a controller. Bug spotted by nwf,
+      bugfix on 0.2.0.16-alpha.
+
+  o Minor bugfixes (resource management):
+    - Keep address policies from leaking memory: start their refcount
+      at 1, not 2. Bugfix on 0.2.0.16-alpha.
+    - Free authority certificates on exit, so they don't look like memory
+      leaks. Bugfix on 0.2.0.19-alpha.
+    - Free static hashtables for policy maps and for TLS connections on
+      shutdown, so they don't look like memory leaks. Bugfix on 0.2.0.x.
+    - Avoid allocating extra space when computing consensuses on 64-bit
+      platforms. Bug spotted by aakova.
+
+  o Minor bugfixes (misc):
+    - Do not read the configuration file when we've only been told to
+      generate a password hash. Fixes bug 643. Bugfix on 0.0.9pre5. Fix
+      based on patch from Sebastian Hahn.
+    - Exit relays that are used as a client can now reach themselves
+      using the .exit notation, rather than just launching an infinite
+      pile of circuits. Fixes bug 641. Reported by Sebastian Hahn.
+    - When attempting to open a logfile fails, tell us why.
+    - Fix a dumb bug that was preventing us from knowing that we should
+      preemptively build circuits to handle expected directory requests.
+      Fixes bug 660. Bugfix on 0.1.2.x.
+    - Warn less verbosely about clock skew from netinfo cells from
+      untrusted sources. Fixes bug 663.
+    - Make controller stream events for DNS requests more consistent,
+      by adding "new stream" events for DNS requests, and removing
+      spurious "stream closed" events" for cached reverse resolves.
+      Patch from mwenge. Fixes bug 646.
+    - Correctly notify one-hop connections when a circuit build has
+      failed. Possible fix for bug 669. Found by lodger.
+
+
+Changes in version 0.2.0.23-rc - 2008-03-24
+  Tor 0.2.0.23-rc is the fourth release candidate for the 0.2.0 series. It
+  makes bootstrapping faster if the first directory mirror you contact
+  is down. The bundles also include the new Vidalia 0.1.2 release.
+
+  o Major bugfixes:
+    - When a tunneled directory request is made to a directory server
+      that's down, notice after 30 seconds rather than 120 seconds. Also,
+      fail any begindir streams that are pending on it, so they can
+      retry elsewhere. This was causing multi-minute delays on bootstrap.
+
+
+Changes in version 0.2.0.22-rc - 2008-03-18
+  Tor 0.2.0.22-rc is the third release candidate for the 0.2.0 series. It
+  enables encrypted directory connections by default for non-relays, fixes
+  some broken TLS behavior we added in 0.2.0.20-rc, and resolves many
+  other bugs. The bundles also include Vidalia 0.1.1 and Torbutton 1.1.17.
+
+  o Major features:
+    - Enable encrypted directory connections by default for non-relays,
+      so censor tools that block Tor directory connections based on their
+      plaintext patterns will no longer work. This means Tor works in
+      certain censored countries by default again.
+
+  o Major bugfixes:
+    - Make sure servers always request certificates from clients during
+      TLS renegotiation. Reported by lodger; bugfix on 0.2.0.20-rc.
+    - Do not enter a CPU-eating loop when a connection is closed in
+      the middle of client-side TLS renegotiation. Fixes bug 622. Bug
+      diagnosed by lodger; bugfix on 0.2.0.20-rc.
+    - Fix assertion failure that could occur when a blocked circuit
+      became unblocked, and it had pending client DNS requests. Bugfix
+      on 0.2.0.1-alpha. Fixes bug 632.
+
+  o Minor bugfixes (on 0.1.2.x):
+    - Generate "STATUS_SERVER" events rather than misspelled
+      "STATUS_SEVER" events. Caught by mwenge.
+    - When counting the number of bytes written on a TLS connection,
+      look at the BIO actually used for writing to the network, not
+      at the BIO used (sometimes) to buffer data for the network.
+      Looking at different BIOs could result in write counts on the
+      order of ULONG_MAX. Fixes bug 614.
+    - On Windows, correctly detect errors when listing the contents of
+      a directory. Fix from lodger.
+
+  o Minor bugfixes (on 0.2.0.x):
+    - Downgrade "sslv3 alert handshake failure" message to INFO.
+    - If we set RelayBandwidthRate and RelayBandwidthBurst very high but
+      left BandwidthRate and BandwidthBurst at the default, we would be
+      silently limited by those defaults. Now raise them to match the
+      RelayBandwidth* values.
+    - Fix the SVK version detection logic to work correctly on a branch.
+    - Make --enable-openbsd-malloc work correctly on Linux with alpha
+      CPUs. Fixes bug 625.
+    - Logging functions now check that the passed severity is sane.
+    - Use proper log levels in the testsuite call of
+      get_interface_address6().
+    - When using a nonstandard malloc, do not use the platform values for
+      HAVE_MALLOC_GOOD_SIZE or HAVE_MALLOC_USABLE_SIZE.
+    - Make the openbsd malloc code use 8k pages on alpha CPUs and
+      16k pages on ia64.
+    - Detect mismatched page sizes when using --enable-openbsd-malloc.
+    - Avoid double-marked-for-close warning when certain kinds of invalid
+      .in-addr.arpa addresses are passed to the DNSPort. Part of a fix
+      for bug 617. Bugfix on 0.2.0.1-alpha.
+    - Make sure that the "NULL-means-reject *:*" convention is followed by
+      all the policy manipulation functions, avoiding some possible crash
+      bugs. Bug found by lodger. Bugfix on 0.2.0.16-alpha.
+    - Fix the implementation of ClientDNSRejectInternalAddresses so that it
+      actually works, and doesn't warn about every single reverse lookup.
+      Fixes the other part of bug 617. Bugfix on 0.2.0.1-alpha.
+
+  o Minor features:
+    - Only log guard node status when guard node status has changed.
+    - Downgrade the 3 most common "INFO" messages to "DEBUG". This will
+      make "INFO" 75% less verbose.
+
+
+Changes in version 0.2.0.21-rc - 2008-03-02
+  Tor 0.2.0.21-rc is the second release candidate for the 0.2.0 series. It
+  makes Tor work well with Vidalia again, fixes a rare assert bug,
+  and fixes a pair of more minor bugs. The bundles also include Vidalia
+  0.1.0 and Torbutton 1.1.16.
+
+  o Major bugfixes:
+    - The control port should declare that it requires password auth
+      when HashedControlSessionPassword is set too. Patch from Matt Edman;
+      bugfix on 0.2.0.20-rc. Fixes bug 615.
+    - Downgrade assert in connection_buckets_decrement() to a log message.
+      This may help us solve bug 614, and in any case will make its
+      symptoms less severe. Bugfix on 0.2.0.20-rc. Reported by fredzupy.
+    - We were sometimes miscounting the number of bytes read from the
+      network, causing our rate limiting to not be followed exactly.
+      Bugfix on 0.2.0.16-alpha. Reported by lodger.
+
+  o Minor bugfixes:
+    - Fix compilation with OpenSSL 0.9.8 and 0.9.8a. All other supported
+      OpenSSL versions should have been working fine. Diagnosis and patch
+      from lodger, Karsten Loesing, and Sebastian Hahn. Fixes bug 616.
+      Bugfix on 0.2.0.20-rc.
+
+
+Changes in version 0.2.0.20-rc - 2008-02-24
+  Tor 0.2.0.20-rc is the first release candidate for the 0.2.0 series. It
+  makes more progress towards normalizing Tor's TLS handshake, makes
+  hidden services work better again, helps relays bootstrap if they don't
+  know their IP address, adds optional support for linking in openbsd's
+  allocator or tcmalloc, allows really fast relays to scale past 15000
+  sockets, and fixes a bunch of minor bugs reported by Veracode.
+
+  o Major features:
+    - Enable the revised TLS handshake based on the one designed by
+      Steven Murdoch in proposal 124, as revised in proposal 130. It
+      includes version negotiation for OR connections as described in
+      proposal 105. The new handshake is meant to be harder for censors
+      to fingerprint, and it adds the ability to detect certain kinds of
+      man-in-the-middle traffic analysis attacks. The version negotiation
+      feature will allow us to improve Tor's link protocol more safely
+      in the future.
+    - Choose which bridge to use proportional to its advertised bandwidth,
+      rather than uniformly at random. This should speed up Tor for
+      bridge users. Also do this for people who set StrictEntryNodes.
+    - When a TrackHostExits-chosen exit fails too many times in a row,
+      stop using it. Bugfix on 0.1.2.x; fixes bug 437.
+
+  o Major bugfixes:
+    - Resolved problems with (re-)fetching hidden service descriptors.
+      Patch from Karsten Loesing; fixes problems with 0.2.0.18-alpha
+      and 0.2.0.19-alpha.
+    - If we only ever used Tor for hidden service lookups or posts, we
+      would stop building circuits and start refusing connections after
+      24 hours, since we falsely believed that Tor was dormant. Reported
+      by nwf; bugfix on 0.1.2.x.
+    - Servers that don't know their own IP address should go to the
+      authorities for their first directory fetch, even if their DirPort
+      is off or if they don't know they're reachable yet. This will help
+      them bootstrap better. Bugfix on 0.2.0.18-alpha; fixes bug 609.
+    - When counting the number of open sockets, count not only the number
+      of sockets we have received from the socket() call, but also
+      the number we've gotten from accept() and socketpair(). This bug
+      made us fail to count all sockets that we were using for incoming
+      connections. Bugfix on 0.2.0.x.
+    - Fix code used to find strings within buffers, when those strings
+      are not in the first chunk of the buffer. Bugfix on 0.2.0.x.
+    - Fix potential segfault when parsing HTTP headers. Bugfix on 0.2.0.x.
+    - Add a new __HashedControlSessionPassword option for controllers
+      to use for one-off session password hashes that shouldn't get
+      saved to disk by SAVECONF --- Vidalia users were accumulating a
+      pile of HashedControlPassword lines in their torrc files, one for
+      each time they had restarted Tor and then clicked Save. Make Tor
+      automatically convert "HashedControlPassword" to this new option but
+      only when it's given on the command line. Partial fix for bug 586.
+
+  o Minor features (performance):
+    - Tune parameters for cell pool allocation to minimize amount of
+      RAM overhead used.
+    - Add OpenBSD malloc code from phk as an optional malloc
+      replacement on Linux: some glibc libraries do very poorly
+      with Tor's memory allocation patterns. Pass
+      --enable-openbsd-malloc to get the replacement malloc code.
+    - Add a --with-tcmalloc option to the configure script to link
+      against tcmalloc (if present). Does not yet search for
+      non-system include paths.
+    - Stop imposing an arbitrary maximum on the number of file descriptors
+      used for busy servers. Bug reported by Olaf Selke; patch from
+      Sebastian Hahn.
+
+  o Minor features (other):
+    - When SafeLogging is disabled, log addresses along with all TLS
+      errors.
+    - When building with --enable-gcc-warnings, check for whether Apple's
+      warning "-Wshorten-64-to-32" is available.
+    - Add a --passphrase-fd argument to the tor-gencert command for
+      scriptability.
+
+  o Minor bugfixes (memory leaks and code problems):
+    - We were leaking a file descriptor if Tor started with a zero-length
+      cached-descriptors file. Patch by freddy77; bugfix on 0.1.2.
+    - Detect size overflow in zlib code. Reported by Justin Ferguson and
+      Dan Kaminsky.
+    - We were comparing the raw BridgePassword entry with a base64'ed
+      version of it, when handling a "/tor/networkstatus-bridges"
+      directory request. Now compare correctly. Noticed by Veracode.
+    - Recover from bad tracked-since value in MTBF-history file.
+      Should fix bug 537.
+    - Alter the code that tries to recover from unhandled write
+      errors, to not try to flush onto a socket that's given us
+      unhandled errors. Bugfix on 0.1.2.x.
+    - Make Unix controlsockets work correctly on OpenBSD. Patch from
+      tup. Bugfix on 0.2.0.3-alpha.
+
+  o Minor bugfixes (other):
+    - If we have an extra-info document for our server, always make
+      it available on the control port, even if we haven't gotten
+      a copy of it from an authority yet. Patch from mwenge.
+    - Log the correct memory chunk sizes for empty RAM chunks in mempool.c.
+    - Directory mirrors no longer include a guess at the client's IP
+      address if the connection appears to be coming from the same /24
+      network; it was producing too many wrong guesses.
+    - Make the new hidden service code respect the SafeLogging setting.
+      Bugfix on 0.2.0.x. Patch from Karsten.
+    - When starting as an authority, do not overwrite all certificates
+      cached from other authorities. Bugfix on 0.2.0.x. Fixes bug 606.
+    - If we're trying to flush the last bytes on a connection (for
+      example, when answering a directory request), reset the
+      time-to-give-up timeout every time we manage to write something
+      on the socket. Bugfix on 0.1.2.x.
+    - Change the behavior of "getinfo status/good-server-descriptor"
+      so it doesn't return failure when any authority disappears.
+    - Even though the man page said that "TrackHostExits ." should
+      work, nobody had ever implemented it. Bugfix on 0.1.0.x.
+    - Report TLS "zero return" case as a "clean close" and "IO error"
+      as a "close". Stop calling closes "unexpected closes": existing
+      Tors don't use SSL_close(), so having a connection close without
+      the TLS shutdown handshake is hardly unexpected.
+    - Send NAMESERVER_STATUS messages for a single failed nameserver
+      correctly.
+
+  o Code simplifications and refactoring:
+    - Remove the tor_strpartition function: its logic was confused,
+      and it was only used for one thing that could be implemented far
+      more easily.
+
+
+Changes in version 0.2.0.19-alpha - 2008-02-09
+  Tor 0.2.0.19-alpha makes more progress towards normalizing Tor's TLS
+  handshake, makes path selection for relays more secure and IP address
+  guessing more robust, and generally fixes a lot of bugs in preparation
+  for calling the 0.2.0 branch stable.
+
+  o Major features:
+    - Do not include recognizeable strings in the commonname part of
+      Tor's x509 certificates.
+
+  o Major bugfixes:
+    - If we're a relay, avoid picking ourselves as an introduction point,
+      a rendezvous point, or as the final hop for internal circuits. Bug
+      reported by taranis and lodger. Bugfix on 0.1.2.x.
+    - Patch from "Andrew S. Lists" to catch when we contact a directory
+      mirror at IP address X and he says we look like we're coming from
+      IP address X. Bugfix on 0.1.2.x.
+
+  o Minor features (security):
+    - Be more paranoid about overwriting sensitive memory on free(),
+      as a defensive programming tactic to ensure forward secrecy.
+
+  o Minor features (directory authority):
+    - Actually validate the options passed to AuthDirReject,
+      AuthDirInvalid, AuthDirBadDir, and AuthDirBadExit.
+    - Reject router descriptors with out-of-range bandwidthcapacity or
+      bandwidthburst values.
+
+  o Minor features (controller):
+    - Reject controller commands over 1MB in length. This keeps rogue
+      processes from running us out of memory.
+
+  o Minor features (misc):
+    - Give more descriptive well-formedness errors for out-of-range
+      hidden service descriptor/protocol versions.
+    - Make memory debugging information describe more about history
+      of cell allocation, so we can help reduce our memory use.
+
+  o Deprecated features (controller):
+    - The status/version/num-versioning and status/version/num-concurring
+      GETINFO options are no longer useful in the v3 directory protocol:
+      treat them as deprecated, and warn when they're used.
+
+  o Minor bugfixes:
+    - When our consensus networkstatus has been expired for a while, stop
+      being willing to build circuits using it. Fixes bug 401. Bugfix
+      on 0.1.2.x.
+    - Directory caches now fetch certificates from all authorities
+      listed in a networkstatus consensus, even when they do not
+      recognize them. Fixes bug 571. Bugfix on 0.2.0.x.
+    - When connecting to a bridge without specifying its key, insert
+      the connection into the identity-to-connection map as soon as
+      a key is learned. Fixes bug 574. Bugfix on 0.2.0.x.
+    - Detect versions of OS X where malloc_good_size() is present in the
+      library but never actually declared. Resolves bug 587. Bugfix
+      on 0.2.0.x.
+    - Stop incorrectly truncating zlib responses to directory authority
+      signature download requests. Fixes bug 593. Bugfix on 0.2.0.x.
+    - Stop recommending that every server operator send mail to tor-ops.
+      Resolves bug 597. Bugfix on 0.1.2.x.
+    - Don't trigger an assert if we start a directory authority with a
+      private IP address (like 127.0.0.1).
+    - Avoid possible failures when generating a directory with routers
+      with over-long versions strings, or too many flags set. Bugfix
+      on 0.1.2.x.
+    - If an attempt to launch a DNS resolve request over the control
+      port fails because we have overrun the limit on the number of
+      connections, tell the controller that the request has failed.
+    - Avoid using too little bandwidth when our clock skips a few
+      seconds. Bugfix on 0.1.2.x.
+    - Fix shell error when warning about missing packages in configure
+      script, on Fedora or Red Hat machines. Bugfix on 0.2.0.x.
+    - Do not become confused when receiving a spurious VERSIONS-like
+      cell from a confused v1 client. Bugfix on 0.2.0.x.
+    - Re-fetch v2 (as well as v0) rendezvous descriptors when all
+      introduction points for a hidden service have failed. Patch from
+      Karsten Loesing. Bugfix on 0.2.0.x.
+
+  o Code simplifications and refactoring:
+    - Remove some needless generality from cpuworker code, for improved
+      type-safety.
+    - Stop overloading the circuit_t.onionskin field for both "onionskin
+      from a CREATE cell that we are waiting for a cpuworker to be
+      assigned" and "onionskin from an EXTEND cell that we are going to
+      send to an OR as soon as we are connected". Might help with bug 600.
+    - Add an in-place version of aes_crypt() so that we can avoid doing a
+      needless memcpy() call on each cell payload.
+
+
+Changes in version 0.2.0.18-alpha - 2008-01-25
+  Tor 0.2.0.18-alpha adds a sixth v3 directory authority run by CCC,
+  fixes a big memory leak in 0.2.0.17-alpha, and adds new config options
+  that can warn or reject connections to ports generally associated with
+  vulnerable-plaintext protocols.
+
+  o New directory authorities:
+    - Set up dannenberg (run by CCC) as the sixth v3 directory
+      authority.
+
+  o Major bugfixes:
+    - Fix a major memory leak when attempting to use the v2 TLS
+      handshake code. Bugfix on 0.2.0.x; fixes bug 589.
+    - We accidentally enabled the under-development v2 TLS handshake
+      code, which was causing log entries like "TLS error while
+      renegotiating handshake". Disable it again. Resolves bug 590.
+    - We were computing the wrong Content-Length: header for directory
+      responses that need to be compressed on the fly, causing clients
+      asking for those items to always fail. Bugfix on 0.2.0.x; partially
+      fixes bug 593.
+
+  o Major features:
+    - Avoid going directly to the directory authorities even if you're a
+      relay, if you haven't found yourself reachable yet or if you've
+      decided not to advertise your dirport yet. Addresses bug 556.
+    - If we've gone 12 hours since our last bandwidth check, and we
+      estimate we have less than 50KB bandwidth capacity but we could
+      handle more, do another bandwidth test.
+    - New config options WarnPlaintextPorts and RejectPlaintextPorts so
+      Tor can warn and/or refuse connections to ports commonly used with
+      vulnerable-plaintext protocols. Currently we warn on ports 23,
+      109, 110, and 143, but we don't reject any.
+
+  o Minor bugfixes:
+    - When we setconf ClientOnly to 1, close any current OR and Dir
+      listeners. Reported by mwenge.
+    - When we get a consensus that's been signed by more people than
+      we expect, don't log about it; it's not a big deal. Reported
+      by Kyle Williams.
+
+  o Minor features:
+    - Don't answer "/tor/networkstatus-bridges" directory requests if
+      the request isn't encrypted.
+    - Make "ClientOnly 1" config option disable directory ports too.
+    - Patches from Karsten Loesing to make v2 hidden services more
+      robust: work even when there aren't enough HSDir relays available;
+      retry when a v2 rend desc fetch fails; but don't retry if we
+      already have a usable v0 rend desc.
+
+
+Changes in version 0.2.0.17-alpha - 2008-01-17
+  Tor 0.2.0.17-alpha makes the tarball build cleanly again (whoops).
+
+  o Compile fixes:
+    - Make the tor-gencert man page get included correctly in the tarball.
+
+
+Changes in version 0.2.0.16-alpha - 2008-01-17
+  Tor 0.2.0.16-alpha adds a fifth v3 directory authority run by Karsten
+  Loesing, and generally cleans up a lot of features and minor bugs.
+
+  o New directory authorities:
+    - Set up gabelmoo (run by Karsten Loesing) as the fifth v3 directory
+      authority.
+
+  o Major performance improvements:
+    - Switch our old ring buffer implementation for one more like that
+      used by free Unix kernels. The wasted space in a buffer with 1mb
+      of data will now be more like 8k than 1mb. The new implementation
+      also avoids realloc();realloc(); patterns that can contribute to
+      memory fragmentation.
+
+  o Minor features:
+    - Configuration files now accept C-style strings as values. This
+      helps encode characters not allowed in the current configuration
+      file format, such as newline or #. Addresses bug 557.
+    - Although we fixed bug 539 (where servers would send HTTP status 503
+      responses _and_ send a body too), there are still servers out
+      there that haven't upgraded. Therefore, make clients parse such
+      bodies when they receive them.
+    - When we're not serving v2 directory information, there is no reason
+      to actually keep any around. Remove the obsolete files and directory
+      on startup if they are very old and we aren't going to serve them.
+
+  o Minor performance improvements:
+    - Reference-count and share copies of address policy entries; only 5%
+      of them were actually distinct.
+    - Never walk through the list of logs if we know that no log is
+      interested in a given message.
+
+  o Minor bugfixes:
+    - When an authority has not signed a consensus, do not try to
+      download a nonexistent "certificate with key 00000000". Bugfix
+      on 0.2.0.x. Fixes bug 569.
+    - Fix a rare assert error when we're closing one of our threads:
+      use a mutex to protect the list of logs, so we never write to the
+      list as it's being freed. Bugfix on 0.1.2.x. Fixes the very rare
+      bug 575, which is kind of the revenge of bug 222.
+    - Patch from Karsten Loesing to complain less at both the client
+      and the relay when a relay used to have the HSDir flag but doesn't
+      anymore, and we try to upload a hidden service descriptor.
+    - Stop leaking one cert per TLS context. Fixes bug 582. Bugfix on
+      0.2.0.15-alpha.
+    - Do not try to download missing certificates until we have tried
+      to check our fallback consensus. Fixes bug 583.
+    - Make bridges round reported GeoIP stats info up to the nearest
+      estimate, not down. Now we can distinguish between "0 people from
+      this country" and "1 person from this country".
+    - Avoid a spurious free on base64 failure. Bugfix on 0.1.2.
+    - Avoid possible segfault if key generation fails in
+      crypto_pk_hybrid_encrypt. Bugfix on 0.2.0.
+    - Avoid segfault in the case where a badly behaved v2 versioning
+      directory sends a signed networkstatus with missing client-versions.
+      Bugfix on 0.1.2.
+    - Avoid segfaults on certain complex invocations of
+      router_get_by_hexdigest(). Bugfix on 0.1.2.
+    - Correct bad index on array access in parse_http_time(). Bugfix
+      on 0.2.0.
+    - Fix possible bug in vote generation when server versions are present
+      but client versions are not.
+    - Fix rare bug on REDIRECTSTREAM control command when called with no
+      port set: it could erroneously report an error when none had
+      happened.
+    - Avoid bogus crash-prone, leak-prone tor_realloc when we're
+      compressing large objects and find ourselves with more than 4k
+      left over. Bugfix on 0.2.0.
+    - Fix a small memory leak when setting up a hidden service.
+    - Fix a few memory leaks that could in theory happen under bizarre
+      error conditions.
+    - Fix an assert if we post a general-purpose descriptor via the
+      control port but that descriptor isn't mentioned in our current
+      network consensus. Bug reported by Jon McLachlan; bugfix on
+      0.2.0.9-alpha.
+
+  o Minor features (controller):
+    - Get NS events working again. Patch from tup.
+    - The GETCONF command now escapes and quotes configuration values
+      that don't otherwise fit into the torrc file.
+    - The SETCONF command now handles quoted values correctly.
+
+  o Minor features (directory authorities):
+    - New configuration options to override default maximum number of
+      servers allowed on a single IP address. This is important for
+      running a test network on a single host.
+    - Actually implement the -s option to tor-gencert.
+    - Add a manual page for tor-gencert.
+
+  o Minor features (bridges):
+    - Bridge authorities no longer serve bridge descriptors over
+      unencrypted connections.
+
+  o Minor features (other):
+    - Add hidden services and DNSPorts to the list of things that make
+      Tor accept that it has running ports. Change starting Tor with no
+      ports from a fatal error to a warning; we might change it back if
+      this turns out to confuse anybody. Fixes bug 579.
+
+
+Changes in version 0.1.2.19 - 2008-01-17
+  Tor 0.1.2.19 fixes a huge memory leak on exit relays, makes the default
+  exit policy a little bit more conservative so it's safer to run an
+  exit relay on a home system, and fixes a variety of smaller issues.
+
+  o Security fixes:
+    - Exit policies now reject connections that are addressed to a
+      relay's public (external) IP address too, unless
+      ExitPolicyRejectPrivate is turned off. We do this because too
+      many relays are running nearby to services that trust them based
+      on network address.
+
+  o Major bugfixes:
+    - When the clock jumps forward a lot, do not allow the bandwidth
+      buckets to become negative. Fixes bug 544.
+    - Fix a memory leak on exit relays; we were leaking a cached_resolve_t
+      on every successful resolve. Reported by Mike Perry.
+    - Purge old entries from the "rephist" database and the hidden
+      service descriptor database even when DirPort is zero.
+    - Stop thinking that 0.1.2.x directory servers can handle "begin_dir"
+      requests. Should ease bugs 406 and 419 where 0.1.2.x relays are
+      crashing or mis-answering these requests.
+    - When we decide to send a 503 response to a request for servers, do
+      not then also send the server descriptors: this defeats the whole
+      purpose. Fixes bug 539.
+
+  o Minor bugfixes:
+    - Changing the ExitPolicyRejectPrivate setting should cause us to
+      rebuild our server descriptor.
+    - Fix handling of hex nicknames when answering controller requests for
+      networkstatus by name, or when deciding whether to warn about
+      unknown routers in a config option. (Patch from mwenge.)
+    - Fix a couple of hard-to-trigger autoconf problems that could result
+      in really weird results on platforms whose sys/types.h files define
+      nonstandard integer types.
+    - Don't try to create the datadir when running --verify-config or
+      --hash-password. Resolves bug 540.
+    - If we were having problems getting a particular descriptor from the
+      directory caches, and then we learned about a new descriptor for
+      that router, we weren't resetting our failure count. Reported
+      by lodger.
+    - Although we fixed bug 539 (where servers would send HTTP status 503
+      responses _and_ send a body too), there are still servers out there
+      that haven't upgraded. Therefore, make clients parse such bodies
+      when they receive them.
+    - Run correctly on systems where rlim_t is larger than unsigned long.
+      This includes some 64-bit systems.
+    - Run correctly on platforms (like some versions of OS X 10.5) where
+      the real limit for number of open files is OPEN_FILES, not rlim_max
+      from getrlimit(RLIMIT_NOFILES).
+    - Avoid a spurious free on base64 failure.
+    - Avoid segfaults on certain complex invocations of
+      router_get_by_hexdigest().
+    - Fix rare bug on REDIRECTSTREAM control command when called with no
+      port set: it could erroneously report an error when none had
+      happened.
+
+
+Changes in version 0.2.0.15-alpha - 2007-12-25
+  Tor 0.2.0.14-alpha and 0.2.0.15-alpha fix a bunch of bugs with the
+  features added in 0.2.0.13-alpha.
+
+  o Major bugfixes:
+    - Fix several remotely triggerable asserts based on DirPort requests
+      for a v2 or v3 networkstatus object before we were prepared. This
+      was particularly bad for 0.2.0.13 and later bridge relays, who
+      would never have a v2 networkstatus and would thus always crash
+      when used. Bugfixes on 0.2.0.x.
+    - Estimate the v3 networkstatus size more accurately, rather than
+      estimating it at zero bytes and giving it artificially high priority
+      compared to other directory requests. Bugfix on 0.2.0.x.
+
+  o Minor bugfixes:
+    - Fix configure.in logic for cross-compilation.
+    - When we load a bridge descriptor from the cache, and it was
+      previously unreachable, mark it as retriable so we won't just
+      ignore it. Also, try fetching a new copy immediately. Bugfixes
+      on 0.2.0.13-alpha.
+    - The bridge GeoIP stats were counting other relays, for example
+      self-reachability and authority-reachability tests.
+
+  o Minor features:
+    - Support compilation to target iPhone; patch from cjacker huang.
+      To build for iPhone, pass the --enable-iphone option to configure.
+
+
+Changes in version 0.2.0.14-alpha - 2007-12-23
+  o Major bugfixes:
+    - Fix a crash on startup if you install Tor 0.2.0.13-alpha fresh
+      without a datadirectory from a previous Tor install. Reported
+      by Zax.
+    - Fix a crash when we fetch a descriptor that turns out to be
+      unexpected (it used to be in our networkstatus when we started
+      fetching it, but it isn't in our current networkstatus), and we
+      aren't using bridges. Bugfix on 0.2.0.x.
+    - Fix a crash when accessing hidden services: it would work the first
+      time you use a given introduction point for your service, but
+      on subsequent requests we'd be using garbage memory. Fixed by
+      Karsten Loesing. Bugfix on 0.2.0.13-alpha.
+    - Fix a crash when we load a bridge descriptor from disk but we don't
+      currently have a Bridge line for it in our torrc. Bugfix on
+      0.2.0.13-alpha.
+
+  o Major features:
+    - If bridge authorities set BridgePassword, they will serve a
+      snapshot of known bridge routerstatuses from their DirPort to
+      anybody who knows that password. Unset by default.
+
+  o Minor bugfixes:
+    - Make the unit tests build again.
+    - Make "GETINFO/desc-annotations/id/" actually work.
+    - Make PublishServerDescriptor default to 1, so the default doesn't
+      have to change as we invent new directory protocol versions.
+    - Fix test for rlim_t on OSX 10.3: sys/resource.h doesn't want to
+      be included unless sys/time.h is already included. Fixes
+      bug 553. Bugfix on 0.2.0.x.
+    - If we receive a general-purpose descriptor and then receive an
+      identical bridge-purpose descriptor soon after, don't discard
+      the next one as a duplicate.
+
+  o Minor features:
+    - If BridgeRelay is set to 1, then the default for
+      PublishServerDescriptor is now "bridge" rather than "v2,v3".
+    - If the user sets RelayBandwidthRate but doesn't set
+      RelayBandwidthBurst, then make them equal rather than erroring out.
+
+
+Changes in version 0.2.0.13-alpha - 2007-12-21
+  Tor 0.2.0.13-alpha adds a fourth v3 directory authority run by Geoff
+  Goodell, fixes many more bugs, and adds a lot of infrastructure for
+  upcoming features.
+
+  o New directory authorities:
+    - Set up lefkada (run by Geoff Goodell) as the fourth v3 directory
+      authority.
+
+  o Major bugfixes:
+    - Only update guard status (usable / not usable) once we have
+      enough directory information. This was causing us to always pick
+      two new guards on startup (bugfix on 0.2.0.9-alpha), and it was
+      causing us to discard all our guards on startup if we hadn't been
+      running for a few weeks (bugfix on 0.1.2.x). Fixes bug 448.
+    - Purge old entries from the "rephist" database and the hidden
+      service descriptor databases even when DirPort is zero. Bugfix
+      on 0.1.2.x.
+    - We were ignoring our RelayBandwidthRate for the first 30 seconds
+      after opening a circuit -- even a relayed circuit. Bugfix on
+      0.2.0.3-alpha.
+    - Stop thinking that 0.1.2.x directory servers can handle "begin_dir"
+      requests. Should ease bugs 406 and 419 where 0.1.2.x relays are
+      crashing or mis-answering these types of requests.
+    - Relays were publishing their server descriptor to v1 and v2
+      directory authorities, but they didn't try publishing to v3-only
+      authorities. Fix this; and also stop publishing to v1 authorities.
+      Bugfix on 0.2.0.x.
+    - When we were reading router descriptors from cache, we were ignoring
+      the annotations -- so for example we were reading in bridge-purpose
+      descriptors as general-purpose descriptors. Bugfix on 0.2.0.8-alpha.
+    - When we decided to send a 503 response to a request for servers, we
+      were then also sending the server descriptors: this defeats the
+      whole purpose. Fixes bug 539; bugfix on 0.1.2.x.
+
+  o Major features:
+    - Bridge relays now behave like clients with respect to time
+      intervals for downloading new consensus documents -- otherwise they
+      stand out. Bridge users now wait until the end of the interval,
+      so their bridge relay will be sure to have a new consensus document.
+    - Three new config options (AlternateDirAuthority,
+      AlternateBridgeAuthority, and AlternateHSAuthority) that let the
+      user selectively replace the default directory authorities by type,
+      rather than the all-or-nothing replacement that DirServer offers.
+    - Tor can now be configured to read a GeoIP file from disk in one
+      of two formats. This can be used by controllers to map IP addresses
+      to countries. Eventually, it may support exit-by-country.
+    - When possible, bridge relays remember which countries users
+      are coming from, and report aggregate information in their
+      extra-info documents, so that the bridge authorities can learn
+      where Tor is blocked.
+    - Bridge directory authorities now do reachability testing on the
+      bridges they know. They provide router status summaries to the
+      controller via "getinfo ns/purpose/bridge", and also dump summaries
+      to a file periodically.
+    - Stop fetching directory info so aggressively if your DirPort is
+      on but your ORPort is off; stop fetching v2 dir info entirely.
+      You can override these choices with the new FetchDirInfoEarly
+      config option.
+
+  o Minor bugfixes:
+    - The fix in 0.2.0.12-alpha cleared the "hsdir" flag in v3 network
+      consensus documents when there are too many relays at a single
+      IP address. Now clear it in v2 network status documents too, and
+      also clear it in routerinfo_t when the relay is no longer listed
+      in the relevant networkstatus document.
+    - Don't crash if we get an unexpected value for the
+      PublishServerDescriptor config option. Reported by Matt Edman;
+      bugfix on 0.2.0.9-alpha.
+    - Our new v2 hidden service descriptor format allows descriptors
+      that have no introduction points. But Tor crashed when we tried
+      to build a descriptor with no intro points (and it would have
+      crashed if we had tried to parse one). Bugfix on 0.2.0.x; patch
+      by Karsten Loesing.
+    - Fix building with dmalloc 5.5.2 with glibc.
+    - Reject uploaded descriptors and extrainfo documents if they're
+      huge. Otherwise we'll cache them all over the network and it'll
+      clog everything up. Reported by Aljosha Judmayer.
+    - Check for presence of s6_addr16 and s6_addr32 fields in in6_addr
+      via autoconf. Should fix compile on solaris. Bugfix on 0.2.0.x.
+    - When the DANGEROUS_VERSION controller status event told us we're
+      running an obsolete version, it used the string "OLD" to describe
+      it. Yet the "getinfo" interface used the string "OBSOLETE". Now use
+      "OBSOLETE" in both cases. Bugfix on 0.1.2.x.
+    - If we can't expand our list of entry guards (e.g. because we're
+      using bridges or we have StrictEntryNodes set), don't mark relays
+      down when they fail a directory request. Otherwise we're too quick
+      to mark all our entry points down. Bugfix on 0.1.2.x.
+    - Fix handling of hex nicknames when answering controller requests for
+      networkstatus by name, or when deciding whether to warn about unknown
+      routers in a config option. Bugfix on 0.1.2.x. (Patch from mwenge.)
+    - Fix a couple of hard-to-trigger autoconf problems that could result
+      in really weird results on platforms whose sys/types.h files define
+      nonstandard integer types. Bugfix on 0.1.2.x.
+    - Fix compilation with --disable-threads set. Bugfix on 0.2.0.x.
+    - Don't crash on name lookup when we have no current consensus. Fixes
+      bug 538; bugfix on 0.2.0.x.
+    - Only Tors that want to mirror the v2 directory info should
+      create the "cached-status" directory in their datadir. (All Tors
+      used to create it.) Bugfix on 0.2.0.9-alpha.
+    - Directory authorities should only automatically download Extra Info
+      documents if they're v1, v2, or v3 authorities. Bugfix on 0.1.2.x.
+
+  o Minor features:
+    - On the USR1 signal, when dmalloc is in use, log the top 10 memory
+      consumers. (We already do this on HUP.)
+    - Authorities and caches fetch the v2 networkstatus documents
+      less often, now that v3 is encouraged.
+    - Add a new config option BridgeRelay that specifies you want to
+      be a bridge relay. Right now the only difference is that it makes
+      you answer begin_dir requests, and it makes you cache dir info,
+      even if your DirPort isn't on.
+    - Add "GETINFO/desc-annotations/id/" so controllers can
+      ask about source, timestamp of arrival, purpose, etc. We need
+      something like this to help Vidalia not do GeoIP lookups on bridge
+      addresses.
+    - Allow multiple HashedControlPassword config lines, to support
+      multiple controller passwords.
+    - Authorities now decide whether they're authoritative for a given
+      router based on the router's purpose.
+    - New config options AuthDirBadDir and AuthDirListBadDirs for
+      authorities to mark certain relays as "bad directories" in the
+      networkstatus documents. Also supports the "!baddir" directive in
+      the approved-routers file.
+
+
+Changes in version 0.2.0.12-alpha - 2007-11-16
+  This twelfth development snapshot fixes some more build problems as
+  well as a few minor bugs.
+
+  o Compile fixes:
+    - Make it build on OpenBSD again. Patch from tup.
+    - Substitute BINDIR and LOCALSTATEDIR in scripts. Fixes
+      package-building for Red Hat, OS X, etc.
+
+  o Minor bugfixes (on 0.1.2.x):
+    - Changing the ExitPolicyRejectPrivate setting should cause us to
+      rebuild our server descriptor.
+
+  o Minor bugfixes (on 0.2.0.x):
+    - When we're lacking a consensus, don't try to perform rendezvous
+      operations. Reported by Karsten Loesing.
+    - Fix a small memory leak whenever we decide against using a
+      newly picked entry guard. Reported by Mike Perry.
+    - When authorities detected more than two relays running on the same
+      IP address, they were clearing all the status flags but forgetting
+      to clear the "hsdir" flag. So clients were being told that a
+      given relay was the right choice for a v2 hsdir lookup, yet they
+      never had its descriptor because it was marked as 'not running'
+      in the consensus.
+    - If we're trying to fetch a bridge descriptor and there's no way
+      the bridge authority could help us (for example, we don't know
+      a digest, or there is no bridge authority), don't be so eager to
+      fall back to asking the bridge authority.
+    - If we're using bridges or have strictentrynodes set, and our
+      chosen exit is in the same family as all our bridges/entry guards,
+      then be flexible about families.
+
+  o Minor features:
+    - When we negotiate a v2 link-layer connection (not yet implemented),
+      accept RELAY_EARLY cells and turn them into RELAY cells if we've
+      negotiated a v1 connection for their next step. Initial code for
+      proposal 110.
+
+
+Changes in version 0.2.0.11-alpha - 2007-11-12
+  This eleventh development snapshot fixes some build problems with
+  the previous snapshot. It also includes a more secure-by-default exit
+  policy for relays, fixes an enormous memory leak for exit relays, and
+  fixes another bug where servers were falling out of the directory list.
+
+  o Security fixes:
+    - Exit policies now reject connections that are addressed to a
+      relay's public (external) IP address too, unless
+      ExitPolicyRejectPrivate is turned off. We do this because too
+      many relays are running nearby to services that trust them based
+      on network address. Bugfix on 0.1.2.x.
+
+  o Major bugfixes:
+    - Fix a memory leak on exit relays; we were leaking a cached_resolve_t
+      on every successful resolve. Reported by Mike Perry; bugfix
+      on 0.1.2.x.
+    - On authorities, never downgrade to old router descriptors simply
+      because they're listed in the consensus. This created a catch-22
+      where we wouldn't list a new descriptor because there was an
+      old one in the consensus, and we couldn't get the new one in the
+      consensus because we wouldn't list it. Possible fix for bug 548.
+      Also, this might cause bug 543 to appear on authorities; if so,
+      we'll need a band-aid for that. Bugfix on 0.2.0.9-alpha.
+
+  o Packaging fixes on 0.2.0.10-alpha:
+    - We were including instructions about what to do with the
+      src/config/fallback-consensus file, but we weren't actually
+      including it in the tarball. Disable all of that for now.
+
+  o Minor features:
+    - Allow people to say PreferTunnelledDirConns rather than
+      PreferTunneledDirConns, for those alternate-spellers out there.
+
+  o Minor bugfixes:
+    - Don't reevaluate all the information from our consensus document
+      just because we've downloaded a v2 networkstatus that we intend
+      to cache. Fixes bug 545; bugfix on 0.2.0.x.
+
+
+Changes in version 0.2.0.10-alpha - 2007-11-10
+  This tenth development snapshot adds a third v3 directory authority
+  run by Mike Perry, adds most of Karsten Loesing's new hidden service
+  descriptor format, fixes a bad crash bug and new bridge bugs introduced
+  in 0.2.0.9-alpha, fixes many bugs with the v3 directory implementation,
+  fixes some minor memory leaks in previous 0.2.0.x snapshots, and
+  addresses many more minor issues.
+
+  o New directory authorities:
+    - Set up ides (run by Mike Perry) as the third v3 directory authority.
+
+  o Major features:
+    - Allow tunnelled directory connections to ask for an encrypted
+      "begin_dir" connection or an anonymized "uses a full Tor circuit"
+      connection independently. Now we can make anonymized begin_dir
+      connections for (e.g.) more secure hidden service posting and
+      fetching.
+    - More progress on proposal 114: code from Karsten Loesing to
+      implement new hidden service descriptor format.
+    - Raise the default BandwidthRate/BandwidthBurst to 5MB/10MB, to
+      accommodate the growing number of servers that use the default
+      and are reaching it.
+    - Directory authorities use a new formula for selecting which nodes
+      to advertise as Guards: they must be in the top 7/8 in terms of
+      how long we have known about them, and above the median of those
+      nodes in terms of weighted fractional uptime.
+    - Make "not enough dir info yet" warnings describe *why* Tor feels
+      it doesn't have enough directory info yet.
+
+  o Major bugfixes:
+    - Stop servers from crashing if they set a Family option (or
+      maybe in other situations too). Bugfix on 0.2.0.9-alpha; reported
+      by Fabian Keil.
+    - Make bridge users work again -- the move to v3 directories in
+      0.2.0.9-alpha had introduced a number of bugs that made bridges
+      no longer work for clients.
+    - When the clock jumps forward a lot, do not allow the bandwidth
+      buckets to become negative. Bugfix on 0.1.2.x; fixes bug 544.
+
+  o Major bugfixes (v3 dir, bugfixes on 0.2.0.9-alpha):
+    - When the consensus lists a router descriptor that we previously were
+      mirroring, but that we considered non-canonical, reload the
+      descriptor as canonical. This fixes bug 543 where Tor servers
+      would start complaining after a few days that they don't have
+      enough directory information to build a circuit.
+    - Consider replacing the current consensus when certificates arrive
+      that make the pending consensus valid. Previously, we were only
+      considering replacement when the new certs _didn't_ help.
+    - Fix an assert error on startup if we didn't already have the
+      consensus and certs cached in our datadirectory: we were caching
+      the consensus in consensus_waiting_for_certs but then free'ing it
+      right after.
+    - Avoid sending a request for "keys/fp" (for which we'll get a 400 Bad
+      Request) if we need more v3 certs but we've already got pending
+      requests for all of them.
+    - Correctly back off from failing certificate downloads. Fixes
+      bug 546.
+    - Authorities don't vote on the Running flag if they have been running
+      for less than 30 minutes themselves. Fixes bug 547, where a newly
+      started authority would vote that everyone was down.
+
+  o New requirements:
+    - Drop support for OpenSSL version 0.9.6. Just about nobody was using
+      it, it had no AES, and it hasn't seen any security patches since
+      2004.
+
+  o Minor features:
+    - Clients now hold circuitless TLS connections open for 1.5 times
+      MaxCircuitDirtiness (15 minutes), since it is likely that they'll
+      rebuild a new circuit over them within that timeframe. Previously,
+      they held them open only for KeepalivePeriod (5 minutes).
+    - Use "If-Modified-Since" to avoid retrieving consensus
+      networkstatuses that we already have.
+    - When we have no consensus, check FallbackNetworkstatusFile (defaults
+      to $PREFIX/share/tor/fallback-consensus) for a consensus. This way
+      we start knowing some directory caches.
+    - When we receive a consensus from the future, warn about skew.
+    - Improve skew reporting: try to give the user a better log message
+      about how skewed they are, and how much this matters.
+    - When we have a certificate for an authority, believe that
+      certificate's claims about the authority's IP address.
+    - New --quiet command-line option to suppress the default console log.
+      Good in combination with --hash-password.
+    - Authorities send back an X-Descriptor-Not-New header in response to
+      an accepted-but-discarded descriptor upload. Partially implements
+      fix for bug 535.
+    - Make the log message for "tls error. breaking." more useful.
+    - Better log messages about certificate downloads, to attempt to
+      track down the second incarnation of bug 546.
+
+  o Minor features (bridges):
+    - If bridge users set UpdateBridgesFromAuthority, but the digest
+      they ask for is a 404 from the bridge authority, they now fall
+      back to trying the bridge directly.
+    - Bridges now use begin_dir to publish their server descriptor to
+      the bridge authority, even when they haven't set TunnelDirConns.
+
+  o Minor features (controller):
+    - When reporting clock skew, and we know that the clock is _at least
+      as skewed_ as some value, but we don't know the actual value,
+      report the value as a "minimum skew."
+
+  o Utilities:
+    - Update linux-tor-prio.sh script to allow QoS based on the uid of
+      the Tor process. Patch from Marco Bonetti with tweaks from Mike
+      Perry.
+
+  o Minor bugfixes:
+    - Refuse to start if both ORPort and UseBridges are set. Bugfix
+      on 0.2.0.x, suggested by Matt Edman.
+    - Don't stop fetching descriptors when FetchUselessDescriptors is
+      set, even if we stop asking for circuits. Bugfix on 0.1.2.x;
+      reported by tup and ioerror.
+    - Better log message on vote from unknown authority.
+    - Don't log "Launching 0 request for 0 router" message.
+
+  o Minor bugfixes (memory leaks):
+    - Stop leaking memory every time we parse a v3 certificate. Bugfix
+      on 0.2.0.1-alpha.
+    - Stop leaking memory every time we load a v3 certificate. Bugfix
+      on 0.2.0.1-alpha. Fixes bug 536.
+    - Stop leaking a cached networkstatus on exit. Bugfix on
+      0.2.0.3-alpha.
+    - Stop leaking voter information every time we free a consensus.
+      Bugfix on 0.2.0.3-alpha.
+    - Stop leaking signed data every time we check a voter signature.
+      Bugfix on 0.2.0.3-alpha.
+    - Stop leaking a signature every time we fail to parse a consensus or
+      a vote. Bugfix on 0.2.0.3-alpha.
+    - Stop leaking v2_download_status_map on shutdown. Bugfix on
+      0.2.0.9-alpha.
+    - Stop leaking conn->nickname every time we make a connection to a
+      Tor relay without knowing its expected identity digest (e.g. when
+      using bridges). Bugfix on 0.2.0.3-alpha.
+
+  - Minor bugfixes (portability):
+    - Run correctly on platforms where rlim_t is larger than unsigned
+      long, and/or where the real limit for number of open files is
+      OPEN_FILES, not rlim_max from getrlimit(RLIMIT_NOFILES). In
+      particular, these may be needed for OS X 10.5.
+
+
+Changes in version 0.1.2.18 - 2007-10-28
+  Tor 0.1.2.18 fixes many problems including crash bugs, problems with
+  hidden service introduction that were causing huge delays, and a big
+  bug that was causing some servers to disappear from the network status
+  lists for a few hours each day.
+
+  o Major bugfixes (crashes):
+    - If a connection is shut down abruptly because of something that
+      happened inside connection_flushed_some(), do not call
+      connection_finished_flushing(). Should fix bug 451:
+      "connection_stop_writing: Assertion conn->write_event failed"
+      Bugfix on 0.1.2.7-alpha.
+    - Fix possible segfaults in functions called from
+      rend_process_relay_cell().
+
+  o Major bugfixes (hidden services):
+    - Hidden services were choosing introduction points uniquely by
+      hexdigest, but when constructing the hidden service descriptor
+      they merely wrote the (potentially ambiguous) nickname.
+    - Clients now use the v2 intro format for hidden service
+      connections: they specify their chosen rendezvous point by identity
+      digest rather than by (potentially ambiguous) nickname. These
+      changes could speed up hidden service connections dramatically.
+
+  o Major bugfixes (other):
+    - Stop publishing a new server descriptor just because we get a
+      HUP signal. This led (in a roundabout way) to some servers getting
+      dropped from the networkstatus lists for a few hours each day.
+    - When looking for a circuit to cannibalize, consider family as well
+      as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
+      circuit cannibalization).
+    - When a router wasn't listed in a new networkstatus, we were leaving
+      the flags for that router alone -- meaning it remained Named,
+      Running, etc -- even though absence from the networkstatus means
+      that it shouldn't be considered to exist at all anymore. Now we
+      clear all the flags for routers that fall out of the networkstatus
+      consensus. Fixes bug 529.
+
+  o Minor bugfixes:
+    - Don't try to access (or alter) the state file when running
+      --list-fingerprint or --verify-config or --hash-password. Resolves
+      bug 499.
+    - When generating information telling us how to extend to a given
+      router, do not try to include the nickname if it is
+      absent. Resolves bug 467.
+    - Fix a user-triggerable segfault in expand_filename(). (There isn't
+      a way to trigger this remotely.)
+    - When sending a status event to the controller telling it that an
+      OR address is reachable, set the port correctly. (Previously we
+      were reporting the dir port.)
+    - Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
+      command. Bugfix on 0.1.2.17.
+    - When loading bandwidth history, do not believe any information in
+      the future. Fixes bug 434.
+    - When loading entry guard information, do not believe any information
+      in the future.
+    - When we have our clock set far in the future and generate an
+      onion key, then re-set our clock to be correct, we should not stop
+      the onion key from getting rotated.
+    - On some platforms, accept() can return a broken address. Detect
+      this more quietly, and deal accordingly. Fixes bug 483.
+    - It's not actually an error to find a non-pending entry in the DNS
+      cache when canceling a pending resolve. Don't log unless stuff
+      is fishy. Resolves bug 463.
+    - Don't reset trusted dir server list when we set a configuration
+      option. Patch from Robert Hogan.
+    - Don't try to create the datadir when running --verify-config or
+      --hash-password. Resolves bug 540.
+
+
+Changes in version 0.2.0.9-alpha - 2007-10-24
+  This ninth development snapshot switches clients to the new v3 directory
+  system; allows servers to be listed in the network status even when they
+  have the same nickname as a registered server; and fixes many other
+  bugs including a big one that was causing some servers to disappear
+  from the network status lists for a few hours each day.
+
+  o Major features (directory system):
+    - Clients now download v3 consensus networkstatus documents instead
+      of v2 networkstatus documents. Clients and caches now base their
+      opinions about routers on these consensus documents. Clients only
+      download router descriptors listed in the consensus.
+    - Authorities now list servers who have the same nickname as
+      a different named server, but list them with a new flag,
+      "Unnamed". Now we can list servers that happen to pick the same
+      nickname as a server that registered two years ago and then
+      disappeared. Partially implements proposal 122.
+    - If the consensus lists a router as "Unnamed", the name is assigned
+      to a different router: do not identify the router by that name.
+      Partially implements proposal 122.
+    - Authorities can now come to a consensus on which method to use to
+      compute the consensus. This gives us forward compatibility.
+
+  o Major bugfixes:
+    - Stop publishing a new server descriptor just because we HUP or
+      when we find our DirPort to be reachable but won't actually publish
+      it. New descriptors without any real changes are dropped by the
+      authorities, and can screw up our "publish every 18 hours" schedule.
+      Bugfix on 0.1.2.x.
+    - When a router wasn't listed in a new networkstatus, we were leaving
+      the flags for that router alone -- meaning it remained Named,
+      Running, etc -- even though absence from the networkstatus means
+      that it shouldn't be considered to exist at all anymore. Now we
+      clear all the flags for routers that fall out of the networkstatus
+      consensus. Fixes bug 529; bugfix on 0.1.2.x.
+    - Fix awful behavior in DownloadExtraInfo option where we'd fetch
+      extrainfo documents and then discard them immediately for not
+      matching the latest router. Bugfix on 0.2.0.1-alpha.
+
+  o Minor features (v3 directory protocol):
+    - Allow tor-gencert to generate a new certificate without replacing
+      the signing key.
+    - Allow certificates to include an address.
+    - When we change our directory-cache settings, reschedule all voting
+      and download operations.
+    - Reattempt certificate downloads immediately on failure, as long as
+      we haven't failed a threshold number of times yet.
+    - Delay retrying consensus downloads while we're downloading
+      certificates to verify the one we just got. Also, count getting a
+      consensus that we already have (or one that isn't valid) as a failure,
+      and count failing to get the certificates after 20 minutes as a
+      failure.
+    - Build circuits and download descriptors even if our consensus is a
+      little expired. (This feature will go away once authorities are
+      more reliable.)
+
+  o Minor features (router descriptor cache):
+    - If we find a cached-routers file that's been sitting around for more
+      than 28 days unmodified, then most likely it's a leftover from
+      when we upgraded to 0.2.0.8-alpha. Remove it. It has no good
+      routers anyway.
+    - When we (as a cache) download a descriptor because it was listed
+      in a consensus, remember when the consensus was supposed to expire,
+      and don't expire the descriptor until then.
+
+  o Minor features (performance):
+    - Call routerlist_remove_old_routers() much less often. This should
+      speed startup, especially on directory caches.
+    - Don't try to launch new descriptor downloads quite so often when we
+      already have enough directory information to build circuits.
+    - Base64 decoding was actually showing up on our profile when parsing
+      the initial descriptor file; switch to an in-process all-at-once
+      implementation that's about 3.5x times faster than calling out to
+      OpenSSL.
+
+  o Minor features (compilation):
+    - Detect non-ASCII platforms (if any still exist) and refuse to
+      build there: some of our code assumes that 'A' is 65 and so on.
+
+  o Minor bugfixes (v3 directory authorities, bugfixes on 0.2.0.x):
+    - Make the "next period" votes into "current period" votes immediately
+      after publishing the consensus; avoid a heisenbug that made them
+      stick around indefinitely.
+    - When we discard a vote as a duplicate, do not report this as
+      an error.
+    - Treat missing v3 keys or certificates as an error when running as a
+      v3 directory authority.
+    - When we're configured to be a v3 authority, but we're only listed
+      as a non-v3 authority in our DirServer line for ourself, correct
+      the listing.
+    - If an authority doesn't have a qualified hostname, just put
+      its address in the vote. This fixes the problem where we referred to
+      "moria on moria:9031."
+    - Distinguish between detached signatures for the wrong period, and
+      detached signatures for a divergent vote.
+    - Fix a small memory leak when computing a consensus.
+    - When there's no consensus, we were forming a vote every 30
+      minutes, but writing the "valid-after" line in our vote based
+      on our configured V3AuthVotingInterval: so unless the intervals
+      matched up, we immediately rejected our own vote because it didn't
+      start at the voting interval that caused us to construct a vote.
+
+  o Minor bugfixes (v3 directory protocol, bugfixes on 0.2.0.x):
+    - Delete unverified-consensus when the real consensus is set.
+    - Consider retrying a consensus networkstatus fetch immediately
+      after one fails: don't wait 60 seconds to notice.
+    - When fetching a consensus as a cache, wait until a newer consensus
+      should exist before trying to replace the current one.
+    - Use a more forgiving schedule for retrying failed consensus
+      downloads than for other types.
+
+  o Minor bugfixes (other directory issues):
+    - Correct the implementation of "download votes by digest." Bugfix on
+      0.2.0.8-alpha.
+    - Authorities no longer send back "400 you're unreachable please fix
+      it" errors to Tor servers that aren't online all the time. We're
+      supposed to tolerate these servers now. Bugfix on 0.1.2.x.
+
+  o Minor bugfixes (controller):
+    - Don't reset trusted dir server list when we set a configuration
+      option. Patch from Robert Hogan; bugfix on 0.1.2.x.
+    - Respond to INT and TERM SIGNAL commands before we execute the
+      signal, in case the signal shuts us down. We had a patch in
+      0.1.2.1-alpha that tried to do this by queueing the response on
+      the connection's buffer before shutting down, but that really
+      isn't the same thing at all. Bug located by Matt Edman.
+
+  o Minor bugfixes (misc):
+    - Correctly check for bad options to the "PublishServerDescriptor"
+      config option. Bugfix on 0.2.0.1-alpha; reported by Matt Edman.
+    - Stop leaking memory on failing case of base32_decode, and make
+      it accept upper-case letters. Bugfixes on 0.2.0.7-alpha.
+    - Don't try to download extrainfo documents when we're trying to
+      fetch enough directory info to build a circuit: having enough
+      info should get priority. Bugfix on 0.2.0.x.
+    - Don't complain that "your server has not managed to confirm that its
+      ports are reachable" if we haven't been able to build any circuits
+      yet. Bug found by spending four hours without a v3 consensus. Bugfix
+      on 0.1.2.x.
+    - Detect the reason for failing to mmap a descriptor file we just
+      wrote, and give a more useful log message. Fixes bug 533. Bugfix
+      on 0.1.2.x.
+
+  o Code simplifications and refactoring:
+    - Remove support for the old bw_accounting file: we've been storing
+      bandwidth accounting information in the state file since
+      0.1.2.5-alpha. This may result in bandwidth accounting errors
+      if you try to upgrade from 0.1.1.x or earlier, or if you try to
+      downgrade to 0.1.1.x or earlier.
+    - New convenience code to locate a file within the DataDirectory.
+    - Move non-authority functionality out of dirvote.c.
+    - Refactor the arguments for router_pick_{directory_|trusteddir}server
+      so that they all take the same named flags.
+
+  o Utilities
+    - Include the "tor-ctrl.sh" bash script by Stefan Behte to provide
+      Unix users an easy way to script their Tor process (e.g. by
+      adjusting bandwidth based on the time of the day).
+
+
+Changes in version 0.2.0.8-alpha - 2007-10-12
+  This eighth development snapshot fixes a crash bug that's been bothering
+  us since February 2007, lets bridge authorities store a list of bridge
+  descriptors they've seen, gets v3 directory voting closer to working,
+  starts caching v3 directory consensus documents on directory mirrors,
+  and fixes a variety of smaller issues including some minor memory leaks.
+
+  o Major features (router descriptor cache):
+    - Store routers in a file called cached-descriptors instead of in
+      cached-routers. Initialize cached-descriptors from cached-routers
+      if the old format is around. The new format allows us to store
+      annotations along with descriptors.
+    - Use annotations to record the time we received each descriptor, its
+      source, and its purpose.
+    - Disable the SETROUTERPURPOSE controller command: it is now
+      obsolete.
+    - Controllers should now specify cache=no or cache=yes when using
+      the +POSTDESCRIPTOR command.
+    - Bridge authorities now write bridge descriptors to disk, meaning
+      we can export them to other programs and begin distributing them
+      to blocked users.
+
+  o Major features (directory authorities):
+    - When a v3 authority is missing votes or signatures, it now tries
+      to fetch them.
+    - Directory authorities track weighted fractional uptime as well as
+      weighted mean-time-between failures. WFU is suitable for deciding
+      whether a node is "usually up", while MTBF is suitable for deciding
+      whether a node is "likely to stay up." We need both, because
+      "usually up" is a good requirement for guards, while "likely to
+      stay up" is a good requirement for long-lived connections.
+
+  o Major features (v3 directory system):
+    - Caches now download v3 network status documents as needed,
+      and download the descriptors listed in them.
+    - All hosts now attempt to download and keep fresh v3 authority
+      certificates, and re-attempt after failures.
+    - More internal-consistency checks for vote parsing.
+
+  o Major bugfixes (crashes):
+    - If a connection is shut down abruptly because of something that
+      happened inside connection_flushed_some(), do not call
+      connection_finished_flushing(). Should fix bug 451. Bugfix on
+      0.1.2.7-alpha.
+
+  o Major bugfixes (performance):
+    - Fix really bad O(n^2) performance when parsing a long list of
+      routers: Instead of searching the entire list for an "extra-info "
+      string which usually wasn't there, once for every routerinfo
+      we read, just scan lines forward until we find one we like.
+      Bugfix on 0.2.0.1.
+    - When we add data to a write buffer in response to the data on that
+      write buffer getting low because of a flush, do not consider the
+      newly added data as a candidate for immediate flushing, but rather
+      make it wait until the next round of writing. Otherwise, we flush
+      and refill recursively, and a single greedy TLS connection can
+      eat all of our bandwidth. Bugfix on 0.1.2.7-alpha.
+
+  o Minor features (v3 authority system):
+    - Add more ways for tools to download the votes that lead to the
+      current consensus.
+    - Send a 503 when low on bandwidth and a vote, consensus, or
+      certificate is requested.
+    - If-modified-since is now implemented properly for all kinds of
+      certificate requests.
+
+  o Minor bugfixes (network statuses):
+    - Tweak the implementation of proposal 109 slightly: allow at most
+      two Tor servers on the same IP address, except if it's the location
+      of a directory authority, in which case allow five. Bugfix on
+      0.2.0.3-alpha.
+
+  o Minor bugfixes (controller):
+    - When sending a status event to the controller telling it that an
+      OR address is reachable, set the port correctly. (Previously we
+      were reporting the dir port.) Bugfix on 0.1.2.x.
+
+  o Minor bugfixes (v3 directory system):
+    - Fix logic to look up a cert by its signing key digest. Bugfix on
+      0.2.0.7-alpha.
+    - Only change the reply to a vote to "OK" if it's not already
+      set. This gets rid of annoying "400 OK" log messages, which may
+      have been masking some deeper issue. Bugfix on 0.2.0.7-alpha.
+    - When we get a valid consensus, recompute the voting schedule.
+    - Base the valid-after time of a vote on the consensus voting
+      schedule, not on our preferred schedule.
+    - Make the return values and messages from signature uploads and
+      downloads more sensible.
+    - Fix a memory leak when serving votes and consensus documents, and
+      another when serving certificates.
+
+  o Minor bugfixes (performance):
+    - Use a slightly simpler string hashing algorithm (copying Python's
+      instead of Java's) and optimize our digest hashing algorithm to take
+      advantage of 64-bit platforms and to remove some possibly-costly
+      voodoo.
+    - Fix a minor memory leak whenever we parse guards from our state
+      file. Bugfix on 0.2.0.7-alpha.
+    - Fix a minor memory leak whenever we write out a file. Bugfix on
+      0.2.0.7-alpha.
+    - Fix a minor memory leak whenever a controller sends the PROTOCOLINFO
+      command. Bugfix on 0.2.0.5-alpha.
+
+  o Minor bugfixes (portability):
+    - On some platforms, accept() can return a broken address. Detect
+      this more quietly, and deal accordingly. Fixes bug 483.
+    - Stop calling tor_strlower() on uninitialized memory in some cases.
+      Bugfix in 0.2.0.7-alpha.
+
+  o Minor bugfixes (usability):
+    - Treat some 403 responses from directory servers as INFO rather than
+      WARN-severity events.
+    - It's not actually an error to find a non-pending entry in the DNS
+      cache when canceling a pending resolve. Don't log unless stuff is
+      fishy. Resolves bug 463.
+
+  o Minor bugfixes (anonymity):
+    - Never report that we've used more bandwidth than we're willing to
+      relay: it leaks how much non-relay traffic we're using. Resolves
+      bug 516.
+    - When looking for a circuit to cannibalize, consider family as well
+      as identity. Fixes bug 438. Bugfix on 0.1.0.x (which introduced
+      circuit cannibalization).
+
+  o Code simplifications and refactoring:
+    - Make a bunch of functions static. Remove some dead code.
+    - Pull out about a third of the really big routerlist.c; put it in a
+      new module, networkstatus.c.
+    - Merge the extra fields in local_routerstatus_t back into
+      routerstatus_t: we used to need one routerstatus_t for each
+      authority's opinion, plus a local_routerstatus_t for the locally
+      computed consensus opinion. To save space, we put the locally
+      modified fields into local_routerstatus_t, and only the common
+      stuff into routerstatus_t. But once v3 directories are in use,
+      clients and caches will no longer need to hold authority opinions;
+      thus, the rationale for keeping the types separate is now gone.
+    - Make the code used to reschedule and reattempt downloads more
+      uniform.
+    - Turn all 'Are we a directory server/mirror?' logic into a call to
+      dirserver_mode().
+    - Remove the code to generate the oldest (v1) directory format.
+      The code has been disabled since 0.2.0.5-alpha.
+
+
+Changes in version 0.2.0.7-alpha - 2007-09-21
+  This seventh development snapshot makes bridges work again, makes bridge
+  authorities work for the first time, fixes two huge performance flaws
+  in hidden services, and fixes a variety of minor issues.
+
+  o New directory authorities:
+    - Set up moria1 and tor26 as the first v3 directory authorities. See
+      doc/spec/dir-spec.txt for details on the new directory design.
+
+  o Major bugfixes (crashes):
+    - Fix possible segfaults in functions called from
+      rend_process_relay_cell(). Bugfix on 0.1.2.x.
+
+  o Major bugfixes (bridges):
+    - Fix a bug that made servers send a "404 Not found" in response to
+      attempts to fetch their server descriptor. This caused Tor servers
+      to take many minutes to establish reachability for their DirPort,
+      and it totally crippled bridges. Bugfix on 0.2.0.5-alpha.
+    - Make "UpdateBridgesFromAuthority" torrc option work: when bridge
+      users configure that and specify a bridge with an identity
+      fingerprint, now they will lookup the bridge descriptor at the
+      default bridge authority via a one-hop tunnel, but once circuits
+      are established they will switch to a three-hop tunnel for later
+      connections to the bridge authority. Bugfix in 0.2.0.3-alpha.
+
+  o Major bugfixes (hidden services):
+    - Hidden services were choosing introduction points uniquely by
+      hexdigest, but when constructing the hidden service descriptor
+      they merely wrote the (potentially ambiguous) nickname.
+    - Clients now use the v2 intro format for hidden service
+      connections: they specify their chosen rendezvous point by identity
+      digest rather than by (potentially ambiguous) nickname. Both
+      are bugfixes on 0.1.2.x, and they could speed up hidden service
+      connections dramatically. Thanks to Karsten Loesing.
+
+  o Minor features (security):
+    - As a client, do not believe any server that tells us that an
+      address maps to an internal address space.
+    - Make it possible to enable HashedControlPassword and
+      CookieAuthentication at the same time.
+
+  o Minor features (guard nodes):
+    - Tag every guard node in our state file with the version that
+      we believe added it, or with our own version if we add it. This way,
+      if a user temporarily runs an old version of Tor and then switches
+      back to a new one, she doesn't automatically lose her guards.
+
+  o Minor features (speed):
+    - When implementing AES counter mode, update only the portions of the
+      counter buffer that need to change, and don't keep separate
+      network-order and host-order counters when they are the same (i.e.,
+      on big-endian hosts.)
+
+  o Minor features (controller):
+    - Accept LF instead of CRLF on controller, since some software has a
+      hard time generating real Internet newlines.
+    - Add GETINFO values for the server status events
+      "REACHABILITY_SUCCEEDED" and "GOOD_SERVER_DESCRIPTOR". Patch from
+      Robert Hogan.
+
+  o Removed features:
+     - Routers no longer include bandwidth-history lines in their
+       descriptors; this information is already available in extra-info
+       documents, and including it in router descriptors took up 60%
+       (!) of compressed router descriptor downloads. Completes
+       implementation of proposal 104.
+     - Remove the contrib scripts ExerciseServer.py, PathDemo.py,
+       and TorControl.py, as they use the old v0 controller protocol,
+       and are obsoleted by TorFlow anyway.
+     - Drop support for v1 rendezvous descriptors, since we never used
+       them anyway, and the code has probably rotted by now. Based on
+       patch from Karsten Loesing.
+     - On OSX, stop warning the user that kqueue support in libevent is
+      "experimental", since it seems to have worked fine for ages.
+
+  o Minor bugfixes:
+    - When generating information telling us how to extend to a given
+      router, do not try to include the nickname if it is absent. Fixes
+      bug 467. Bugfix on 0.2.0.3-alpha.
+    - Fix a user-triggerable (but not remotely-triggerable) segfault
+      in expand_filename(). Bugfix on 0.1.2.x.
+    - Fix a memory leak when freeing incomplete requests from DNSPort.
+      Found by Niels Provos with valgrind. Bugfix on 0.2.0.1-alpha.
+    - Don't try to access (or alter) the state file when running
+      --list-fingerprint or --verify-config or --hash-password. (Resolves
+      bug 499.) Bugfix on 0.1.2.x.
+    - Servers used to decline to publish their DirPort if their
+      BandwidthRate, RelayBandwidthRate, or MaxAdvertisedBandwidth
+      were below a threshold. Now they only look at BandwidthRate and
+      RelayBandwidthRate. Bugfix on 0.1.2.x.
+    - Remove an optimization in the AES counter-mode code that assumed
+      that the counter never exceeded 2^68. When the counter can be set
+      arbitrarily as an IV (as it is by Karsten's new hidden services
+      code), this assumption no longer holds. Bugfix on 0.1.2.x.
+    - Resume listing "AUTHORITY" flag for authorities in network status.
+      Bugfix on 0.2.0.3-alpha; reported by Alex de Joode.
+
+  o Code simplifications and refactoring:
+    - Revamp file-writing logic so we don't need to have the entire
+      contents of a file in memory at once before we write to disk. Tor,
+      meet stdio.
+    - Turn "descriptor store" into a full-fledged type.
+    - Move all NT services code into a separate source file.
+    - Unify all code that computes medians, percentile elements, etc.
+    - Get rid of a needless malloc when parsing address policies.
+
+
+Changes in version 0.1.2.17 - 2007-08-30
+  Tor 0.1.2.17 features a new Vidalia version in the Windows and OS
+  X bundles. Vidalia 0.0.14 makes authentication required for the
+  ControlPort in the default configuration, which addresses important
+  security risks. Everybody who uses Vidalia (or another controller)
+  should upgrade.
+
+  In addition, this Tor update fixes major load balancing problems with
+  path selection, which should speed things up a lot once many people
+  have upgraded.
+
+  o Major bugfixes (security):
+    - We removed support for the old (v0) control protocol. It has been
+      deprecated since Tor 0.1.1.1-alpha, and keeping it secure has
+      become more of a headache than it's worth.
+
+  o Major bugfixes (load balancing):
+    - When choosing nodes for non-guard positions, weight guards
+      proportionally less, since they already have enough load. Patch
+      from Mike Perry.
+    - Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This
+      will allow fast Tor servers to get more attention.
+    - When we're upgrading from an old Tor version, forget our current
+      guards and pick new ones according to the new weightings. These
+      three load balancing patches could raise effective network capacity
+      by a factor of four. Thanks to Mike Perry for measurements.
+
+  o Major bugfixes (stream expiration):
+    - Expire not-yet-successful application streams in all cases if
+      they've been around longer than SocksTimeout. Right now there are
+      some cases where the stream will live forever, demanding a new
+      circuit every 15 seconds. Fixes bug 454; reported by lodger.
+
+  o Minor features (controller):
+    - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
+      is valid before any authentication has been received. It tells
+      a controller what kind of authentication is expected, and what
+      protocol is spoken. Implements proposal 119.
+
+  o Minor bugfixes (performance):
+    - Save on most routerlist_assert_ok() calls in routerlist.c, thus
+      greatly speeding up loading cached-routers from disk on startup.
+    - Disable sentinel-based debugging for buffer code: we squashed all
+      the bugs that this was supposed to detect a long time ago, and now
+      its only effect is to change our buffer sizes from nice powers of
+      two (which platform mallocs tend to like) to values slightly over
+      powers of two (which make some platform mallocs sad).
+
+  o Minor bugfixes (misc):
+    - If exit bandwidth ever exceeds one third of total bandwidth, then
+      use the correct formula to weight exit nodes when choosing paths.
+      Based on patch from Mike Perry.
+    - Choose perfectly fairly among routers when choosing by bandwidth and
+      weighting by fraction of bandwidth provided by exits. Previously, we
+      would choose with only approximate fairness, and correct ourselves
+      if we ran off the end of the list.
+    - If we require CookieAuthentication but we fail to write the
+      cookie file, we would warn but not exit, and end up in a state
+      where no controller could authenticate. Now we exit.
+    - If we require CookieAuthentication, stop generating a new cookie
+      every time we change any piece of our config.
+    - Refuse to start with certain directory authority keys, and
+      encourage people using them to stop.
+    - Terminate multi-line control events properly. Original patch
+      from tup.
+    - Fix a minor memory leak when we fail to find enough suitable
+      servers to choose a circuit.
+    - Stop leaking part of the descriptor when we run into a particularly
+      unparseable piece of it.
+
+
+Changes in version 0.2.0.6-alpha - 2007-08-26
+  This sixth development snapshot features a new Vidalia version in the
+  Windows and OS X bundles. Vidalia 0.0.14 makes authentication required for
+  the ControlPort in the default configuration, which addresses important
+  security risks.
+
+  In addition, this snapshot fixes major load balancing problems
+  with path selection, which should speed things up a lot once many
+  people have upgraded. The directory authorities also use a new
+  mean-time-between-failure approach to tracking which servers are stable,
+  rather than just looking at the most recent uptime.
+
+  o New directory authorities:
+    - Set up Tonga as the default bridge directory authority.
+
+  o Major features:
+    - Directory authorities now track servers by weighted
+      mean-times-between-failures. When we have 4 or more days of data,
+      use measured MTBF rather than declared uptime to decide whether
+      to call a router Stable. Implements proposal 108.
+
+  o Major bugfixes (load balancing):
+    - When choosing nodes for non-guard positions, weight guards
+      proportionally less, since they already have enough load. Patch
+      from Mike Perry.
+    - Raise the "max believable bandwidth" from 1.5MB/s to 10MB/s. This
+      will allow fast Tor servers to get more attention.
+    - When we're upgrading from an old Tor version, forget our current
+      guards and pick new ones according to the new weightings. These
+      three load balancing patches could raise effective network capacity
+      by a factor of four. Thanks to Mike Perry for measurements.
+
+  o Major bugfixes (descriptor parsing):
+    - Handle unexpected whitespace better in malformed descriptors. Bug
+      found using Benedikt Boss's new Tor fuzzer! Bugfix on 0.2.0.x.
+
+  o Minor features:
+    - There is now an ugly, temporary "desc/all-recent-extrainfo-hack"
+      GETINFO for Torstat to use until it can switch to using extrainfos.
+    - Optionally (if built with -DEXPORTMALLINFO) export the output
+      of mallinfo via http, as tor/mallinfo.txt. Only accessible
+      from localhost.
+
+  o Minor bugfixes:
+    - Do not intermix bridge routers with controller-added
+      routers. (Bugfix on 0.2.0.x)
+    - Do not fail with an assert when accept() returns an unexpected
+      address family. Addresses but does not wholly fix bug 483. (Bugfix
+      on 0.2.0.x)
+    - Let directory authorities startup even when they can't generate
+      a descriptor immediately, e.g. because they don't know their
+      address.
+    - Stop putting the authentication cookie in a file called "0"
+      in your working directory if you don't specify anything for the
+      new CookieAuthFile option. Reported by Matt Edman.
+    - Make it possible to read the PROTOCOLINFO response in a way that
+      conforms to our control-spec. Reported by Matt Edman.
+    - Fix a minor memory leak when we fail to find enough suitable
+      servers to choose a circuit. Bugfix on 0.1.2.x.
+    - Stop leaking part of the descriptor when we run into a particularly
+      unparseable piece of it. Bugfix on 0.1.2.x.
+    - Unmap the extrainfo cache file on exit.
+
+
+Changes in version 0.2.0.5-alpha - 2007-08-19
+  This fifth development snapshot fixes compilation on Windows again;
+  fixes an obnoxious client-side bug that slowed things down and put
+  extra load on the network; gets us closer to using the v3 directory
+  voting scheme; makes it easier for Tor controllers to use cookie-based
+  authentication; and fixes a variety of other bugs.
+
+  o Removed features:
+    - Version 1 directories are no longer generated in full. Instead,
+      authorities generate and serve "stub" v1 directories that list
+      no servers. This will stop Tor versions 0.1.0.x and earlier from
+      working, but (for security reasons) nobody should be running those
+      versions anyway.
+
+  o Major bugfixes (compilation, 0.2.0.x):
+    - Try to fix Win32 compilation again: improve checking for IPv6 types.
+    - Try to fix MSVC compilation: build correctly on platforms that do
+      not define s6_addr16 or s6_addr32.
+    - Fix compile on platforms without getaddrinfo: bug found by Li-Hui
+      Zhou.
+
+  o Major bugfixes (stream expiration):
+    - Expire not-yet-successful application streams in all cases if
+      they've been around longer than SocksTimeout. Right now there are
+      some cases where the stream will live forever, demanding a new
+      circuit every 15 seconds. Bugfix on 0.1.2.7-alpha; fixes bug 454;
+      reported by lodger.
+
+  o Minor features (directory servers):
+    - When somebody requests a list of statuses or servers, and we have
+      none of those, return a 404 rather than an empty 200.
+
+  o Minor features (directory voting):
+    - Store v3 consensus status consensuses on disk, and reload them
+      on startup.
+
+  o Minor features (security):
+    - Warn about unsafe ControlPort configurations.
+    - Refuse to start with certain directory authority keys, and
+      encourage people using them to stop.
+
+  o Minor features (controller):
+    - Add a PROTOCOLINFO controller command. Like AUTHENTICATE, it
+      is valid before any authentication has been received. It tells
+      a controller what kind of authentication is expected, and what
+      protocol is spoken. Implements proposal 119.
+    - New config option CookieAuthFile to choose a new location for the
+      cookie authentication file, and config option
+      CookieAuthFileGroupReadable to make it group-readable.
+
+  o Minor features (unit testing):
+    - Add command-line arguments to unit-test executable so that we can
+      invoke any chosen test from the command line rather than having
+      to run the whole test suite at once; and so that we can turn on
+      logging for the unit tests.
+
+  o Minor bugfixes (on 0.1.2.x):
+    - If we require CookieAuthentication but we fail to write the
+      cookie file, we would warn but not exit, and end up in a state
+      where no controller could authenticate. Now we exit.
+    - If we require CookieAuthentication, stop generating a new cookie
+      every time we change any piece of our config.
+    - When loading bandwidth history, do not believe any information in
+      the future. Fixes bug 434.
+    - When loading entry guard information, do not believe any information
+      in the future.
+    - When we have our clock set far in the future and generate an
+      onion key, then re-set our clock to be correct, we should not stop
+      the onion key from getting rotated.
+    - Clean up torrc sample config file.
+    - Do not automatically run configure from autogen.sh. This
+      non-standard behavior tended to annoy people who have built other
+      programs.
+
+  o Minor bugfixes (on 0.2.0.x):
+    - Fix a bug with AutomapHostsOnResolve that would always cause
+      the second request to fail. Bug reported by Kate. Bugfix on
+      0.2.0.3-alpha.
+    - Fix a bug in ADDRMAP controller replies that would sometimes
+      try to print a NULL. Patch from tup.
+    - Read v3 directory authority keys from the right location.
+    - Numerous bugfixes to directory voting code.
+
+
+Changes in version 0.1.2.16 - 2007-08-01
+  Tor 0.1.2.16 fixes a critical security vulnerability that allows a
+  remote attacker in certain situations to rewrite the user's torrc
+  configuration file. This can completely compromise anonymity of users
+  in most configurations, including those running the Vidalia bundles,
+  TorK, etc. Or worse.
+
+  o Major security fixes:
+    - Close immediately after missing authentication on control port;
+      do not allow multiple authentication attempts.
+
+
+Changes in version 0.2.0.4-alpha - 2007-08-01
+  This fourth development snapshot fixes a critical security vulnerability
+  for most users, specifically those running Vidalia, TorK, etc. Everybody
+  should upgrade to either 0.1.2.16 or 0.2.0.4-alpha.
+
+  o Major security fixes:
+    - Close immediately after missing authentication on control port;
+      do not allow multiple authentication attempts.
+
+  o Major bugfixes (compilation):
+    - Fix win32 compilation: apparently IN_ADDR and IN6_ADDR are already
+      defined there.
+
+  o Minor features (performance):
+    - Be even more aggressive about releasing RAM from small
+      empty buffers. Thanks to our free-list code, this shouldn't be too
+      performance-intensive.
+    - Disable sentinel-based debugging for buffer code: we squashed all
+      the bugs that this was supposed to detect a long time ago, and
+      now its only effect is to change our buffer sizes from nice
+      powers of two (which platform mallocs tend to like) to values
+      slightly over powers of two (which make some platform mallocs sad).
+    - Log malloc statistics from mallinfo() on platforms where it
+      exists.
+
+
+Changes in version 0.2.0.3-alpha - 2007-07-29
+  This third development snapshot introduces new experimental
+  blocking-resistance features and a preliminary version of the v3
+  directory voting design, and includes many other smaller features
+  and bugfixes.
+
+  o Major features:
+    - The first pieces of our "bridge" design for blocking-resistance
+      are implemented. People can run bridge directory authorities;
+      people can run bridges; and people can configure their Tor clients
+      with a set of bridges to use as the first hop into the Tor network.
+      See http://archives.seul.org/or/talk/Jul-2007/msg00249.html for
+      details.
+    - Create listener connections before we setuid to the configured
+      User and Group. Now non-Windows users can choose port values
+      under 1024, start Tor as root, and have Tor bind those ports
+      before it changes to another UID. (Windows users could already
+      pick these ports.)
+    - Added a new ConstrainedSockets config option to set SO_SNDBUF and
+      SO_RCVBUF on TCP sockets. Hopefully useful for Tor servers running
+      on "vserver" accounts. (Patch from coderman.)
+    - Be even more aggressive about separating local traffic from relayed
+      traffic when RelayBandwidthRate is set. (Refines proposal 111.)
+
+  o Major features (experimental):
+    - First cut of code for "v3 dir voting": directory authorities will
+      vote on a common network status document rather than each publishing
+      their own opinion. This code needs more testing and more corner-case
+      handling before it's ready for use.
+
+  o Security fixes:
+    - Directory authorities now call routers Fast if their bandwidth is
+      at least 100KB/s, and consider their bandwidth adequate to be a
+      Guard if it is at least 250KB/s, no matter the medians. This fix
+      complements proposal 107. [Bugfix on 0.1.2.x]
+    - Directory authorities now never mark more than 3 servers per IP as
+      Valid and Running. (Implements proposal 109, by Kevin Bauer and
+      Damon McCoy.)
+    - Minor change to organizationName and commonName generation
+      procedures in TLS certificates during Tor handshakes, to invalidate
+      some earlier censorware approaches. This is not a long-term
+      solution, but applying it will give us a bit of time to look into
+      the epidemiology of countermeasures as they spread.
+
+  o Major bugfixes (directory):
+    - Rewrite directory tokenization code to never run off the end of
+      a string. Fixes bug 455. Patch from croup. [Bugfix on 0.1.2.x]
+
+  o Minor features (controller):
+    - Add a SOURCE_ADDR field to STREAM NEW events so that controllers can
+      match requests to applications. (Patch from Robert Hogan.)
+    - Report address and port correctly on connections to DNSPort. (Patch
+      from Robert Hogan.)
+    - Add a RESOLVE command to launch hostname lookups. (Original patch
+      from Robert Hogan.)
+    - Add GETINFO status/enough-dir-info to let controllers tell whether
+      Tor has downloaded sufficient directory information. (Patch
+      from Tup.)
+    - You can now use the ControlSocket option to tell Tor to listen for
+      controller connections on Unix domain sockets on systems that
+      support them. (Patch from Peter Palfrader.)
+    - STREAM NEW events are generated for DNSPort requests and for
+      tunneled directory connections. (Patch from Robert Hogan.)
+    - New "GETINFO address-mappings/*" command to get address mappings
+      with expiry information. "addr-mappings/*" is now deprecated.
+      (Patch from Tup.)
+
+  o Minor features (misc):
+    - Merge in some (as-yet-unused) IPv6 address manipulation code. (Patch
+      from croup.)
+    - The tor-gencert tool for v3 directory authorities now creates all
+      files as readable to the file creator only, and write-protects
+      the authority identity key.
+    - When dumping memory usage, list bytes used in buffer memory
+      free-lists.
+    - When running with dmalloc, dump more stats on hup and on exit.
+    - Directory authorities now fail quickly and (relatively) harmlessly
+      if they generate a network status document that is somehow
+      malformed.
+
+  o Traffic load balancing improvements:
+    - If exit bandwidth ever exceeds one third of total bandwidth, then
+      use the correct formula to weight exit nodes when choosing paths.
+      (Based on patch from Mike Perry.)
+    - Choose perfectly fairly among routers when choosing by bandwidth and
+      weighting by fraction of bandwidth provided by exits. Previously, we
+      would choose with only approximate fairness, and correct ourselves
+      if we ran off the end of the list. [Bugfix on 0.1.2.x]
+
+  o Performance improvements:
+    - Be more aggressive with freeing buffer RAM or putting it on the
+      memory free lists.
+    - Use Critical Sections rather than Mutexes for synchronizing threads
+      on win32; Mutexes are heavier-weight, and designed for synchronizing
+      between processes.
+
+  o Deprecated and removed features:
+    - RedirectExits is now deprecated.
+    - Stop allowing address masks that do not correspond to bit prefixes.
+      We have warned about these for a really long time; now it's time
+      to reject them. (Patch from croup.)
+
+  o Minor bugfixes (directory):
+    - Fix another crash bug related to extra-info caching. (Bug found by
+      Peter Palfrader.) [Bugfix on 0.2.0.2-alpha]
+    - Directories no longer return a "304 not modified" when they don't
+      have the networkstatus the client asked for. Also fix a memory
+      leak when returning 304 not modified. [Bugfixes on 0.2.0.2-alpha]
+    - We had accidentally labelled 0.1.2.x directory servers as not
+      suitable for begin_dir requests, and had labelled no directory
+      servers as suitable for uploading extra-info documents. [Bugfix
+      on 0.2.0.1-alpha]
+
+  o Minor bugfixes (dns):
+    - Fix a crash when DNSPort is set more than once. (Patch from Robert
+      Hogan.) [Bugfix on 0.2.0.2-alpha]
+    - Add DNSPort connections to the global connection list, so that we
+      can time them out correctly. (Bug found by Robert Hogan.) [Bugfix
+      on 0.2.0.2-alpha]
+    - Fix a dangling reference that could lead to a crash when DNSPort is
+      changed or closed (Patch from Robert Hogan.) [Bugfix on
+      0.2.0.2-alpha]
+
+  o Minor bugfixes (controller):
+    - Provide DNS expiry times in GMT, not in local time. For backward
+      compatibility, ADDRMAP events only provide GMT expiry in an extended
+      field. "GETINFO address-mappings" always does the right thing.
+    - Use CRLF line endings properly in NS events.
+    - Terminate multi-line control events properly. (Original patch
+      from tup.) [Bugfix on 0.1.2.x-alpha]
+    - Do not include spaces in SOURCE_ADDR fields in STREAM
+      events. Resolves bug 472. [Bugfix on 0.2.0.x-alpha]
+
+
+Changes in version 0.1.2.15 - 2007-07-17
+  Tor 0.1.2.15 fixes several crash bugs, fixes some anonymity-related
+  problems, fixes compilation on BSD, and fixes a variety of other
+  bugs. Everybody should upgrade.
+
+  o Major bugfixes (compilation):
+    - Fix compile on FreeBSD/NetBSD/OpenBSD. Oops.
+
+  o Major bugfixes (crashes):
+    - Try even harder not to dereference the first character after
+      an mmap(). Reported by lodger.
+    - Fix a crash bug in directory authorities when we re-number the
+      routerlist while inserting a new router.
+    - When the cached-routers file is an even multiple of the page size,
+      don't run off the end and crash. (Fixes bug 455; based on idea
+      from croup.)
+    - Fix eventdns.c behavior on Solaris: It is critical to include
+      orconfig.h _before_ sys/types.h, so that we can get the expected
+      definition of _FILE_OFFSET_BITS.
+
+  o Major bugfixes (security):
+    - Fix a possible buffer overrun when using BSD natd support. Bug
+      found by croup.
+    - When sending destroy cells from a circuit's origin, don't include
+      the reason for tearing down the circuit. The spec says we didn't,
+      and now we actually don't. Reported by lodger.
+    - Keep streamids from different exits on a circuit separate. This
+      bug may have allowed other routers on a given circuit to inject
+      cells into streams. Reported by lodger; fixes bug 446.
+    - If there's a never-before-connected-to guard node in our list,
+      never choose any guards past it. This way we don't expand our
+      guard list unless we need to.
+
+  o Minor bugfixes (guard nodes):
+    - Weight guard selection by bandwidth, so that low-bandwidth nodes
+      don't get overused as guards.
+
+  o Minor bugfixes (directory):
+    - Correctly count the number of authorities that recommend each
+      version. Previously, we were under-counting by 1.
+    - Fix a potential crash bug when we load many server descriptors at
+      once and some of them make others of them obsolete. Fixes bug 458.
+
+  o Minor bugfixes (hidden services):
+    - Stop tearing down the whole circuit when the user asks for a
+      connection to a port that the hidden service didn't configure.
+      Resolves bug 444.
+
+  o Minor bugfixes (misc):
+    - On Windows, we were preventing other processes from reading
+      cached-routers while Tor was running. Reported by janbar.
+    - Fix a possible (but very unlikely) bug in picking routers by
+      bandwidth. Add a log message to confirm that it is in fact
+      unlikely. Patch from lodger.
+    - Backport a couple of memory leak fixes.
+    - Backport miscellaneous cosmetic bugfixes.
+
+
+Changes in version 0.2.0.2-alpha - 2007-06-02
+  o Major bugfixes on 0.2.0.1-alpha:
+    - Fix an assertion failure related to servers without extra-info digests.
+      Resolves bugs 441 and 442.
+
+  o Minor features (directory):
+    - Support "If-Modified-Since" when answering HTTP requests for
+      directories, running-routers documents, and network-status documents.
+      (There's no need to support it for router descriptors, since those
+      are downloaded by descriptor digest.)
+
+  o Minor build issues:
+    - Clear up some MIPSPro compiler warnings.
+    - When building from a tarball on a machine that happens to have SVK
+      installed, report the micro-revision as whatever version existed
+      in the tarball, not as "x".
+
+
+Changes in version 0.2.0.1-alpha - 2007-06-01
+  This early development snapshot provides new features for people running
+  Tor as both a client and a server (check out the new RelayBandwidth
+  config options); lets Tor run as a DNS proxy; and generally moves us
+  forward on a lot of fronts.
+
+  o Major features, server usability:
+    - New config options RelayBandwidthRate and RelayBandwidthBurst:
+      a separate set of token buckets for relayed traffic. Right now
+      relayed traffic is defined as answers to directory requests, and
+      OR connections that don't have any local circuits on them.
+
+  o Major features, client usability:
+    - A client-side DNS proxy feature to replace the need for
+      dns-proxy-tor: Just set "DNSPort 9999", and Tor will now listen
+      for DNS requests on port 9999, use the Tor network to resolve them
+      anonymously, and send the reply back like a regular DNS server.
+      The code still only implements a subset of DNS.
+    - Make PreferTunneledDirConns and TunnelDirConns work even when
+      we have no cached directory info. This means Tor clients can now
+      do all of their connections protected by TLS.
+
+  o Major features, performance and efficiency:
+    - Directory authorities accept and serve "extra info" documents for
+      routers. These documents contain fields from router descriptors
+      that aren't usually needed, and that use a lot of excess
+      bandwidth. Once these fields are removed from router descriptors,
+      the bandwidth savings should be about 60%. [Partially implements
+      proposal 104.]
+    - Servers upload extra-info documents to any authority that accepts
+      them. Authorities (and caches that have been configured to download
+      extra-info documents) download them as needed. [Partially implements
+      proposal 104.]
+    - Change the way that Tor buffers data that it is waiting to write.
+      Instead of queueing data cells in an enormous ring buffer for each
+      client->OR or OR->OR connection, we now queue cells on a separate
+      queue for each circuit. This lets us use less slack memory, and
+      will eventually let us be smarter about prioritizing different kinds
+      of traffic.
+    - Use memory pools to allocate cells with better speed and memory
+      efficiency, especially on platforms where malloc() is inefficient.
+    - Stop reading on edge connections when their corresponding circuit
+      buffers are full; start again as the circuits empty out.
+
+  o Major features, other:
+    - Add an HSAuthorityRecordStats option that hidden service authorities
+      can use to track statistics of overall hidden service usage without
+      logging information that would be very useful to an attacker.
+    - Start work implementing multi-level keys for directory authorities:
+      Add a standalone tool to generate key certificates. (Proposal 103.)
+
+  o Security fixes:
+    - Directory authorities now call routers Stable if they have an
+      uptime of at least 30 days, even if that's not the median uptime
+      in the network. Implements proposal 107, suggested by Kevin Bauer
+      and Damon McCoy.
+
+  o Minor fixes (resource management):
+    - Count the number of open sockets separately from the number
+      of active connection_t objects. This will let us avoid underusing
+      our allocated connection limit.
+    - We no longer use socket pairs to link an edge connection to an
+      anonymous directory connection or a DirPort test connection.
+      Instead, we track the link internally and transfer the data
+      in-process. This saves two sockets per "linked" connection (at the
+      client and at the server), and avoids the nasty Windows socketpair()
+      workaround.
+    - Keep unused 4k and 16k buffers on free lists, rather than wasting 8k
+      for every single inactive connection_t. Free items from the
+      4k/16k-buffer free lists when they haven't been used for a while.
+
+  o Minor features (build):
+    - Make autoconf search for libevent, openssl, and zlib consistently.
+    - Update deprecated macros in configure.in.
+    - When warning about missing headers, tell the user to let us
+      know if the compile succeeds anyway, so we can downgrade the
+      warning.
+    - Include the current subversion revision as part of the version
+      string: either fetch it directly if we're in an SVN checkout, do
+      some magic to guess it if we're in an SVK checkout, or use
+      the last-detected version if we're building from a .tar.gz.
+      Use this version consistently in log messages.
+
+  o Minor features (logging):
+    - Always prepend "Bug: " to any log message about a bug.
+    - Put a platform string (e.g. "Linux i686") in the startup log
+      message, so when people paste just their logs, we know if it's
+      OpenBSD or Windows or what.
+    - When logging memory usage, break down memory used in buffers by
+      buffer type.
+
+  o Minor features (directory system):
+    - New config option V2AuthoritativeDirectory that all directory
+      authorities should set. This will let future authorities choose
+      not to serve V2 directory information.
+    - Directory authorities allow multiple router descriptors and/or extra
+      info documents to be uploaded in a single go. This will make
+      implementing proposal 104 simpler.
+
+  o Minor features (controller):
+    - Add a new config option __DisablePredictedCircuits designed for
+      use by the controller, when we don't want Tor to build any circuits
+      preemptively.
+    - Let the controller specify HOP=%d as an argument to ATTACHSTREAM,
+      so we can exit from the middle of the circuit.
+    - Implement "getinfo status/circuit-established".
+    - Implement "getinfo status/version/..." so a controller can tell
+      whether the current version is recommended, and whether any versions
+      are good, and how many authorities agree. (Patch from shibz.)
+
+  o Minor features (hidden services):
+    - Allow multiple HiddenServicePort directives with the same virtual
+      port; when they occur, the user is sent round-robin to one
+      of the target ports chosen at random. Partially fixes bug 393 by
+      adding limited ad-hoc round-robining.
+
+  o Minor features (other):
+    - More unit tests.
+    - Add a new AutomapHostsOnResolve option: when it is enabled, any
+      resolve request for hosts matching a given pattern causes Tor to
+      generate an internal virtual address mapping for that host. This
+      allows DNSPort to work sensibly with hidden service users. By
+      default, .exit and .onion addresses are remapped; the list of
+      patterns can be reconfigured with AutomapHostsSuffixes.
+    - Add an "-F" option to tor-resolve to force a resolve for a .onion
+      address. Thanks to the AutomapHostsOnResolve option, this is no
+      longer a completely silly thing to do.
+    - If Tor is invoked from something that isn't a shell (e.g. Vidalia),
+      now we expand "-f ~/.tor/torrc" correctly. Suggested by Matt Edman.
+    - Treat "2gb" when given in torrc for a bandwidth as meaning 2gb,
+      minus 1 byte: the actual maximum declared bandwidth.
+
+  o Removed features:
+    - Removed support for the old binary "version 0" controller protocol.
+      This has been deprecated since 0.1.1, and warnings have been issued
+      since 0.1.2. When we encounter a v0 control message, we now send
+      back an error and close the connection.
+    - Remove the old "dns worker" server DNS code: it hasn't been default
+      since 0.1.2.2-alpha, and all the servers seem to be using the new
+      eventdns code.
+
+  o Minor bugfixes (portability):
+    - Even though Windows is equally happy with / and \ as path separators,
+      try to use \ consistently on Windows and / consistently on Unix: it
+      makes the log messages nicer.
+    - Correctly report platform name on Windows 95 OSR2 and Windows 98 SE.
+    - Read resolv.conf files correctly on platforms where read() returns
+      partial results on small file reads.
+
+  o Minor bugfixes (directory):
+    - Correctly enforce that elements of directory objects do not appear
+      more often than they are allowed to appear.
+    - When we are reporting the DirServer line we just parsed, we were
+      logging the second stanza of the key fingerprint, not the first.
+
+  o Minor bugfixes (logging):
+    - When we hit an EOF on a log (probably because we're shutting down),
+      don't try to remove the log from the list: just mark it as
+      unusable. (Bulletproofs against bug 222.)
+
+  o Minor bugfixes (other):
+    - In the exitlist script, only consider the most recently published
+      server descriptor for each server. Also, when the user requests
+      a list of servers that _reject_ connections to a given address,
+      explicitly exclude the IPs that also have servers that accept
+      connections to that address. (Resolves bug 405.)
+    - Stop allowing hibernating servers to be "stable" or "fast".
+    - On Windows, we were preventing other processes from reading
+      cached-routers while Tor was running. (Reported by janbar)
+    - Make the NodeFamilies config option work. (Reported by
+      lodger -- it has never actually worked, even though we added it
+      in Oct 2004.)
+    - Check return values from pthread_mutex functions.
+    - Don't save non-general-purpose router descriptors to the disk cache,
+      because we have no way of remembering what their purpose was when
+      we restart.
+    - Add even more asserts to hunt down bug 417.
+    - Build without verbose warnings even on (not-yet-released) gcc 4.2.
+    - Fix a possible (but very unlikely) bug in picking routers by bandwidth.
+      Add a log message to confirm that it is in fact unlikely.
+
+  o Minor bugfixes (controller):
+    - Make 'getinfo fingerprint' return a 551 error if we're not a
+      server, so we match what the control spec claims we do. Reported
+      by daejees.
+    - Fix a typo in an error message when extendcircuit fails that
+      caused us to not follow the \r\n-based delimiter protocol. Reported
+      by daejees.
+
+  o Code simplifications and refactoring:
+    - Stop passing around circuit_t and crypt_path_t pointers that are
+      implicit in other procedure arguments.
+    - Drop the old code to choke directory connections when the
+      corresponding OR connections got full: thanks to the cell queue
+      feature, OR conns don't get full any more.
+    - Make dns_resolve() handle attaching connections to circuits
+      properly, so the caller doesn't have to.
+    - Rename wants_to_read and wants_to_write to read/write_blocked_on_bw.
+    - Keep the connection array as a dynamic smartlist_t, rather than as
+      a fixed-sized array. This is important, as the number of connections
+      is becoming increasingly decoupled from the number of sockets.
+
+
+Changes in version 0.1.2.14 - 2007-05-25
+  Tor 0.1.2.14 changes the addresses of two directory authorities (this
+  change especially affects those who serve or use hidden services),
+  and fixes several other crash- and security-related bugs.
+
+  o Directory authority changes:
+    - Two directory authorities (moria1 and moria2) just moved to new
+      IP addresses. This change will particularly affect those who serve
+      or use hidden services.
+
+  o Major bugfixes (crashes):
+    - If a directory server runs out of space in the connection table
+      as it's processing a begin_dir request, it will free the exit stream
+      but leave it attached to the circuit, leading to unpredictable
+      behavior. (Reported by seeess, fixes bug 425.)
+    - Fix a bug in dirserv_remove_invalid() that would cause authorities
+      to corrupt memory under some really unlikely scenarios.
+    - Tighten router parsing rules. (Bugs reported by Benedikt Boss.)
+    - Avoid segfaults when reading from mmaped descriptor file. (Reported
+      by lodger.)
+
+  o Major bugfixes (security):
+    - When choosing an entry guard for a circuit, avoid using guards
+      that are in the same family as the chosen exit -- not just guards
+      that are exactly the chosen exit. (Reported by lodger.)
+
+  o Major bugfixes (resource management):
+    - If a directory authority is down, skip it when deciding where to get
+      networkstatus objects or descriptors. Otherwise we keep asking
+      every 10 seconds forever. Fixes bug 384.
+    - Count it as a failure if we fetch a valid network-status but we
+      don't want to keep it. Otherwise we'll keep fetching it and keep
+      not wanting to keep it. Fixes part of bug 422.
+    - If all of our dirservers have given us bad or no networkstatuses
+      lately, then stop hammering them once per minute even when we
+      think they're failed. Fixes another part of bug 422.
+
+  o Minor bugfixes:
+    - Actually set the purpose correctly for descriptors inserted with
+      purpose=controller.
+    - When we have k non-v2 authorities in our DirServer config,
+      we ignored the last k authorities in the list when updating our
+      network-statuses.
+    - Correctly back-off from requesting router descriptors that we are
+      having a hard time downloading.
+    - Read resolv.conf files correctly on platforms where read() returns
+      partial results on small file reads.
+    - Don't rebuild the entire router store every time we get 32K of
+      routers: rebuild it when the journal gets very large, or when
+      the gaps in the store get very large.
+
+  o Minor features:
+    - When routers publish SVN revisions in their router descriptors,
+      authorities now include those versions correctly in networkstatus
+      documents.
+    - Warn when using a version of libevent before 1.3b to run a server on
+      OSX or BSD: these versions interact badly with userspace threads.
+
+
+Changes in version 0.1.2.13 - 2007-04-24
+  This release features some major anonymity fixes, such as safer path
+  selection; better client performance; faster bootstrapping, better
+  address detection, and better DNS support for servers; write limiting as
+  well as read limiting to make servers easier to run; and a huge pile of
+  other features and bug fixes. The bundles also ship with Vidalia 0.0.11.
+
+  Tor 0.1.2.13 is released in memory of Rob Levin (1955-2006), aka lilo
+  of the Freenode IRC network, remembering his patience and vision for
+  free speech on the Internet.
+
+  o Minor fixes:
+    - Fix a memory leak when we ask for "all" networkstatuses and we
+      get one we don't recognize.
+    - Add more asserts to hunt down bug 417.
+    - Disable kqueue on OS X 10.3 and earlier, to fix bug 371.
+
+
+Changes in version 0.1.2.12-rc - 2007-03-16
+  o Major bugfixes:
+    - Fix an infinite loop introduced in 0.1.2.7-alpha when we serve
+      directory information requested inside Tor connections (i.e. via
+      begin_dir cells). It only triggered when the same connection was
+      serving other data at the same time. Reported by seeess.
+
+  o Minor bugfixes:
+    - When creating a circuit via the controller, send a 'launched'
+      event when we're done, so we follow the spec better.
+
+
+Changes in version 0.1.2.11-rc - 2007-03-15
+  o Minor bugfixes (controller), reported by daejees:
+    - Correct the control spec to match how the code actually responds
+      to 'getinfo addr-mappings/*'.
+    - The control spec described a GUARDS event, but the code
+      implemented a GUARD event. Standardize on GUARD, but let people
+      ask for GUARDS too.
+
+
+Changes in version 0.1.2.10-rc - 2007-03-07
+  o Major bugfixes (Windows):
+    - Do not load the NT services library functions (which may not exist)
+      just to detect if we're a service trying to shut down. Now we run
+      on Win98 and friends again.
+
+  o Minor bugfixes (other):
+    - Clarify a couple of log messages.
+    - Fix a misleading socks5 error number.
+
+
+Changes in version 0.1.2.9-rc - 2007-03-02
+  o Major bugfixes (Windows):
+    - On MinGW, use "%I64u" to printf/scanf 64-bit integers, instead
+      of the usual GCC "%llu". This prevents a bug when saving 64-bit
+      int configuration values: the high-order 32 bits would get
+      truncated. In particular, we were being bitten by the default
+      MaxAdvertisedBandwidth of 128 TB turning into 0. (Fixes bug 400
+      and maybe also bug 397.)
+
+  o Minor bugfixes (performance):
+    - Use OpenSSL's AES implementation on platforms where it's faster.
+      This could save us as much as 10% CPU usage.
+
+  o Minor bugfixes (server):
+    - Do not rotate onion key immediately after setting it for the first
+      time.
+
+  o Minor bugfixes (directory authorities):
+    - Stop calling servers that have been hibernating for a long time
+      "stable". Also, stop letting hibernating or obsolete servers affect
+      uptime and bandwidth cutoffs.
+    - Stop listing hibernating servers in the v1 directory.
+
+  o Minor bugfixes (hidden services):
+    - Upload hidden service descriptors slightly less often, to reduce
+      load on authorities.
+
+  o Minor bugfixes (other):
+    - Fix an assert that could trigger if a controller quickly set then
+      cleared EntryNodes. Bug found by Udo van den Heuvel.
+    - On architectures where sizeof(int)>4, still clamp declarable bandwidth
+      to INT32_MAX.
+    - Fix a potential race condition in the rpm installer. Found by
+      Stefan Nordhausen.
+    - Try to fix eventdns warnings once and for all: do not treat a dns rcode
+      of 2 as indicating that the server is completely bad; it sometimes
+      means that the server is just bad for the request in question. (may fix
+      the last of bug 326.)
+    - Disable encrypted directory connections when we don't have a server
+      descriptor for the destination. We'll get this working again in
+      the 0.2.0 branch.
+
+
+Changes in version 0.1.2.8-beta - 2007-02-26
+  o Major bugfixes (crashes):
+    - Stop crashing when the controller asks us to resetconf more than
+      one config option at once. (Vidalia 0.0.11 does this.)
+    - Fix a crash that happened on Win98 when we're given command-line
+      arguments: don't try to load NT service functions from advapi32.dll
+      except when we need them. (Bug introduced in 0.1.2.7-alpha;
+      resolves bug 389.)
+    - Fix a longstanding obscure crash bug that could occur when
+      we run out of DNS worker processes. (Resolves bug 390.)
+
+  o Major bugfixes (hidden services):
+    - Correctly detect whether hidden service descriptor downloads are
+      in-progress. (Suggested by Karsten Loesing; fixes bug 399.)
+
+  o Major bugfixes (accounting):
+    - When we start during an accounting interval before it's time to wake
+      up, remember to wake up at the correct time. (May fix bug 342.)
+
+  o Minor bugfixes (controller):
+    - Give the controller END_STREAM_REASON_DESTROY events _before_ we
+      clear the corresponding on_circuit variable, and remember later
+      that we don't need to send a redundant CLOSED event. Resolves part
+      3 of bug 367.
+    - Report events where a resolve succeeded or where we got a socks
+      protocol error correctly, rather than calling both of them
+      "INTERNAL".
+    - Change reported stream target addresses to IP consistently when
+      we finally get the IP from an exit node.
+    - Send log messages to the controller even if they happen to be very
+      long.
+
+  o Minor bugfixes (other):
+    - Display correct results when reporting which versions are
+      recommended, and how recommended they are. (Resolves bug 383.)
+    - Improve our estimates for directory bandwidth to be less random:
+      guess that an unrecognized directory will have the average bandwidth
+      from all known directories, not that it will have the average
+      bandwidth from those directories earlier than it on the list.
+    - If we start a server with ClientOnly 1, then set ClientOnly to 0
+      and hup, stop triggering an assert based on an empty onion_key.
+    - On platforms with no working mmap() equivalent, don't warn the
+      user when cached-routers doesn't exist.
+    - Warn the user when mmap() [or its equivalent] fails for some reason
+      other than file-not-found.
+    - Don't warn the user when cached-routers.new doesn't exist: that's
+      perfectly fine when starting up for the first time.
+    - When EntryNodes are configured, rebuild the guard list to contain,
+      in order: the EntryNodes that were guards before; the rest of the
+      EntryNodes; the nodes that were guards before.
+    - Mask out all signals in sub-threads; only the libevent signal
+      handler should be processing them. This should prevent some crashes
+      on some machines using pthreads. (Patch from coderman.)
+    - Fix switched arguments on memset in the implementation of
+      tor_munmap() for systems with no mmap() call.
+    - When Tor receives a router descriptor that it asked for, but
+      no longer wants (because it has received fresh networkstatuses
+      in the meantime), do not warn the user. Cache the descriptor if
+      we're a cache; drop it if we aren't.
+    - Make earlier entry guards _really_ get retried when the network
+      comes back online.
+    - On a malformed DNS reply, always give an error to the corresponding
+      DNS request.
+    - Build with recent libevents on platforms that do not define the
+      nonstandard types "u_int8_t" and friends.
+
+  o Minor features (controller):
+    - Warn the user when an application uses the obsolete binary v0
+      control protocol. We're planning to remove support for it during
+      the next development series, so it's good to give people some
+      advance warning.
+    - Add STREAM_BW events to report per-entry-stream bandwidth
+      use. (Patch from Robert Hogan.)
+    - Rate-limit SIGNEWNYM signals in response to controllers that
+      impolitely generate them for every single stream. (Patch from
+      mwenge; closes bug 394.)
+    - Make REMAP stream events have a SOURCE (cache or exit), and
+      make them generated in every case where we get a successful
+      connected or resolved cell.
+
+  o Minor bugfixes (performance):
+    - Call router_have_min_dir_info half as often. (This is showing up in
+      some profiles, but not others.)
+    - When using GCC, make log_debug never get called at all, and its
+      arguments never get evaluated, when no debug logs are configured.
+      (This is showing up in some profiles, but not others.)
+
+  o Minor features:
+    - Remove some never-implemented options. Mark PathlenCoinWeight as
+      obsolete.
+    - Implement proposal 106: Stop requiring clients to have well-formed
+      certificates; stop checking nicknames in certificates. (Clients
+      have certificates so that they can look like Tor servers, but in
+      the future we might want to allow them to look like regular TLS
+      clients instead. Nicknames in certificates serve no purpose other
+      than making our protocol easier to recognize on the wire.)
+    - Revise messages on handshake failure again to be even more clear about
+      which are incoming connections and which are outgoing.
+    - Discard any v1 directory info that's over 1 month old (for
+      directories) or over 1 week old (for running-routers lists).
+    - Do not warn when individual nodes in the configuration's EntryNodes,
+      ExitNodes, etc are down: warn only when all possible nodes
+      are down. (Fixes bug 348.)
+    - Always remove expired routers and networkstatus docs before checking
+      whether we have enough information to build circuits. (Fixes
+      bug 373.)
+    - Put a lower-bound on MaxAdvertisedBandwidth.
+
+
+Changes in version 0.1.2.7-alpha - 2007-02-06
+  o Major bugfixes (rate limiting):
+    - Servers decline directory requests much more aggressively when
+      they're low on bandwidth. Otherwise they end up queueing more and
+      more directory responses, which can't be good for latency.
+    - But never refuse directory requests from local addresses.
+    - Fix a memory leak when sending a 503 response for a networkstatus
+      request.
+    - Be willing to read or write on local connections (e.g. controller
+      connections) even when the global rate limiting buckets are empty.
+    - If our system clock jumps back in time, don't publish a negative
+      uptime in the descriptor. Also, don't let the global rate limiting
+      buckets go absurdly negative.
+    - Flush local controller connection buffers periodically as we're
+      writing to them, so we avoid queueing 4+ megabytes of data before
+      trying to flush.
+
+  o Major bugfixes (NT services):
+    - Install as NT_AUTHORITY\LocalService rather than as SYSTEM; add a
+      command-line flag so that admins can override the default by saying
+      "tor --service install --user "SomeUser"". This will not affect
+      existing installed services. Also, warn the user that the service
+      will look for its configuration file in the service user's
+      %appdata% directory. (We can't do the 'hardwire the user's appdata
+      directory' trick any more, since we may not have read access to that
+      directory.)
+
+  o Major bugfixes (other):
+    - Previously, we would cache up to 16 old networkstatus documents
+      indefinitely, if they came from nontrusted authorities. Now we
+      discard them if they are more than 10 days old.
+    - Fix a crash bug in the presence of DNS hijacking (reported by Andrew
+      Del Vecchio).
+    - Detect and reject malformed DNS responses containing circular
+      pointer loops.
+    - If exits are rare enough that we're not marking exits as guards,
+      ignore exit bandwidth when we're deciding the required bandwidth
+      to become a guard.
+    - When we're handling a directory connection tunneled over Tor,
+      don't fill up internal memory buffers with all the data we want
+      to tunnel; instead, only add it if the OR connection that will
+      eventually receive it has some room for it. (This can lead to
+      slowdowns in tunneled dir connections; a better solution will have
+      to wait for 0.2.0.)
+
+  o Minor bugfixes (dns):
+    - Add some defensive programming to eventdns.c in an attempt to catch
+      possible memory-stomping bugs.
+    - Detect and reject DNS replies containing IPv4 or IPv6 records with
+      an incorrect number of bytes. (Previously, we would ignore the
+      extra bytes.)
+    - Fix as-yet-unused reverse IPv6 lookup code so it sends nybbles
+      in the correct order, and doesn't crash.
+    - Free memory held in recently-completed DNS lookup attempts on exit.
+      This was not a memory leak, but may have been hiding memory leaks.
+    - Handle TTL values correctly on reverse DNS lookups.
+    - Treat failure to parse resolv.conf as an error.
+
+  o Minor bugfixes (other):
+    - Fix crash with "tor --list-fingerprint" (reported by seeess).
+    - When computing clock skew from directory HTTP headers, consider what
+      time it was when we finished asking for the directory, not what
+      time it is now.
+    - Expire socks connections if they spend too long waiting for the
+      handshake to finish. Previously we would let them sit around for
+      days, if the connecting application didn't close them either.
+    - And if the socks handshake hasn't started, don't send a
+      "DNS resolve socks failed" handshake reply; just close it.
+    - Stop using C functions that OpenBSD's linker doesn't like.
+    - Don't launch requests for descriptors unless we have networkstatuses
+      from at least half of the authorities. This delays the first
+      download slightly under pathological circumstances, but can prevent
+      us from downloading a bunch of descriptors we don't need.
+    - Do not log IPs with TLS failures for incoming TLS
+      connections. (Fixes bug 382.)
+    - If the user asks to use invalid exit nodes, be willing to use
+      unstable ones.
+    - Stop using the reserved ac_cv namespace in our configure script.
+    - Call stat() slightly less often; use fstat() when possible.
+    - Refactor the way we handle pending circuits when an OR connection
+      completes or fails, in an attempt to fix a rare crash bug.
+    - Only rewrite a conn's address based on X-Forwarded-For: headers
+      if it's a parseable public IP address; and stop adding extra quotes
+      to the resulting address.
+
+  o Major features:
+    - Weight directory requests by advertised bandwidth. Now we can
+      let servers enable write limiting but still allow most clients to
+      succeed at their directory requests. (We still ignore weights when
+      choosing a directory authority; I hope this is a feature.)
+
+  o Minor features:
+    - Create a new file ReleaseNotes which was the old ChangeLog. The
+      new ChangeLog file now includes the summaries for all development
+      versions too.
+    - Check for addresses with invalid characters at the exit as well
+      as at the client, and warn less verbosely when they fail. You can
+      override this by setting ServerDNSAllowNonRFC953Addresses to 1.
+    - Adapt a patch from goodell to let the contrib/exitlist script
+      take arguments rather than require direct editing.
+    - Inform the server operator when we decide not to advertise a
+      DirPort due to AccountingMax enabled or a low BandwidthRate. It
+      was confusing Zax, so now we're hopefully more helpful.
+    - Bring us one step closer to being able to establish an encrypted
+      directory tunnel without knowing a descriptor first. Still not
+      ready yet. As part of the change, now assume we can use a
+      create_fast cell if we don't know anything about a router.
+    - Allow exit nodes to use nameservers running on ports other than 53.
+    - Servers now cache reverse DNS replies.
+    - Add an --ignore-missing-torrc command-line option so that we can
+      get the "use sensible defaults if the configuration file doesn't
+      exist" behavior even when specifying a torrc location on the command
+      line.
+
+  o Minor features (controller):
+    - Track reasons for OR connection failure; make these reasons
+      available via the controller interface. (Patch from Mike Perry.)
+    - Add a SOCKS_BAD_HOSTNAME client status event so controllers
+      can learn when clients are sending malformed hostnames to Tor.
+    - Clean up documentation for controller status events.
+    - Add a REMAP status to stream events to note that a stream's
+      address has changed because of a cached address or a MapAddress
+      directive.
+
+
+Changes in version 0.1.2.6-alpha - 2007-01-09
+  o Major bugfixes:
+    - Fix an assert error introduced in 0.1.2.5-alpha: if a single TLS
+      connection handles more than 4 gigs in either direction, we crash.
+    - Fix an assert error introduced in 0.1.2.5-alpha: if we're an
+      advertised exit node, somebody might try to exit from us when
+      we're bootstrapping and before we've built our descriptor yet.
+      Refuse the connection rather than crashing.
+
+  o Minor bugfixes:
+    - Warn if we (as a server) find that we've resolved an address that we
+      weren't planning to resolve.
+    - Warn that using select() on any libevent version before 1.1 will be
+      unnecessarily slow (even for select()).
+    - Flush ERR-level controller status events just like we currently
+      flush ERR-level log events, so that a Tor shutdown doesn't prevent
+      the controller from learning about current events.
+
+  o Minor features (more controller status events):
+    - Implement EXTERNAL_ADDRESS server status event so controllers can
+      learn when our address changes.
+    - Implement BAD_SERVER_DESCRIPTOR server status event so controllers
+      can learn when directories reject our descriptor.
+    - Implement SOCKS_UNKNOWN_PROTOCOL client status event so controllers
+      can learn when a client application is speaking a non-socks protocol
+      to our SocksPort.
+    - Implement DANGEROUS_SOCKS client status event so controllers
+      can learn when a client application is leaking DNS addresses.
+    - Implement BUG general status event so controllers can learn when
+      Tor is unhappy about its internal invariants.
+    - Implement CLOCK_SKEW general status event so controllers can learn
+      when Tor thinks the system clock is set incorrectly.
+    - Implement GOOD_SERVER_DESCRIPTOR and ACCEPTED_SERVER_DESCRIPTOR
+      server status events so controllers can learn when their descriptors
+      are accepted by a directory.
+    - Implement CHECKING_REACHABILITY and REACHABILITY_{SUCCEEDED|FAILED}
+      server status events so controllers can learn about Tor's progress in
+      deciding whether it's reachable from the outside.
+    - Implement BAD_LIBEVENT general status event so controllers can learn
+      when we have a version/method combination in libevent that needs to
+      be changed.
+    - Implement NAMESERVER_STATUS, NAMESERVER_ALL_DOWN, DNS_HIJACKED,
+      and DNS_USELESS server status events so controllers can learn
+      about changes to DNS server status.
+
+  o Minor features (directory):
+    - Authorities no longer recommend exits as guards if this would shift
+      too much load to the exit nodes.
+
+
+Changes in version 0.1.2.5-alpha - 2007-01-06
+  o Major features:
+    - Enable write limiting as well as read limiting. Now we sacrifice
+      capacity if we're pushing out lots of directory traffic, rather
+      than overrunning the user's intended bandwidth limits.
+    - Include TLS overhead when counting bandwidth usage; previously, we
+      would count only the bytes sent over TLS, but not the bytes used
+      to send them.
+    - Support running the Tor service with a torrc not in the same
+      directory as tor.exe and default to using the torrc located in
+      the %appdata%\Tor\ of the user who installed the service. Patch
+      from Matt Edman.
+    - Servers now check for the case when common DNS requests are going to
+      wildcarded addresses (i.e. all getting the same answer), and change
+      their exit policy to reject *:* if it's happening.
+    - Implement BEGIN_DIR cells, so we can connect to the directory
+      server via TLS to do encrypted directory requests rather than
+      plaintext. Enable via the TunnelDirConns and PreferTunneledDirConns
+      config options if you like.
+
+  o Minor features (config and docs):
+    - Start using the state file to store bandwidth accounting data:
+      the bw_accounting file is now obsolete. We'll keep generating it
+      for a while for people who are still using 0.1.2.4-alpha.
+    - Try to batch changes to the state file so that we do as few
+      disk writes as possible while still storing important things in
+      a timely fashion.
+    - The state file and the bw_accounting file get saved less often when
+      the AvoidDiskWrites config option is set.
+    - Make PIDFile work on Windows (untested).
+    - Add internal descriptions for a bunch of configuration options:
+      accessible via controller interface and in comments in saved
+      options files.
+    - Reject *:563 (NNTPS) in the default exit policy. We already reject
+      NNTP by default, so this seems like a sensible addition.
+    - Clients now reject hostnames with invalid characters. This should
+      avoid some inadvertent info leaks. Add an option
+      AllowNonRFC953Hostnames to disable this behavior, in case somebody
+      is running a private network with hosts called @, !, and #.
+    - Add a maintainer script to tell us which options are missing
+      documentation: "make check-docs".
+    - Add a new address-spec.txt document to describe our special-case
+      addresses: .exit, .onion, and .noconnnect.
+
+  o Minor features (DNS):
+    - Ongoing work on eventdns infrastructure: now it has dns server
+      and ipv6 support. One day Tor will make use of it.
+    - Add client-side caching for reverse DNS lookups.
+    - Add support to tor-resolve tool for reverse lookups and SOCKS5.
+    - When we change nameservers or IP addresses, reset and re-launch
+      our tests for DNS hijacking.
+
+  o Minor features (directory):
+    - Authorities now specify server versions in networkstatus. This adds
+      about 2% to the size of compressed networkstatus docs, and allows
+      clients to tell which servers support BEGIN_DIR and which don't.
+      The implementation is forward-compatible with a proposed future
+      protocol version scheme not tied to Tor versions.
+    - DirServer configuration lines now have an orport= option so
+      clients can open encrypted tunnels to the authorities without
+      having downloaded their descriptors yet. Enabled for moria1,
+      moria2, tor26, and lefkada now in the default configuration.
+    - Directory servers are more willing to send a 503 "busy" if they
+      are near their write limit, especially for v1 directory requests.
+      Now they can use their limited bandwidth for actual Tor traffic.
+    - Clients track responses with status 503 from dirservers. After a
+      dirserver has given us a 503, we try not to use it until an hour has
+      gone by, or until we have no dirservers that haven't given us a 503.
+    - When we get a 503 from a directory, and we're not a server, we don't
+      count the failure against the total number of failures allowed
+      for the thing we're trying to download.
+    - Report X-Your-Address-Is correctly from tunneled directory
+      connections; don't report X-Your-Address-Is when it's an internal
+      address; and never believe reported remote addresses when they're
+      internal.
+    - Protect against an unlikely DoS attack on directory servers.
+    - Add a BadDirectory flag to network status docs so that authorities
+      can (eventually) tell clients about caches they believe to be
+      broken.
+
+  o Minor features (controller):
+    - Have GETINFO dir/status/* work on hosts with DirPort disabled.
+    - Reimplement GETINFO so that info/names stays in sync with the
+      actual keys.
+    - Implement "GETINFO fingerprint".
+    - Implement "SETEVENTS GUARD" so controllers can get updates on
+      entry guard status as it changes.
+
+  o Minor features (clean up obsolete pieces):
+    - Remove some options that have been deprecated since at least
+      0.1.0.x: AccountingMaxKB, LogFile, DebugLogFile, LogLevel, and
+      SysLog. Use AccountingMax instead of AccountingMaxKB, and use Log
+      to set log options.
+    - We no longer look for identity and onion keys in "identity.key" and
+      "onion.key" -- these were replaced by secret_id_key and
+      secret_onion_key in 0.0.8pre1.
+    - We no longer require unrecognized directory entries to be
+      preceded by "opt".
+
+  o Major bugfixes (security):
+    - Stop sending the HttpProxyAuthenticator string to directory
+      servers when directory connections are tunnelled through Tor.
+    - Clients no longer store bandwidth history in the state file.
+    - Do not log introduction points for hidden services if SafeLogging
+      is set.
+    - When generating bandwidth history, round down to the nearest
+      1k. When storing accounting data, round up to the nearest 1k.
+    - When we're running as a server, remember when we last rotated onion
+      keys, so that we will rotate keys once they're a week old even if
+      we never stay up for a week ourselves.
+
+  o Major bugfixes (other):
+    - Fix a longstanding bug in eventdns that prevented the count of
+      timed-out resolves from ever being reset. This bug caused us to
+      give up on a nameserver the third time it timed out, and try it
+      10 seconds later... and to give up on it every time it timed out
+      after that.
+    - Take out the '5 second' timeout from the connection retry
+      schedule. Now the first connect attempt will wait a full 10
+      seconds before switching to a new circuit. Perhaps this will help
+      a lot. Based on observations from Mike Perry.
+    - Fix a bug on the Windows implementation of tor_mmap_file() that
+      would prevent the cached-routers file from ever loading. Reported
+      by John Kimble.
+
+  o Minor bugfixes:
+    - Fix an assert failure when a directory authority sets
+      AuthDirRejectUnlisted and then receives a descriptor from an
+      unlisted router. Reported by seeess.
+    - Avoid a double-free when parsing malformed DirServer lines.
+    - Fix a bug when a BSD-style PF socket is first used. Patch from
+      Fabian Keil.
+    - Fix a bug in 0.1.2.2-alpha that prevented clients from asking
+      to resolve an address at a given exit node even when they ask for
+      it by name.
+    - Servers no longer ever list themselves in their "family" line,
+      even if configured to do so. This makes it easier to configure
+      family lists conveniently.
+    - When running as a server, don't fall back to 127.0.0.1 when no
+      nameservers are configured in /etc/resolv.conf; instead, make the
+      user fix resolv.conf or specify nameservers explicitly. (Resolves
+      bug 363.)
+    - Stop accepting certain malformed ports in configured exit policies.
+    - Don't re-write the fingerprint file every restart, unless it has
+      changed.
+    - Stop warning when a single nameserver fails: only warn when _all_ of
+      our nameservers have failed. Also, when we only have one nameserver,
+      raise the threshold for deciding that the nameserver is dead.
+    - Directory authorities now only decide that routers are reachable
+      if their identity keys are as expected.
+    - When the user uses bad syntax in the Log config line, stop
+      suggesting other bad syntax as a replacement.
+    - Correctly detect ipv6 DNS capability on OpenBSD.
+
+  o Minor bugfixes (controller):
+    - Report the circuit number correctly in STREAM CLOSED events. Bug
+      reported by Mike Perry.
+    - Do not report bizarre values for results of accounting GETINFOs
+      when the last second's write or read exceeds the allotted bandwidth.
+    - Report "unrecognized key" rather than an empty string when the
+      controller tries to fetch a networkstatus that doesn't exist.
+
+
+Changes in version 0.1.1.26 - 2006-12-14
+  o Security bugfixes:
+    - Stop sending the HttpProxyAuthenticator string to directory
+      servers when directory connections are tunnelled through Tor.
+    - Clients no longer store bandwidth history in the state file.
+    - Do not log introduction points for hidden services if SafeLogging
+      is set.
+
+  o Minor bugfixes:
+    - Fix an assert failure when a directory authority sets
+      AuthDirRejectUnlisted and then receives a descriptor from an
+      unlisted router (reported by seeess).
+
+
+Changes in version 0.1.2.4-alpha - 2006-12-03
+  o Major features:
+    - Add support for using natd; this allows FreeBSDs earlier than
+      5.1.2 to have ipfw send connections through Tor without using
+      SOCKS. (Patch from Zajcev Evgeny with tweaks from tup.)
+
+  o Minor features:
+    - Make all connections to addresses of the form ".noconnect"
+      immediately get closed. This lets application/controller combos
+      successfully test whether they're talking to the same Tor by
+      watching for STREAM events.
+    - Make cross.sh cross-compilation script work even when autogen.sh
+      hasn't been run. (Patch from Michael Mohr.)
+    - Statistics dumped by -USR2 now include a breakdown of public key
+      operations, for profiling.
+
+  o Major bugfixes:
+    - Fix a major leak when directory authorities parse their
+      approved-routers list, a minor memory leak when we fail to pick
+      an exit node, and a few rare leaks on errors.
+    - Handle TransPort connections even when the server sends data before
+      the client sends data. Previously, the connection would just hang
+      until the client sent data. (Patch from tup based on patch from
+      Zajcev Evgeny.)
+    - Avoid assert failure when our cached-routers file is empty on
+      startup.
+
+  o Minor bugfixes:
+    - Don't log spurious warnings when we see a circuit close reason we
+      don't recognize; it's probably just from a newer version of Tor.
+    - Have directory authorities allow larger amounts of drift in uptime
+      without replacing the server descriptor: previously, a server that
+      restarted every 30 minutes could have 48 "interesting" descriptors
+      per day.
+    - Start linking to the Tor specification and Tor reference manual
+      correctly in the Windows installer.
+    - Add Vidalia to the OS X uninstaller script, so when we uninstall
+      Tor/Privoxy we also uninstall Vidalia.
+    - Resume building on Irix64, and fix a lot of warnings from its
+      MIPSpro C compiler.
+    - Don't corrupt last_guessed_ip in router_new_address_suggestion()
+      when we're running as a client.
+
+
+Changes in version 0.1.1.25 - 2006-11-04
+  o Major bugfixes:
+    - When a client asks us to resolve (rather than connect to)
+      an address, and we have a cached answer, give them the cached
+      answer. Previously, we would give them no answer at all.
+    - We were building exactly the wrong circuits when we predict
+      hidden service requirements, meaning Tor would have to build all
+      its circuits on demand.
+    - If none of our live entry guards have a high uptime, but we
+      require a guard with a high uptime, try adding a new guard before
+      we give up on the requirement. This patch should make long-lived
+      connections more stable on average.
+    - When testing reachability of our DirPort, don't launch new
+      tests when there's already one in progress -- unreachable
+      servers were stacking up dozens of testing streams.
+
+  o Security bugfixes:
+    - When the user sends a NEWNYM signal, clear the client-side DNS
+      cache too. Otherwise we continue to act on previous information.
+
+  o Minor bugfixes:
+    - Avoid a memory corruption bug when creating a hash table for
+      the first time.
+    - Avoid possibility of controller-triggered crash when misusing
+      certain commands from a v0 controller on platforms that do not
+      handle printf("%s",NULL) gracefully.
+    - Avoid infinite loop on unexpected controller input.
+    - Don't log spurious warnings when we see a circuit close reason we
+      don't recognize; it's probably just from a newer version of Tor.
+    - Add Vidalia to the OS X uninstaller script, so when we uninstall
+      Tor/Privoxy we also uninstall Vidalia.
+
+
+Changes in version 0.1.2.3-alpha - 2006-10-29
+  o Minor features:
+    - Prepare for servers to publish descriptors less often: never
+      discard a descriptor simply for being too old until either it is
+      recommended by no authorities, or until we get a better one for
+      the same router. Make caches consider retaining old recommended
+      routers for even longer.
+    - If most authorities set a BadExit flag for a server, clients
+      don't think of it as a general-purpose exit. Clients only consider
+      authorities that advertise themselves as listing bad exits.
+    - Directory servers now provide 'Pragma: no-cache' and 'Expires'
+      headers for content, so that we can work better in the presence of
+      caching HTTP proxies.
+    - Allow authorities to list nodes as bad exits by fingerprint or by
+      address.
+
+  o Minor features, controller:
+    - Add a REASON field to CIRC events; for backward compatibility, this
+      field is sent only to controllers that have enabled the extended
+      event format. Also, add additional reason codes to explain why
+      a given circuit has been destroyed or truncated. (Patches from
+      Mike Perry)
+    - Add a REMOTE_REASON field to extended CIRC events to tell the
+      controller about why a remote OR told us to close a circuit.
+    - Stream events also now have REASON and REMOTE_REASON fields,
+      working much like those for circuit events.
+    - There's now a GETINFO ns/... field so that controllers can ask Tor
+      about the current status of a router.
+    - A new event type "NS" to inform a controller when our opinion of
+      a router's status has changed.
+    - Add a GETINFO events/names and GETINFO features/names so controllers
+      can tell which events and features are supported.
+    - A new CLEARDNSCACHE signal to allow controllers to clear the
+      client-side DNS cache without expiring circuits.
+
+  o Security bugfixes:
+    - When the user sends a NEWNYM signal, clear the client-side DNS
+      cache too. Otherwise we continue to act on previous information.
+
+  o Minor bugfixes:
+    - Avoid sending junk to controllers or segfaulting when a controller
+      uses EVENT_NEW_DESC with verbose nicknames.
+    - Stop triggering asserts if the controller tries to extend hidden
+      service circuits (reported by mwenge).
+    - Avoid infinite loop on unexpected controller input.
+    - When the controller does a "GETINFO network-status", tell it
+      about even those routers whose descriptors are very old, and use
+      long nicknames where appropriate.
+    - Change NT service functions to be loaded on demand. This lets us
+      build with MinGW without breaking Tor for Windows 98 users.
+    - Do DirPort reachability tests less often, since a single test
+      chews through many circuits before giving up.
+    - In the hidden service example in torrc.sample, stop recommending
+      esoteric and discouraged hidden service options.
+    - When stopping an NT service, wait up to 10 sec for it to actually
+      stop. Patch from Matt Edman; resolves bug 295.
+    - Fix handling of verbose nicknames with ORCONN controller events:
+      make them show up exactly when requested, rather than exactly when
+      not requested.
+    - When reporting verbose nicknames in entry_guards_getinfo(), avoid
+      printing a duplicate "$" in the keys we send (reported by mwenge).
+    - Correctly set maximum connection limit on Cygwin. (This time
+      for sure!)
+    - Try to detect Windows correctly when cross-compiling.
+    - Detect the size of the routers file correctly even if it is
+      corrupted (on systems without mmap) or not page-aligned (on systems
+      with mmap). This bug was harmless.
+    - Sometimes we didn't bother sending a RELAY_END cell when an attempt
+      to open a stream fails; now we do in more cases. This should
+      make clients able to find a good exit faster in some cases, since
+      unhandleable requests will now get an error rather than timing out.
+    - Resolve two memory leaks when rebuilding the on-disk router cache
+      (reported by fookoowa).
+    - Clean up minor code warnings suggested by the MIPSpro C compiler,
+      and reported by some Centos users.
+    - Controller signals now work on non-Unix platforms that don't define
+      SIGUSR1 and SIGUSR2 the way we expect.
+    - Patch from Michael Mohr to contrib/cross.sh, so it checks more
+      values before failing, and always enables eventdns.
+    - Libevent-1.2 exports, but does not define in its headers, strlcpy.
+      Try to fix this in configure.in by checking for most functions
+      before we check for libevent.
+
+
+Changes in version 0.1.2.2-alpha - 2006-10-07
+  o Major features:
+    - Make our async eventdns library on-by-default for Tor servers,
+      and plan to deprecate the separate dnsworker threads.
+    - Add server-side support for "reverse" DNS lookups (using PTR
+      records so clients can determine the canonical hostname for a given
+      IPv4 address). Only supported by servers using eventdns; servers
+      now announce in their descriptors whether they support eventdns.
+    - Specify and implement client-side SOCKS5 interface for reverse DNS
+      lookups (see doc/socks-extensions.txt).
+    - Add a BEGIN_DIR relay cell type for an easier in-protocol way to
+      connect to directory servers through Tor. Previously, clients needed
+      to find Tor exits to make private connections to directory servers.
+    - Avoid choosing Exit nodes for entry or middle hops when the
+      total bandwidth available from non-Exit nodes is much higher than
+      the total bandwidth available from Exit nodes.
+    - Workaround for name servers (like Earthlink's) that hijack failing
+      DNS requests and replace the no-such-server answer with a "helpful"
+      redirect to an advertising-driven search portal. Also work around
+      DNS hijackers who "helpfully" decline to hijack known-invalid
+      RFC2606 addresses. Config option "ServerDNSDetectHijacking 0"
+      lets you turn it off.
+    - Send out a burst of long-range padding cells once we've established
+      that we're reachable. Spread them over 4 circuits, so hopefully
+      a few will be fast. This exercises our bandwidth and bootstraps
+      us into the directory more quickly.
+
+  o New/improved config options:
+    - Add new config option "ResolvConf" to let the server operator
+      choose an alternate resolve.conf file when using eventdns.
+    - Add an "EnforceDistinctSubnets" option to control our "exclude
+      servers on the same /16" behavior. It's still on by default; this
+      is mostly for people who want to operate private test networks with
+      all the machines on the same subnet.
+    - If one of our entry guards is on the ExcludeNodes list, or the
+      directory authorities don't think it's a good guard, treat it as
+      if it were unlisted: stop using it as a guard, and throw it off
+      the guards list if it stays that way for a long time.
+    - Allow directory authorities to be marked separately as authorities
+      for the v1 directory protocol, the v2 directory protocol, and
+      as hidden service directories, to make it easier to retire old
+      authorities. V1 authorities should set "HSAuthoritativeDir 1"
+      to continue being hidden service authorities too.
+    - Remove 8888 as a LongLivedPort, and add 6697 (IRCS).
+
+  o Minor features, controller:
+    - Fix CIRC controller events so that controllers can learn the
+      identity digests of non-Named servers used in circuit paths.
+    - Let controllers ask for more useful identifiers for servers. Instead
+      of learning identity digests for un-Named servers and nicknames
+      for Named servers, the new identifiers include digest, nickname,
+      and indication of Named status. Off by default; see control-spec.txt
+      for more information.
+    - Add a "getinfo address" controller command so it can display Tor's
+      best guess to the user.
+    - New controller event to alert the controller when our server
+      descriptor has changed.
+    - Give more meaningful errors on controller authentication failure.
+
+  o Minor features, other:
+    - When asked to resolve a hostname, don't use non-exit servers unless
+      requested to do so. This allows servers with broken DNS to be
+      useful to the network.
+    - Divide eventdns log messages into warn and info messages.
+    - Reserve the nickname "Unnamed" for routers that can't pick
+      a hostname: any router can call itself Unnamed; directory
+      authorities will never allocate Unnamed to any particular router;
+      clients won't believe that any router is the canonical Unnamed.
+    - Only include function names in log messages for info/debug messages.
+      For notice/warn/err, the content of the message should be clear on
+      its own, and printing the function name only confuses users.
+    - Avoid some false positives during reachability testing: don't try
+      to test via a server that's on the same /24 as us.
+    - If we fail to build a circuit to an intended enclave, and it's
+      not mandatory that we use that enclave, stop wanting it.
+    - When eventdns is enabled, allow multithreaded builds on NetBSD and
+      OpenBSD. (We had previously disabled threads on these platforms
+      because they didn't have working thread-safe resolver functions.)
+
+  o Major bugfixes, anonymity/security:
+    - If a client asked for a server by name, and there's a named server
+      in our network-status but we don't have its descriptor yet, we
+      could return an unnamed server instead.
+    - Fix NetBSD bug that could allow someone to force uninitialized RAM
+      to be sent to a server's DNS resolver. This only affects NetBSD
+      and other platforms that do not bounds-check tolower().
+    - Reject (most) attempts to use Tor circuits with length one. (If
+      many people start using Tor as a one-hop proxy, exit nodes become
+      a more attractive target for compromise.)
+    - Just because your DirPort is open doesn't mean people should be
+      able to remotely teach you about hidden service descriptors. Now
+      only accept rendezvous posts if you've got HSAuthoritativeDir set.
+
+  o Major bugfixes, other:
+    - Don't crash on race condition in dns.c: tor_assert(!resolve->expire)
+    - When a client asks the server to resolve (not connect to)
+      an address, and it has a cached answer, give them the cached answer.
+      Previously, the server would give them no answer at all.
+    - Allow really slow clients to not hang up five minutes into their
+      directory downloads (suggested by Adam J. Richter).
+    - We were building exactly the wrong circuits when we anticipated
+      hidden service requirements, meaning Tor would have to build all
+      its circuits on demand.
+    - Avoid crashing when we mmap a router cache file of size 0.
+    - When testing reachability of our DirPort, don't launch new
+      tests when there's already one in progress -- unreachable
+      servers were stacking up dozens of testing streams.
+
+  o Minor bugfixes, correctness:
+    - If we're a directory mirror and we ask for "all" network status
+      documents, we would discard status documents from authorities
+      we don't recognize.
+    - Avoid a memory corruption bug when creating a hash table for
+      the first time.
+    - Avoid controller-triggered crash when misusing certain commands
+      from a v0 controller on platforms that do not handle
+      printf("%s",NULL) gracefully.
+    - Don't crash when a controller sends a third argument to an
+      "extendcircuit" request.
+    - Controller protocol fixes: fix encoding in "getinfo addr-mappings"
+      response; fix error code when "getinfo dir/status/" fails.
+    - Avoid crash when telling controller stream-status and a stream
+      is detached.
+    - Patch from Adam Langley to fix assert() in eventdns.c.
+    - Fix a debug log message in eventdns to say "X resolved to Y"
+      instead of "X resolved to X".
+    - Make eventdns give strings for DNS errors, not just error numbers.
+    - Track unreachable entry guards correctly: don't conflate
+      'unreachable by us right now' with 'listed as down by the directory
+      authorities'. With the old code, if a guard was unreachable by
+      us but listed as running, it would clog our guard list forever.
+    - Behave correctly in case we ever have a network with more than
+      2GB/s total advertised capacity.
+    - Make TrackExitHosts case-insensitive, and fix the behavior of
+      ".suffix" TrackExitHosts items to avoid matching in the middle of
+      an address.
+    - Finally fix the openssl warnings from newer gccs that believe that
+      ignoring a return value is okay, but casting a return value and
+      then ignoring it is a sign of madness.
+    - Prevent the contrib/exitlist script from printing the same
+      result more than once.
+    - Patch from Steve Hildrey: Generate network status correctly on
+      non-versioning dirservers.
+    - Don't listen to the X-Your-Address-Is hint if you did the lookup
+      via Tor; otherwise you'll think you're the exit node's IP address.
+
+  o Minor bugfixes, performance:
+    - Two small performance improvements on parsing descriptors.
+    - Major performance improvement on inserting descriptors: change
+      algorithm from O(n^2) to O(n).
+    - Make the common memory allocation path faster on machines where
+      malloc(0) returns a pointer.
+    - Start remembering X-Your-Address-Is directory hints even if you're
+      a client, so you can become a server more smoothly.
+    - Avoid duplicate entries on MyFamily line in server descriptor.
+
+  o Packaging, features:
+    - Remove architecture from OS X builds. The official builds are
+      now universal binaries.
+    - The Debian package now uses --verify-config when (re)starting,
+      to distinguish configuration errors from other errors.
+    - Update RPMs to require libevent 1.1b.
+
+  o Packaging, bugfixes:
+    - Patches so Tor builds with MinGW on Windows.
+    - Patches so Tor might run on Cygwin again.
+    - Resume building on non-gcc compilers and ancient gcc. Resume
+      building with the -O0 compile flag. Resume building cleanly on
+      Debian woody.
+    - Run correctly on OS X platforms with case-sensitive filesystems.
+    - Correct includes for net/if.h and net/pfvar.h on OpenBSD (from Tup).
+    - Add autoconf checks so Tor can build on Solaris x86 again.
+
+  o Documentation
+    - Documented (and renamed) ServerDNSSearchDomains and
+      ServerDNSResolvConfFile options.
+    - Be clearer that the *ListenAddress directives can be repeated
+      multiple times.
+
+
+Changes in version 0.1.1.24 - 2006-09-29
+  o Major bugfixes:
+    - Allow really slow clients to not hang up five minutes into their
+      directory downloads (suggested by Adam J. Richter).
+    - Fix major performance regression from 0.1.0.x: instead of checking
+      whether we have enough directory information every time we want to
+      do something, only check when the directory information has changed.
+      This should improve client CPU usage by 25-50%.
+    - Don't crash if, after a server has been running for a while,
+      it can't resolve its hostname.
+
+  o Minor bugfixes:
+    - Allow Tor to start when RunAsDaemon is set but no logs are set.
+    - Don't crash when the controller receives a third argument to an
+      "extendcircuit" request.
+    - Controller protocol fixes: fix encoding in "getinfo addr-mappings"
+      response; fix error code when "getinfo dir/status/" fails.
+    - Fix configure.in to not produce broken configure files with
+      more recent versions of autoconf. Thanks to Clint for his auto*
+      voodoo.
+    - Fix security bug on NetBSD that could allow someone to force
+      uninitialized RAM to be sent to a server's DNS resolver. This
+      only affects NetBSD and other platforms that do not bounds-check
+      tolower().
+    - Warn user when using libevent 1.1a or earlier with win32 or kqueue
+      methods: these are known to be buggy.
+    - If we're a directory mirror and we ask for "all" network status
+      documents, we would discard status documents from authorities
+      we don't recognize.
+
+
+Changes in version 0.1.2.1-alpha - 2006-08-27
+  o Major features:
+    - Add "eventdns" async dns library from Adam Langley, tweaked to
+      build on OSX and Windows. Only enabled if you pass the
+      --enable-eventdns argument to configure.
+    - Allow servers with no hostname or IP address to learn their
+      IP address by asking the directory authorities. This code only
+      kicks in when you would normally have exited with a "no address"
+      error. Nothing's authenticated, so use with care.
+    - Rather than waiting a fixed amount of time between retrying
+      application connections, we wait only 5 seconds for the first,
+      10 seconds for the second, and 15 seconds for each retry after
+      that. Hopefully this will improve the expected user experience.
+    - Patch from Tup to add support for transparent AP connections:
+      this basically bundles the functionality of trans-proxy-tor
+      into the Tor mainline. Now hosts with compliant pf/netfilter
+      implementations can redirect TCP connections straight to Tor
+      without diverting through SOCKS. Needs docs.
+    - Busy directory servers save lots of memory by spooling server
+      descriptors, v1 directories, and v2 networkstatus docs to buffers
+      as needed rather than en masse. Also mmap the cached-routers
+      files, so we don't need to keep the whole thing in memory too.
+    - Automatically avoid picking more than one node from the same
+      /16 network when constructing a circuit.
+    - Revise and clean up the torrc.sample that we ship with; add
+      a section for BandwidthRate and BandwidthBurst.
+
+  o Minor features:
+    - Split circuit_t into origin_circuit_t and or_circuit_t, and
+      split connection_t into edge, or, dir, control, and base structs.
+      These will save quite a bit of memory on busy servers, and they'll
+      also help us track down bugs in the code and bugs in the spec.
+    - Experimentally re-enable kqueue on OSX when using libevent 1.1b
+      or later. Log when we are doing this, so we can diagnose it when
+      it fails. (Also, recommend libevent 1.1b for kqueue and
+      win32 methods; deprecate libevent 1.0b harder; make libevent
+      recommendation system saner.)
+    - Start being able to build universal binaries on OS X (thanks
+      to Phobos).
+    - Export the default exit policy via the control port, so controllers
+      don't need to guess what it is / will be later.
+    - Add a man page entry for ProtocolWarnings.
+    - Add TestVia config option to the man page.
+    - Remove even more protocol-related warnings from Tor server logs,
+      such as bad TLS handshakes and malformed begin cells.
+    - Stop fetching descriptors if you're not a dir mirror and you
+      haven't tried to establish any circuits lately. [This currently
+      causes some dangerous behavior, because when you start up again
+      you'll use your ancient server descriptors.]
+    - New DirPort behavior: if you have your dirport set, you download
+      descriptors aggressively like a directory mirror, whether or not
+      your ORPort is set.
+    - Get rid of the router_retry_connections notion. Now routers
+      no longer try to rebuild long-term connections to directory
+      authorities, and directory authorities no longer try to rebuild
+      long-term connections to all servers. We still don't hang up
+      connections in these two cases though -- we need to look at it
+      more carefully to avoid flapping, and we likely need to wait til
+      0.1.1.x is obsolete.
+    - Drop compatibility with obsolete Tors that permit create cells
+      to have the wrong circ_id_type.
+    - Re-enable per-connection rate limiting. Get rid of the "OP
+      bandwidth" concept. Lay groundwork for "bandwidth classes" --
+      separate global buckets that apply depending on what sort of conn
+      it is.
+    - Start publishing one minute or so after we find our ORPort
+      to be reachable. This will help reduce the number of descriptors
+      we have for ourselves floating around, since it's quite likely
+      other things (e.g. DirPort) will change during that minute too.
+    - Fork the v1 directory protocol into its own spec document,
+      and mark dir-spec.txt as the currently correct (v2) spec.
+
+  o Major bugfixes:
+    - When we find our DirPort to be reachable, publish a new descriptor
+      so we'll tell the world (reported by pnx).
+    - Publish a new descriptor after we hup/reload. This is important
+      if our config has changed such that we'll want to start advertising
+      our DirPort now, etc.
+    - Allow Tor to start when RunAsDaemon is set but no logs are set.
+    - When we have a state file we cannot parse, tell the user and
+      move it aside. Now we avoid situations where the user starts
+      Tor in 1904, Tor writes a state file with that timestamp in it,
+      the user fixes her clock, and Tor refuses to start.
+    - Fix configure.in to not produce broken configure files with
+      more recent versions of autoconf. Thanks to Clint for his auto*
+      voodoo.
+    - "tor --verify-config" now exits with -1(255) or 0 depending on
+      whether the config options are bad or good.
+    - Resolve bug 321 when using dnsworkers: append a period to every
+      address we resolve at the exit node, so that we do not accidentally
+      pick up local addresses, and so that failing searches are retried
+      in the resolver search domains. (This is already solved for
+      eventdns.) (This breaks Blossom servers for now.)
+    - If we are using an exit enclave and we can't connect, e.g. because
+      its webserver is misconfigured to not listen on localhost, then
+      back off and try connecting from somewhere else before we fail.
+
+  o Minor bugfixes:
+    - Start compiling on MinGW on Windows (patches from Mike Chiussi).
+    - Start compiling on MSVC6 on Windows (patches from Frediano Ziglio).
+    - Fix bug 314: Tor clients issued "unsafe socks" warnings even
+      when the IP address is mapped through MapAddress to a hostname.
+    - Start passing "ipv4" hints to getaddrinfo(), so servers don't do
+      useless IPv6 DNS resolves.
+    - Patch suggested by Karsten Loesing: respond to SIGNAL command
+      before we execute the signal, in case the signal shuts us down.
+    - Clean up AllowInvalidNodes man page entry.
+    - Claim a commonname of Tor, rather than TOR, in TLS handshakes.
+    - Add more asserts to track down an assert error on a windows Tor
+      server with connection_add being called with socket == -1.
+    - Handle reporting OR_CONN_EVENT_NEW events to the controller.
+    - Fix misleading log messages: an entry guard that is "unlisted",
+      as well as not known to be "down" (because we've never heard
+      of it), is not therefore "up".
+    - Remove code to special-case "-cvs" ending, since it has not
+      actually mattered since 0.0.9.
+    - Make our socks5 handling more robust to broken socks clients:
+      throw out everything waiting on the buffer in between socks
+      handshake phases, since they can't possibly (so the theory
+      goes) have predicted what we plan to respond to them.
+
+
+Changes in version 0.1.1.23 - 2006-07-30
+  o Major bugfixes:
+    - Fast Tor servers, especially exit nodes, were triggering asserts
+      due to a bug in handling the list of pending DNS resolves. Some
+      bugs still remain here; we're hunting them.
+    - Entry guards could crash clients by sending unexpected input.
+    - More fixes on reachability testing: if you find yourself reachable,
+      then don't ever make any client requests (so you stop predicting
+      circuits), then hup or have your clock jump, then later your IP
+      changes, you won't think circuits are working, so you won't try to
+      test reachability, so you won't publish.
+
+  o Minor bugfixes:
+    - Avoid a crash if the controller does a resetconf firewallports
+      and then a setconf fascistfirewall=1.
+    - Avoid an integer underflow when the dir authority decides whether
+      a router is stable: we might wrongly label it stable, and compute
+      a slightly wrong median stability, when a descriptor is published
+      later than now.
+    - Fix a place where we might trigger an assert if we can't build our
+      own server descriptor yet.
+
+
+Changes in version 0.1.1.22 - 2006-07-05
+  o Major bugfixes:
+    - Fix a big bug that was causing servers to not find themselves
+      reachable if they changed IP addresses. Since only 0.1.1.22+
+      servers can do reachability testing correctly, now we automatically
+      make sure to test via one of these.
+    - Fix to allow clients and mirrors to learn directory info from
+      descriptor downloads that get cut off partway through.
+    - Directory authorities had a bug in deciding if a newly published
+      descriptor was novel enough to make everybody want a copy -- a few
+      servers seem to be publishing new descriptors many times a minute.
+  o Minor bugfixes:
+    - Fix a rare bug that was causing some servers to complain about
+      "closing wedged cpuworkers" and skip some circuit create requests.
+    - Make the Exit flag in directory status documents actually work.
+
+
+Changes in version 0.1.1.21 - 2006-06-10
+  o Crash and assert fixes from 0.1.1.20:
+    - Fix a rare crash on Tor servers that have enabled hibernation.
+    - Fix a seg fault on startup for Tor networks that use only one
+      directory authority.
+    - Fix an assert from a race condition that occurs on Tor servers
+      while exiting, where various threads are trying to log that they're
+      exiting, and delete the logs, at the same time.
+    - Make our unit tests pass again on certain obscure platforms.
+
+  o Other fixes:
+    - Add support for building SUSE RPM packages.
+    - Speed up initial bootstrapping for clients: if we are making our
+      first ever connection to any entry guard, then don't mark it down
+      right after that.
+    - When only one Tor server in the network is labelled as a guard,
+      and we've already picked him, we would cycle endlessly picking him
+      again, being unhappy about it, etc. Now we specifically exclude
+      current guards when picking a new guard.
+    - Servers send create cells more reliably after the TLS connection
+      is established: we were sometimes forgetting to send half of them
+      when we had more than one pending.
+    - If we get a create cell that asks us to extend somewhere, but the
+      Tor server there doesn't match the expected digest, we now send
+      a destroy cell back, rather than silently doing nothing.
+    - Make options->RedirectExit work again.
+    - Make cookie authentication for the controller work again.
+    - Stop being picky about unusual characters in the arguments to
+      mapaddress. It's none of our business.
+    - Add a new config option "TestVia" that lets you specify preferred
+      middle hops to use for test circuits. Perhaps this will let me
+      debug the reachability problems better.
+
+  o Log / documentation fixes:
+    - If we're a server and some peer has a broken TLS certificate, don't
+      log about it unless ProtocolWarnings is set, i.e., we want to hear
+      about protocol violations by others.
+    - Fix spelling of VirtualAddrNetwork in man page.
+    - Add a better explanation at the top of the autogenerated torrc file
+      about what happened to our old torrc.
+
+
+Changes in version 0.1.1.20 - 2006-05-23
+  o Bugfixes:
+    - Downgrade a log severity where servers complain that they're
+      invalid.
+    - Avoid a compile warning on FreeBSD.
+    - Remove string size limit on NEWDESC messages; solve bug 291.
+    - Correct the RunAsDaemon entry in the man page; ignore RunAsDaemon
+      more thoroughly when we're running on windows.
+
+
+Changes in version 0.1.1.19-rc - 2006-05-03
+  o Minor bugs:
+    - Regenerate our local descriptor if it's dirty and we try to use
+      it locally (e.g. if it changes during reachability detection).
+    - If we setconf our ORPort to 0, we continued to listen on the
+      old ORPort and receive connections.
+    - Avoid a second warning about machine/limits.h on Debian
+      GNU/kFreeBSD.
+    - Be willing to add our own routerinfo into the routerlist.
+      Now authorities will include themselves in their directories
+      and network-statuses.
+    - Stop trying to upload rendezvous descriptors to every
+      directory authority: only try the v1 authorities.
+    - Servers no longer complain when they think they're not
+      registered with the directory authorities. There were too many
+      false positives.
+    - Backport dist-rpm changes so rpms can be built without errors.
+
+  o Features:
+    - Implement an option, VirtualAddrMask, to set which addresses
+      get handed out in response to mapaddress requests. This works
+      around a bug in tsocks where 127.0.0.0/8 is never socksified.
+
+
+Changes in version 0.1.1.18-rc - 2006-04-10
+  o Major fixes:
+    - Work harder to download live network-statuses from all the
+      directory authorities we know about. Improve the threshold
+      decision logic so we're more robust to edge cases.
+    - When fetching rendezvous descriptors, we were willing to ask
+      v2 authorities too, which would always return 404.
+
+  o Minor fixes:
+    - Stop listing down or invalid nodes in the v1 directory. This will
+      reduce its bulk by about 1/3, and reduce load on directory
+      mirrors.
+    - When deciding whether a router is Fast or Guard-worthy, consider
+      his advertised BandwidthRate and not just the BandwidthCapacity.
+    - No longer ship INSTALL and README files -- they are useless now.
+    - Force rpmbuild to behave and honor target_cpu.
+    - Avoid warnings about machine/limits.h on Debian GNU/kFreeBSD.
+    - Start to include translated versions of the tor-doc-*.html
+      files, along with the screenshots. Still needs more work.
+    - Start sending back 512 and 451 errors if mapaddress fails,
+      rather than not sending anything back at all.
+    - When we fail to bind or listen on an incoming or outgoing
+      socket, we should close it before failing. otherwise we just
+      leak it. (thanks to weasel for finding.)
+    - Allow "getinfo dir/status/foo" to work, as long as your DirPort
+      is enabled. (This is a hack, and will be fixed in 0.1.2.x.)
+    - Make NoPublish (even though deprecated) work again.
+    - Fix a minor security flaw where a versioning auth dirserver
+      could list a recommended version many times in a row to make
+      clients more convinced that it's recommended.
+    - Fix crash bug if there are two unregistered servers running
+      with the same nickname, one of them is down, and you ask for
+      them by nickname in your EntryNodes or ExitNodes. Also, try
+      to pick the one that's running rather than an arbitrary one.
+    - Fix an infinite loop we could hit if we go offline for too long.
+    - Complain when we hit WSAENOBUFS on recv() or write() too.
+      Perhaps this will help us hunt the bug.
+    - If you're not a versioning dirserver, don't put the string
+      "client-versions \nserver-versions \n" in your network-status.
+    - Lower the minimum required number of file descriptors to 1000,
+      so we can have some overhead for Valgrind on Linux, where the
+      default ulimit -n is 1024.
+
+  o New features:
+    - Add tor.dizum.com as the fifth authoritative directory server.
+    - Add a new config option FetchUselessDescriptors, off by default,
+      for when you plan to run "exitlist" on your client and you want
+      to know about even the non-running descriptors.
+
+
+Changes in version 0.1.1.17-rc - 2006-03-28
+  o Major fixes:
+    - Clients and servers since 0.1.1.10-alpha have been expiring
+      connections whenever they are idle for 5 minutes and they *do*
+      have circuits on them. Oops. With this new version, clients will
+      discard their previous entry guard choices and avoid choosing
+      entry guards running these flawed versions.
+    - Fix memory leak when uncompressing concatenated zlib streams. This
+      was causing substantial leaks over time on Tor servers.
+    - The v1 directory was including servers as much as 48 hours old,
+      because that's how the new routerlist->routers works. Now only
+      include them if they're 20 hours old or less.
+
+  o Minor fixes:
+    - Resume building on irix64, netbsd 2.0, etc.
+    - On non-gcc compilers (e.g. solaris), use "-g -O" instead of
+      "-Wall -g -O2".
+    - Stop writing the "router.desc" file, ever. Nothing uses it anymore,
+      and it is confusing some users.
+    - Mirrors stop caching the v1 directory so often.
+    - Make the max number of old descriptors that a cache will hold
+      rise with the number of directory authorities, so we can scale.
+    - Change our win32 uname() hack to be more forgiving about what
+      win32 versions it thinks it's found.
+
+  o New features:
+    - Add lefkada.eecs.harvard.edu as a fourth authoritative directory
+      server.
+    - When the controller's *setconf commands fail, collect an error
+      message in a string and hand it back to the controller.
+    - Make the v2 dir's "Fast" flag based on relative capacity, just
+      like "Stable" is based on median uptime. Name everything in the
+      top 7/8 Fast, and only the top 1/2 gets to be a Guard.
+    - Log server fingerprint on startup, so new server operators don't
+      have to go hunting around their filesystem for it.
+    - Return a robots.txt on our dirport to discourage google indexing.
+    - Let the controller ask for GETINFO dir/status/foo so it can ask
+      directly rather than connecting to the dir port. Only works when
+      dirport is set for now.
+
+  o New config options rather than constants in the code:
+    - SocksTimeout: How long do we let a socks connection wait
+      unattached before we fail it?
+    - CircuitBuildTimeout: Cull non-open circuits that were born
+      at least this many seconds ago.
+    - CircuitIdleTimeout: Cull open clean circuits that were born
+      at least this many seconds ago.
+
+
+Changes in version 0.1.1.16-rc - 2006-03-18
+  o Bugfixes on 0.1.1.15-rc:
+    - Fix assert when the controller asks to attachstream a connect-wait
+      or resolve-wait stream.
+    - Now do address rewriting when the controller asks us to attach
+      to a particular circuit too. This will let Blossom specify
+      "moria2.exit" without having to learn what moria2's IP address is.
+    - Make the "tor --verify-config" command-line work again, so people
+      can automatically check if their torrc will parse.
+    - Authoritative dirservers no longer require an open connection from
+      a server to consider him "reachable". We need this change because
+      when we add new auth dirservers, old servers won't know not to
+      hang up on them.
+    - Let Tor build on Sun CC again.
+    - Fix an off-by-one buffer size in dirserv.c that magically never
+      hit our three authorities but broke sjmurdoch's own tor network.
+    - If we as a directory mirror don't know of any v1 directory
+      authorities, then don't try to cache any v1 directories.
+    - Stop warning about unknown servers in our family when they are
+      given as hex digests.
+    - Stop complaining as quickly to the server operator that he
+      hasn't registered his nickname/key binding.
+    - Various cleanups so we can add new V2 Auth Dirservers.
+    - Change "AllowUnverifiedNodes" to "AllowInvalidNodes", to
+      reflect the updated flags in our v2 dir protocol.
+    - Resume allowing non-printable characters for exit streams (both
+      for connecting and for resolving). Now we tolerate applications
+      that don't follow the RFCs. But continue to block malformed names
+      at the socks side.
+
+  o Bugfixes on 0.1.0.x:
+    - Fix assert bug in close_logs(): when we close and delete logs,
+      remove them all from the global "logfiles" list.
+    - Fix minor integer overflow in calculating when we expect to use up
+      our bandwidth allocation before hibernating.
+    - Fix a couple of bugs in OpenSSL detection. Also, deal better when
+      there are multiple SSLs installed with different versions.
+    - When we try to be a server and Address is not explicitly set and
+      our hostname resolves to a private IP address, try to use an
+      interface address if it has a public address. Now Windows machines
+      that think of themselves as localhost can work by default.
+
+  o New features:
+    - Let the controller ask for GETINFO dir/server/foo so it can ask
+      directly rather than connecting to the dir port.
+    - Let the controller tell us about certain router descriptors
+      that it doesn't want Tor to use in circuits. Implement
+      SETROUTERPURPOSE and modify +POSTDESCRIPTOR to do this.
+    - New config option SafeSocks to reject all application connections
+      using unsafe socks protocols. Defaults to off.
+
+
+Changes in version 0.1.1.15-rc - 2006-03-11
+  o Bugfixes and cleanups:
+    - When we're printing strings from the network, don't try to print
+      non-printable characters. This protects us against shell escape
+      sequence exploits, and also against attacks to fool humans into
+      misreading their logs.
+    - Fix a bug where Tor would fail to establish any connections if you
+      left it off for 24 hours and then started it: we were happy with
+      the obsolete network statuses, but they all referred to router
+      descriptors that were too old to fetch, so we ended up with no
+      valid router descriptors.
+    - Fix a seg fault in the controller's "getinfo orconn-status"
+      command while listing status on incoming handshaking connections.
+      Introduce a status name "NEW" for these connections.
+    - If we get a linelist or linelist_s config option from the torrc
+      (e.g. ExitPolicy) and it has no value, warn and skip rather than
+      silently resetting it to its default.
+    - Don't abandon entry guards until they've been down or gone for
+      a whole month.
+    - Cleaner and quieter log messages.
+
+  o New features:
+    - New controller signal NEWNYM that makes new application requests
+      use clean circuits.
+    - Add a new circuit purpose 'controller' to let the controller ask
+      for a circuit that Tor won't try to use. Extend the EXTENDCIRCUIT
+      controller command to let you specify the purpose if you're
+      starting a new circuit. Add a new SETCIRCUITPURPOSE controller
+      command to let you change a circuit's purpose after it's been
+      created.
+    - Accept "private:*" in routerdesc exit policies; not generated yet
+      because older Tors do not understand it.
+    - Add BSD-style contributed startup script "rc.subr" from Peter
+      Thoenen.
+
+
+Changes in version 0.1.1.14-alpha - 2006-02-20
+  o Bugfixes on 0.1.1.x:
+    - Don't die if we ask for a stdout or stderr log (even implicitly)
+      and we're set to RunAsDaemon -- just warn.
+    - We still had a few bugs in the OR connection rotation code that
+      caused directory servers to slowly aggregate connections to other
+      fast Tor servers. This time for sure!
+    - Make log entries on Win32 include the name of the function again.
+    - We were treating a pair of exit policies if they were equal even
+      if one said accept and the other said reject -- causing us to
+      not always publish a new descriptor since we thought nothing
+      had changed.
+    - Retry pending server downloads as well as pending networkstatus
+      downloads when we unexpectedly get a socks request.
+    - We were ignoring the IS_FAST flag in the directory status,
+      meaning we were willing to pick trivial-bandwidth nodes for "fast"
+      connections.
+    - If the controller's SAVECONF command fails (e.g. due to file
+      permissions), let the controller know that it failed.
+
+  o Features:
+    - If we're trying to be a Tor server and running Windows 95/98/ME
+      as a server, explain that we'll likely crash.
+    - When we're a server, a client asks for an old-style directory,
+      and our write bucket is empty, don't give it to him. This way
+      small servers can continue to serve the directory *sometimes*,
+      without getting overloaded.
+    - Compress exit policies even more -- look for duplicate lines
+      and remove them.
+    - Clients now honor the "guard" flag in the router status when
+      picking entry guards, rather than looking at is_fast or is_stable.
+    - Retain unrecognized lines in $DATADIR/state file, so that we can
+      be forward-compatible.
+    - Generate 18.0.0.0/8 address policy format in descs when we can;
+      warn when the mask is not reducible to a bit-prefix.
+    - Let the user set ControlListenAddress in the torrc. This can be
+      dangerous, but there are some cases (like a secured LAN) where it
+      makes sense.
+    - Split ReachableAddresses into ReachableDirAddresses and
+      ReachableORAddresses, so we can restrict Dir conns to port 80
+      and OR conns to port 443.
+    - Now we can target arch and OS in rpm builds (contributed by
+      Phobos). Also make the resulting dist-rpm filename match the
+      target arch.
+    - New config options to help controllers: FetchServerDescriptors
+      and FetchHidServDescriptors for whether to fetch server
+      info and hidserv info or let the controller do it, and
+      PublishServerDescriptor and PublishHidServDescriptors.
+    - Also let the controller set the __AllDirActionsPrivate config
+      option if you want all directory fetches/publishes to happen via
+      Tor (it assumes your controller bootstraps your circuits).
+
+
+Changes in version 0.1.0.17 - 2006-02-17
+  o Crash bugfixes on 0.1.0.x:
+    - When servers with a non-zero DirPort came out of hibernation,
+      sometimes they would trigger an assert.
+
+  o Other important bugfixes:
+    - On platforms that don't have getrlimit (like Windows), we were
+      artificially constraining ourselves to a max of 1024
+      connections. Now just assume that we can handle as many as 15000
+      connections. Hopefully this won't cause other problems.
+
+  o Backported features:
+    - When we're a server, a client asks for an old-style directory,
+      and our write bucket is empty, don't give it to him. This way
+      small servers can continue to serve the directory *sometimes*,
+      without getting overloaded.
+    - Whenever you get a 503 in response to a directory fetch, try
+      once more. This will become important once servers start sending
+      503's whenever they feel busy.
+    - Fetch a new directory every 120 minutes, not every 40 minutes.
+      Now that we have hundreds of thousands of users running the old
+      directory algorithm, it's starting to hurt a lot.
+    - Bump up the period for forcing a hidden service descriptor upload
+      from 20 minutes to 1 hour.
+
+
+Changes in version 0.1.1.13-alpha - 2006-02-09
+  o Crashes in 0.1.1.x:
+    - When you tried to setconf ORPort via the controller, Tor would
+      crash. So people using TorCP to become a server were sad.
+    - Solve (I hope) the stack-smashing bug that we were seeing on fast
+      servers. The problem appears to be something do with OpenSSL's
+      random number generation, or how we call it, or something. Let me
+      know if the crashes continue.
+    - Turn crypto hardware acceleration off by default, until we find
+      somebody smart who can test it for us. (It appears to produce
+      seg faults in at least some cases.)
+    - Fix a rare assert error when we've tried all intro points for
+      a hidden service and we try fetching the service descriptor again:
+      "Assertion conn->state != AP_CONN_STATE_RENDDESC_WAIT failed"
+
+  o Major fixes:
+    - Fix a major load balance bug: we were round-robining in 16 KB
+      chunks, and servers with bandwidthrate of 20 KB, while downloading
+      a 600 KB directory, would starve their other connections. Now we
+      try to be a bit more fair.
+    - Dir authorities and mirrors were never expiring the newest
+      descriptor for each server, causing memory and directory bloat.
+    - Fix memory-bloating and connection-bloating bug on servers: We
+      were never closing any connection that had ever had a circuit on
+      it, because we were checking conn->n_circuits == 0, yet we had a
+      bug that let it go negative.
+    - Make Tor work using squid as your http proxy again -- squid
+      returns an error if you ask for a URL that's too long, and it uses
+      a really generic error message. Plus, many people are behind a
+      transparent squid so they don't even realize it.
+    - On platforms that don't have getrlimit (like Windows), we were
+      artificially constraining ourselves to a max of 1024
+      connections. Now just assume that we can handle as many as 15000
+      connections. Hopefully this won't cause other problems.
+    - Add a new config option ExitPolicyRejectPrivate which defaults to
+      1. This means all exit policies will begin with rejecting private
+      addresses, unless the server operator explicitly turns it off.
+
+  o Major features:
+    - Clients no longer download descriptors for non-running
+      descriptors.
+    - Before we add new directory authorities, we should make it
+      clear that only v1 authorities should receive/publish hidden
+      service descriptors.
+
+  o Minor features:
+    - As soon as we've fetched some more directory info, immediately
+      try to download more server descriptors. This way we don't have
+      a 10 second pause during initial bootstrapping.
+    - Remove even more loud log messages that the server operator can't
+      do anything about.
+    - When we're running an obsolete or un-recommended version, make
+      the log message more clear about what the problem is and what
+      versions *are* still recommended.
+    - Provide a more useful warn message when our onion queue gets full:
+      the CPU is too slow or the exit policy is too liberal.
+    - Don't warn when we receive a 503 from a dirserver/cache -- this
+      will pave the way for them being able to refuse if they're busy.
+    - When we fail to bind a listener, try to provide a more useful
+      log message: e.g., "Is Tor already running?"
+    - Adjust tor-spec to parameterize cell and key lengths. Now Ian
+      Goldberg can prove things about our handshake protocol more
+      easily.
+    - MaxConn has been obsolete for a while now. Document the ConnLimit
+      config option, which is a *minimum* number of file descriptors
+      that must be available else Tor refuses to start.
+    - Apply Matt Ghali's --with-syslog-facility patch to ./configure
+      if you log to syslog and want something other than LOG_DAEMON.
+    - Make dirservers generate a separate "guard" flag to mean,
+      "would make a good entry guard". Make clients parse it and vote
+      on it. Not used by clients yet.
+    - Implement --with-libevent-dir option to ./configure. Also, improve
+      search techniques to find libevent, and use those for openssl too.
+    - Bump the default bandwidthrate to 3 MB, and burst to 6 MB
+    - Only start testing reachability once we've established a
+      circuit. This will make startup on dirservers less noisy.
+    - Don't try to upload hidden service descriptors until we have
+      established a circuit.
+    - Fix the controller's "attachstream 0" command to treat conn like
+      it just connected, doing address remapping, handling .exit and
+      .onion idioms, and so on. Now we're more uniform in making sure
+      that the controller hears about new and closing connections.
+
+
+Changes in version 0.1.1.12-alpha - 2006-01-11
+  o Bugfixes on 0.1.1.x:
+    - The fix to close duplicate server connections was closing all
+      Tor client connections if they didn't establish a circuit
+      quickly enough. Oops.
+    - Fix minor memory issue (double-free) that happened on exit.
+
+  o Bugfixes on 0.1.0.x:
+    - Tor didn't warn when it failed to open a log file.
+
+
+Changes in version 0.1.1.11-alpha - 2006-01-10
+  o Crashes in 0.1.1.x:
+    - Include all the assert/crash fixes from 0.1.0.16.
+    - If you start Tor and then quit very quickly, there were some
+      races that tried to free things that weren't allocated yet.
+    - Fix a rare memory stomp if you're running hidden services.
+    - Fix segfault when specifying DirServer in config without nickname.
+    - Fix a seg fault when you finish connecting to a server but at
+      that moment you dump his server descriptor.
+    - Extendcircuit and Attachstream controller commands would
+      assert/crash if you don't give them enough arguments.
+    - Fix an assert error when we're out of space in the connection_list
+      and we try to post a hidden service descriptor (reported by weasel).
+    - If you specify a relative torrc path and you set RunAsDaemon in
+      your torrc, then it chdir()'s to the new directory. If you HUP,
+      it tries to load the new torrc location, fails, and exits.
+      The fix: no longer allow a relative path to torrc using -f.
+
+  o Major features:
+    - Implement "entry guards": automatically choose a handful of entry
+      nodes and stick with them for all circuits. Only pick new guards
+      when the ones you have are unsuitable, and if the old guards
+      become suitable again, switch back. This will increase security
+      dramatically against certain end-point attacks. The EntryNodes
+      config option now provides some hints about which entry guards you
+      want to use most; and StrictEntryNodes means to only use those.
+    - New directory logic: download by descriptor digest, not by
+      fingerprint. Caches try to download all listed digests from
+      authorities; clients try to download "best" digests from caches.
+      This avoids partitioning and isolating attacks better.
+    - Make the "stable" router flag in network-status be the median of
+      the uptimes of running valid servers, and make clients pay
+      attention to the network-status flags. Thus the cutoff adapts
+      to the stability of the network as a whole, making IRC, IM, etc
+      connections more reliable.
+
+  o Major fixes:
+    - Tor servers with dynamic IP addresses were needing to wait 18
+      hours before they could start doing reachability testing using
+      the new IP address and ports. This is because they were using
+      the internal descriptor to learn what to test, yet they were only
+      rebuilding the descriptor once they decided they were reachable.
+    - Tor 0.1.1.9 and 0.1.1.10 had a serious bug that caused clients
+      to download certain server descriptors, throw them away, and then
+      fetch them again after 30 minutes. Now mirrors throw away these
+      server descriptors so clients can't get them.
+    - We were leaving duplicate connections to other ORs open for a week,
+      rather than closing them once we detect a duplicate. This only
+      really affected authdirservers, but it affected them a lot.
+    - Spread the authdirservers' reachability testing over the entire
+      testing interval, so we don't try to do 500 TLS's at once every
+      20 minutes.
+
+  o Minor fixes:
+    - If the network is down, and we try to connect to a conn because
+      we have a circuit in mind, and we timeout (30 seconds) because the
+      network never answers, we were expiring the circuit, but we weren't
+      obsoleting the connection or telling the entry_guards functions.
+    - Some Tor servers process billions of cells per day. These statistics
+      need to be uint64_t's.
+    - Check for integer overflows in more places, when adding elements
+      to smartlists. This could possibly prevent a buffer overflow
+      on malicious huge inputs. I don't see any, but I haven't looked
+      carefully.
+    - ReachableAddresses kept growing new "reject *:*" lines on every
+      setconf/reload.
+    - When you "setconf log" via the controller, it should remove all
+      logs. We were automatically adding back in a "log notice stdout".
+    - Newly bootstrapped Tor networks couldn't establish hidden service
+      circuits until they had nodes with high uptime. Be more tolerant.
+    - We were marking servers down when they could not answer every piece
+      of the directory request we sent them. This was far too harsh.
+    - Fix the torify (tsocks) config file to not use Tor for localhost
+      connections.
+    - Directory authorities now go to the proper authority when asking for
+      a networkstatus, even when they want a compressed one.
+    - Fix a harmless bug that was causing Tor servers to log
+      "Got an end because of misc error, but we're not an AP. Closing."
+    - Authorities were treating their own descriptor changes as cosmetic,
+      meaning the descriptor available in the network-status and the
+      descriptor that clients downloaded were different.
+    - The OS X installer was adding a symlink for tor_resolve but
+      the binary was called tor-resolve (reported by Thomas Hardly).
+    - Workaround a problem with some http proxies where they refuse GET
+      requests that specify "Content-Length: 0" (reported by Adrian).
+    - Fix wrong log message when you add a "HiddenServiceNodes" config
+      line without any HiddenServiceDir line (reported by Chris Thomas).
+
+  o Minor features:
+    - Write the TorVersion into the state file so we have a prayer of
+      keeping forward and backward compatibility.
+    - Revive the FascistFirewall config option rather than eliminating it:
+      now it's a synonym for ReachableAddresses *:80,*:443.
+    - Clients choose directory servers from the network status lists,
+      not from their internal list of router descriptors. Now they can
+      go to caches directly rather than needing to go to authorities
+      to bootstrap.
+    - Directory authorities ignore router descriptors that have only
+      cosmetic differences: do this for 0.1.0.x servers now too.
+    - Add a new flag to network-status indicating whether the server
+      can answer v2 directory requests too.
+    - Authdirs now stop whining so loudly about bad descriptors that
+      they fetch from other dirservers. So when there's a log complaint,
+      it's for sure from a freshly uploaded descriptor.
+    - Reduce memory requirements in our structs by changing the order
+      of fields.
+    - There used to be two ways to specify your listening ports in a
+      server descriptor: on the "router" line and with a separate "ports"
+      line. Remove support for the "ports" line.
+    - New config option "AuthDirRejectUnlisted" for auth dirservers as
+      a panic button: if we get flooded with unusable servers we can
+      revert to only listing servers in the approved-routers file.
+    - Auth dir servers can now mark a fingerprint as "!reject" or
+      "!invalid" in the approved-routers file (as its nickname), to
+      refuse descriptors outright or include them but marked as invalid.
+    - Servers store bandwidth history across restarts/crashes.
+    - Add reasons to DESTROY and RELAY_TRUNCATED cells, so clients can
+      get a better idea of why their circuits failed. Not used yet.
+    - Directory mirrors now cache up to 16 unrecognized network-status
+      docs. Now we can add new authdirservers and they'll be cached too.
+    - When picking a random directory, prefer non-authorities if any
+      are known.
+    - New controller option "getinfo desc/all-recent" to fetch the
+      latest server descriptor for every router that Tor knows about.
+
+
+Changes in version 0.1.0.16 - 2006-01-02
+  o Crash bugfixes on 0.1.0.x:
+    - On Windows, build with a libevent patch from "I-M Weasel" to avoid
+      corrupting the heap, losing FDs, or crashing when we need to resize
+      the fd_sets. (This affects the Win32 binaries, not Tor's sources.)
+    - It turns out sparc64 platforms crash on unaligned memory access
+      too -- so detect and avoid this.
+    - Handle truncated compressed data correctly (by detecting it and
+      giving an error).
+    - Fix possible-but-unlikely free(NULL) in control.c.
+    - When we were closing connections, there was a rare case that
+      stomped on memory, triggering seg faults and asserts.
+    - Avoid potential infinite recursion when building a descriptor. (We
+      don't know that it ever happened, but better to fix it anyway.)
+    - We were neglecting to unlink marked circuits from soon-to-close OR
+      connections, which caused some rare scribbling on freed memory.
+    - Fix a memory stomping race bug when closing the joining point of two
+      rendezvous circuits.
+    - Fix an assert in time parsing found by Steven Murdoch.
+
+  o Other bugfixes on 0.1.0.x:
+    - When we're doing reachability testing, provide more useful log
+      messages so the operator knows what to expect.
+    - Do not check whether DirPort is reachable when we are suppressing
+      advertising it because of hibernation.
+    - When building with -static or on Solaris, we sometimes needed -ldl.
+    - When we're deciding whether a stream has enough circuits around
+      that can handle it, count the freshly dirty ones and not the ones
+      that are so dirty they won't be able to handle it.
+    - When we're expiring old circuits, we had a logic error that caused
+      us to close new rendezvous circuits rather than old ones.
+    - Give a more helpful log message when you try to change ORPort via
+      the controller: you should upgrade Tor if you want that to work.
+    - We were failing to parse Tor versions that start with "Tor ".
+    - Tolerate faulty streams better: when a stream fails for reason
+      exitpolicy, stop assuming that the router is lying about his exit
+      policy. When a stream fails for reason misc, allow it to retry just
+      as if it was resolvefailed. When a stream has failed three times,
+      reset its failure count so we can try again and get all three tries.
+
+
+Changes in version 0.1.1.10-alpha - 2005-12-11
+  o Correctness bugfixes on 0.1.0.x:
+    - On Windows, build with a libevent patch from "I-M Weasel" to avoid
+      corrupting the heap, losing FDs, or crashing when we need to resize
+      the fd_sets. (This affects the Win32 binaries, not Tor's sources.)
+    - Stop doing the complex voodoo overkill checking for insecure
+      Diffie-Hellman keys. Just check if it's in [2,p-2] and be happy.
+    - When we were closing connections, there was a rare case that
+      stomped on memory, triggering seg faults and asserts.
+    - We were neglecting to unlink marked circuits from soon-to-close OR
+      connections, which caused some rare scribbling on freed memory.
+    - When we're deciding whether a stream has enough circuits around
+      that can handle it, count the freshly dirty ones and not the ones
+      that are so dirty they won't be able to handle it.
+    - Recover better from TCP connections to Tor servers that are
+      broken but don't tell you (it happens!); and rotate TLS
+      connections once a week.
+    - When we're expiring old circuits, we had a logic error that caused
+      us to close new rendezvous circuits rather than old ones.
+    - Fix a scary-looking but apparently harmless bug where circuits
+      would sometimes start out in state CIRCUIT_STATE_OR_WAIT at
+      servers, and never switch to state CIRCUIT_STATE_OPEN.
+    - When building with -static or on Solaris, we sometimes needed to
+      build with -ldl.
+    - Give a useful message when people run Tor as the wrong user,
+      rather than telling them to start chowning random directories.
+    - We were failing to inform the controller about new .onion streams.
+
+  o Security bugfixes on 0.1.0.x:
+    - Refuse server descriptors if the fingerprint line doesn't match
+      the included identity key. Tor doesn't care, but other apps (and
+      humans) might actually be trusting the fingerprint line.
+    - We used to kill the circuit when we receive a relay command we
+      don't recognize. Now we just drop it.
+    - Start obeying our firewall options more rigorously:
+      . If we can't get to a dirserver directly, try going via Tor.
+      . Don't ever try to connect (as a client) to a place our
+        firewall options forbid.
+      . If we specify a proxy and also firewall options, obey the
+        firewall options even when we're using the proxy: some proxies
+        can only proxy to certain destinations.
+    - Fix a bug found by Lasse Overlier: when we were making internal
+      circuits (intended to be cannibalized later for rendezvous and
+      introduction circuits), we were picking them so that they had
+      useful exit nodes. There was no need for this, and it actually
+      aids some statistical attacks.
+    - Start treating internal circuits and exit circuits separately.
+      It's important to keep them separate because internal circuits
+      have their last hops picked like middle hops, rather than like
+      exit hops. So exiting on them will break the user's expectations.
+
+  o Bugfixes on 0.1.1.x:
+    - Take out the mis-feature where we tried to detect IP address
+      flapping for people with DynDNS, and chose not to upload a new
+      server descriptor sometimes.
+    - Try to be compatible with OpenSSL 0.9.6 again.
+    - Log fix: when the controller is logging about .onion addresses,
+      sometimes it didn't include the ".onion" part of the address.
+    - Don't try to modify options->DirServers internally -- if the
+      user didn't specify any, just add the default ones directly to
+      the trusted dirserver list. This fixes a bug where people running
+      controllers would use SETCONF on some totally unrelated config
+      option, and Tor would start yelling at them about changing their
+      DirServer lines.
+    - Let the controller's redirectstream command specify a port, in
+      case the controller wants to change that too.
+    - When we requested a pile of server descriptors, we sometimes
+      accidentally launched a duplicate request for the first one.
+    - Bugfix for trackhostexits: write down the fingerprint of the
+      chosen exit, not its nickname, because the chosen exit might not
+      be verified.
+    - When parsing foo.exit, if foo is unknown, and we are leaving
+      circuits unattached, set the chosen_exit field and leave the
+      address empty. This matters because controllers got confused
+      otherwise.
+    - Directory authorities no longer try to download server
+      descriptors that they know they will reject.
+
+  o Features and updates:
+    - Replace balanced trees with hash tables: this should make stuff
+      significantly faster.
+    - Resume using the AES counter-mode implementation that we ship,
+      rather than OpenSSL's. Ours is significantly faster.
+    - Many other CPU and memory improvements.
+    - Add a new config option FastFirstHopPK (on by default) so clients
+      do a trivial crypto handshake for their first hop, since TLS has
+      already taken care of confidentiality and authentication.
+    - Add a new config option TestSocks so people can see if their
+      applications are using socks4, socks4a, socks5-with-ip, or
+      socks5-with-hostname. This way they don't have to keep mucking
+      with tcpdump and wondering if something got cached somewhere.
+    - Warn when listening on a public address for socks. I suspect a
+      lot of people are setting themselves up as open socks proxies,
+      and they have no idea that jerks on the Internet are using them,
+      since they simply proxy the traffic into the Tor network.
+    - Add "private:*" as an alias in configuration for policies. Now
+      you can simplify your exit policy rather than needing to list
+      every single internal or nonroutable network space.
+    - Add a new controller event type that allows controllers to get
+      all server descriptors that were uploaded to a router in its role
+      as authoritative dirserver.
+    - Start shipping socks-extensions.txt, tor-doc-unix.html,
+      tor-doc-server.html, and stylesheet.css in the tarball.
+    - Stop shipping tor-doc.html in the tarball.
+
+
+Changes in version 0.1.1.9-alpha - 2005-11-15
+  o Usability improvements:
+    - Start calling it FooListenAddress rather than FooBindAddress,
+      since few of our users know what it means to bind an address
+      or port.
+    - Reduce clutter in server logs. We're going to try to make
+      them actually usable now. New config option ProtocolWarnings that
+      lets you hear about how _other Tors_ are breaking the protocol. Off
+      by default.
+    - Divide log messages into logging domains. Once we put some sort
+      of interface on this, it will let people looking at more verbose
+      log levels specify the topics they want to hear more about.
+    - Make directory servers return better http 404 error messages
+      instead of a generic "Servers unavailable".
+    - Check for even more Windows version flags when writing the platform
+      string in server descriptors, and note any we don't recognize.
+    - Clean up more of the OpenSSL memory when exiting, so we can detect
+      memory leaks better.
+    - Make directory authorities be non-versioning, non-naming by
+      default. Now we can add new directory servers without requiring
+      their operators to pay close attention.
+    - When logging via syslog, include the pid whenever we provide
+      a log entry. Suggested by Todd Fries.
+
+  o Performance improvements:
+    - Directory servers now silently throw away new descriptors that
+      haven't changed much if the timestamps are similar. We do this to
+      tolerate older Tor servers that upload a new descriptor every 15
+      minutes. (It seemed like a good idea at the time.)
+    - Inline bottleneck smartlist functions; use fast versions by default.
+    - Add a "Map from digest to void*" abstraction digestmap_t so we
+      can do less hex encoding/decoding. Use it in router_get_by_digest()
+      to resolve a performance bottleneck.
+    - Allow tor_gzip_uncompress to extract as much as possible from
+      truncated compressed data. Try to extract as many
+      descriptors as possible from truncated http responses (when
+      DIR_PURPOSE_FETCH_ROUTERDESC).
+    - Make circ->onionskin a pointer, not a static array. moria2 was using
+      125000 circuit_t's after it had been up for a few weeks, which
+      translates to 20+ megs of wasted space.
+    - The private half of our EDH handshake keys are now chosen out
+      of 320 bits, not 1024 bits. (Suggested by Ian Goldberg.)
+
+  o Security improvements:
+    - Start making directory caches retain old routerinfos, so soon
+      clients can start asking by digest of descriptor rather than by
+      fingerprint of server.
+    - Add half our entropy from RAND_poll in OpenSSL. This knows how
+      to use egd (if present), openbsd weirdness (if present), vms/os2
+      weirdness (if we ever port there), and more in the future.
+
+  o Bugfixes on 0.1.0.x:
+    - Do round-robin writes of at most 16 kB per write. This might be
+      more fair on loaded Tor servers, and it might resolve our Windows
+      crash bug. It might also slow things down.
+    - Our TLS handshakes were generating a single public/private
+      keypair for the TLS context, rather than making a new one for
+      each new connections. Oops. (But we were still rotating them
+      periodically, so it's not so bad.)
+    - When we were cannibalizing a circuit with a particular exit
+      node in mind, we weren't checking to see if that exit node was
+      already present earlier in the circuit. Oops.
+    - When a Tor server's IP changes (e.g. from a dyndns address),
+      upload a new descriptor so clients will learn too.
+    - Really busy servers were keeping enough circuits open on stable
+      connections that they were wrapping around the circuit_id
+      space. (It's only two bytes.) This exposed a bug where we would
+      feel free to reuse a circuit_id even if it still exists but has
+      been marked for close. Try to fix this bug. Some bug remains.
+    - If we would close a stream early (e.g. it asks for a .exit that
+      we know would refuse it) but the LeaveStreamsUnattached config
+      option is set by the controller, then don't close it.
+
+  o Bugfixes on 0.1.1.8-alpha:
+    - Fix a big pile of memory leaks, some of them serious.
+    - Do not try to download a routerdesc if we would immediately reject
+      it as obsolete.
+    - Resume inserting a newline between all router descriptors when
+      generating (old style) signed directories, since our spec says
+      we do.
+    - When providing content-type application/octet-stream for
+      server descriptors using .z, we were leaving out the
+      content-encoding header. Oops. (Everything tolerated this just
+      fine, but that doesn't mean we need to be part of the problem.)
+    - Fix a potential seg fault in getconf and getinfo using version 1
+      of the controller protocol.
+    - Avoid crash: do not check whether DirPort is reachable when we
+      are suppressing it because of hibernation.
+    - Make --hash-password not crash on exit.
+
+
+Changes in version 0.1.1.8-alpha - 2005-10-07
+  o New features (major):
+    - Clients don't download or use the directory anymore. Now they
+      download and use network-statuses from the trusted dirservers,
+      and fetch individual server descriptors as needed from mirrors.
+      See dir-spec.txt for all the gory details.
+    - Be more conservative about whether to advertise our DirPort.
+      The main change is to not advertise if we're running at capacity
+      and either a) we could hibernate or b) our capacity is low and
+      we're using a default DirPort.
+    - Use OpenSSL's AES when OpenSSL has version 0.9.7 or later.
+
+  o New features (minor):
+    - Try to be smart about when to retry network-status and
+      server-descriptor fetches. Still needs some tuning.
+    - Stop parsing, storing, or using running-routers output (but
+      mirrors still cache and serve it).
+    - Consider a threshold of versioning dirservers (dirservers who have
+      an opinion about which Tor versions are still recommended) before
+      deciding whether to warn the user that he's obsolete.
+    - Dirservers can now reject/invalidate by key and IP, with the
+      config options "AuthDirInvalid" and "AuthDirReject". This is
+      useful since currently we automatically list servers as running
+      and usable even if we know they're jerks.
+    - Provide dire warnings to any users who set DirServer; move it out
+      of torrc.sample and into torrc.complete.
+    - Add MyFamily to torrc.sample in the server section.
+    - Add nicknames to the DirServer line, so we can refer to them
+      without requiring all our users to memorize their IP addresses.
+    - When we get an EOF or a timeout on a directory connection, note
+      how many bytes of serverdesc we are dropping. This will help
+      us determine whether it is smart to parse incomplete serverdesc
+      responses.
+    - Add a new function to "change pseudonyms" -- that is, to stop
+      using any currently-dirty circuits for new streams, so we don't
+      link new actions to old actions. Currently it's only called on
+      HUP (or SIGNAL RELOAD).
+    - On sighup, if UseHelperNodes changed to 1, use new circuits.
+    - Start using RAND_bytes rather than RAND_pseudo_bytes from
+      OpenSSL. Also, reseed our entropy every hour, not just at
+      startup. And entropy in 512-bit chunks, not 160-bit chunks.
+
+  o Fixes on 0.1.1.7-alpha:
+    - Nobody ever implemented EVENT_ADDRMAP for control protocol
+      version 0, so don't let version 0 controllers ask for it.
+    - If you requested something with too many newlines via the
+      v1 controller protocol, you could crash tor.
+    - Fix a number of memory leaks, including some pretty serious ones.
+    - Re-enable DirPort testing again, so Tor servers will be willing
+      to advertise their DirPort if it's reachable.
+    - On TLS handshake, only check the other router's nickname against
+      its expected nickname if is_named is set.
+
+  o Fixes forward-ported from 0.1.0.15:
+    - Don't crash when we don't have any spare file descriptors and we
+      try to spawn a dns or cpu worker.
+    - Make the numbers in read-history and write-history into uint64s,
+      so they don't overflow and publish negatives in the descriptor.
+
+  o Fixes on 0.1.0.x:
+    - For the OS X package's modified privoxy config file, comment
+      out the "logfile" line so we don't log everything passed
+      through privoxy.
+    - We were whining about using socks4 or socks5-with-local-lookup
+      even when it's an IP in the "virtual" range we designed exactly
+      for this case.
+    - We were leaking some memory every time the client changes IPs.
+    - Never call free() on tor_malloc()d memory. This will help us
+      use dmalloc to detect memory leaks.
+    - Check for named servers when looking them up by nickname;
+      warn when we'recalling a non-named server by its nickname;
+      don't warn twice about the same name.
+    - Try to list MyFamily elements by key, not by nickname, and warn
+      if we've not heard of the server.
+    - Make windows platform detection (uname equivalent) smarter.
+    - It turns out sparc64 doesn't like unaligned access either.
+
+
+Changes in version 0.1.0.15 - 2005-09-23
+  o Bugfixes on 0.1.0.x:
+    - Reject ports 465 and 587 (spam targets) in default exit policy.
+    - Don't crash when we don't have any spare file descriptors and we
+      try to spawn a dns or cpu worker.
+    - Get rid of IgnoreVersion undocumented config option, and make us
+      only warn, never exit, when we're running an obsolete version.
+    - Don't try to print a null string when your server finds itself to
+      be unreachable and the Address config option is empty.
+    - Make the numbers in read-history and write-history into uint64s,
+      so they don't overflow and publish negatives in the descriptor.
+    - Fix a minor memory leak in smartlist_string_remove().
+    - We were only allowing ourselves to upload a server descriptor at
+      most every 20 minutes, even if it changed earlier than that.
+    - Clean up log entries that pointed to old URLs.
+
+
+Changes in version 0.1.1.7-alpha - 2005-09-14
+  o Fixes on 0.1.1.6-alpha:
+    - Exit servers were crashing when people asked them to make a
+      connection to an address not in their exit policy.
+    - Looking up a non-existent stream for a v1 control connection would
+      cause a segfault.
+    - Fix a seg fault if we ask a dirserver for a descriptor by
+      fingerprint but he doesn't know about him.
+    - SETCONF was appending items to linelists, not clearing them.
+    - SETCONF SocksBindAddress killed Tor if it fails to bind. Now back
+      out and refuse the setconf if it would fail.
+    - Downgrade the dirserver log messages when whining about
+      unreachability.
+
+  o New features:
+    - Add Peter Palfrader's check-tor script to tor/contrib/
+      It lets you easily check whether a given server (referenced by
+      nickname) is reachable by you.
+    - Numerous changes to move towards client-side v2 directories. Not
+      enabled yet.
+
+  o Fixes on 0.1.0.x:
+    - If the user gave tor an odd number of command-line arguments,
+      we were silently ignoring the last one. Now we complain and fail.
+      [This wins the oldest-bug prize -- this bug has been present since
+       November 2002, as released in Tor 0.0.0.]
+    - Do not use unaligned memory access on alpha, mips, or mipsel.
+      It *works*, but is very slow, so we treat them as if it doesn't.
+    - Retry directory requests if we fail to get an answer we like
+      from a given dirserver (we were retrying before, but only if
+      we fail to connect).
+    - When writing the RecommendedVersions line, sort them first.
+    - When the client asked for a rendezvous port that the hidden
+      service didn't want to provide, we were sending an IP address
+      back along with the end cell. Fortunately, it was zero. But stop
+      that anyway.
+    - Correct "your server is reachable" log entries to indicate that
+      it was self-testing that told us so.
+
+
+Changes in version 0.1.1.6-alpha - 2005-09-09
+  o Fixes on 0.1.1.5-alpha:
+    - We broke fascistfirewall in 0.1.1.5-alpha. Oops.
+    - Fix segfault in unit tests in 0.1.1.5-alpha. Oops.
+    - Fix bug with tor_memmem finding a match at the end of the string.
+    - Make unit tests run without segfaulting.
+    - Resolve some solaris x86 compile warnings.
+    - Handle duplicate lines in approved-routers files without warning.
+    - Fix bug where as soon as a server refused any requests due to his
+      exit policy (e.g. when we ask for localhost and he tells us that's
+      127.0.0.1 and he won't do it), we decided he wasn't obeying his
+      exit policy using him for any exits.
+    - Only do openssl hardware accelerator stuff if openssl version is
+      at least 0.9.7.
+
+  o New controller features/fixes:
+    - Add a "RESETCONF" command so you can set config options like
+      AllowUnverifiedNodes and LongLivedPorts to "". Also, if you give
+      a config option in the torrc with no value, then it clears it
+      entirely (rather than setting it to its default).
+    - Add a "GETINFO config-file" to tell us where torrc is.
+    - Avoid sending blank lines when GETINFO replies should be empty.
+    - Add a QUIT command for the controller (for using it manually).
+    - Fix a bug in SAVECONF that was adding default dirservers and
+      other redundant entries to the torrc file.
+
+  o Start on the new directory design:
+    - Generate, publish, cache, serve new network-status format.
+    - Publish individual descriptors (by fingerprint, by "all", and by
+      "tell me yours").
+    - Publish client and server recommended versions separately.
+    - Allow tor_gzip_uncompress() to handle multiple concatenated
+      compressed strings. Serve compressed groups of router
+      descriptors. The compression logic here could be more
+      memory-efficient.
+    - Distinguish v1 authorities (all currently trusted directories)
+      from v2 authorities (all trusted directories).
+    - Change DirServers config line to note which dirs are v1 authorities.
+    - Add configuration option "V1AuthoritativeDirectory 1" which
+      moria1, moria2, and tor26 should set.
+    - Remove option when getting directory cache to see whether they
+      support running-routers; they all do now. Replace it with one
+      to see whether caches support v2 stuff.
+
+  o New features:
+    - Dirservers now do their own external reachability testing of each
+      Tor server, and only list them as running if they've been found to
+      be reachable. We also send back warnings to the server's logs if
+      it uploads a descriptor that we already believe is unreachable.
+    - Implement exit enclaves: if we know an IP address for the
+      destination, and there's a running Tor server at that address
+      which allows exit to the destination, then extend the circuit to
+      that exit first. This provides end-to-end encryption and end-to-end
+      authentication. Also, if the user wants a .exit address or enclave,
+      use 4 hops rather than 3, and cannibalize a general circ for it
+      if you can.
+    - Permit transitioning from ORPort=0 to ORPort!=0, and back, from the
+      controller. Also, rotate dns and cpu workers if the controller
+      changes options that will affect them; and initialize the dns
+      worker cache tree whether or not we start out as a server.
+    - Only upload a new server descriptor when options change, 18
+      hours have passed, uptime is reset, or bandwidth changes a lot.
+    - Check [X-]Forwarded-For headers in HTTP requests when generating
+      log messages. This lets people run dirservers (and caches) behind
+      Apache but still know which IP addresses are causing warnings.
+
+  o Config option changes:
+    - Replace (Fascist)Firewall* config options with a new
+      ReachableAddresses option that understands address policies.
+      For example, "ReachableAddresses *:80,*:443"
+    - Get rid of IgnoreVersion undocumented config option, and make us
+      only warn, never exit, when we're running an obsolete version.
+    - Make MonthlyAccountingStart config option truly obsolete now.
+
+  o Fixes on 0.1.0.x:
+    - Reject ports 465 and 587 in the default exit policy, since
+      people have started using them for spam too.
+    - It turns out we couldn't bootstrap a network since we added
+      reachability detection in 0.1.0.1-rc. Good thing the Tor network
+      has never gone down. Add an AssumeReachable config option to let
+      servers and dirservers bootstrap. When we're trying to build a
+      high-uptime or high-bandwidth circuit but there aren't enough
+      suitable servers, try being less picky rather than simply failing.
+    - Our logic to decide if the OR we connected to was the right guy
+      was brittle and maybe open to a mitm for unverified routers.
+    - We weren't cannibalizing circuits correctly for
+      CIRCUIT_PURPOSE_C_ESTABLISH_REND and
+      CIRCUIT_PURPOSE_S_ESTABLISH_INTRO, so we were being forced to
+      build those from scratch. This should make hidden services faster.
+    - Predict required circuits better, with an eye toward making hidden
+      services faster on the service end.
+    - Retry streams if the exit node sends back a 'misc' failure. This
+      should result in fewer random failures. Also, after failing
+      from resolve failed or misc, reset the num failures, so we give
+      it a fair shake next time we try.
+    - Clean up the rendezvous warn log msgs, and downgrade some to info.
+    - Reduce severity on logs about dns worker spawning and culling.
+    - When we're shutting down and we do something like try to post a
+      server descriptor or rendezvous descriptor, don't complain that
+      we seem to be unreachable. Of course we are, we're shutting down.
+    - Add TTLs to RESOLVED, CONNECTED, and END_REASON_EXITPOLICY cells.
+      We don't use them yet, but maybe one day our DNS resolver will be
+      able to discover them.
+    - Make ContactInfo mandatory for authoritative directory servers.
+    - Require server descriptors to list IPv4 addresses -- hostnames
+      are no longer allowed. This also fixes some potential security
+      problems with people providing hostnames as their address and then
+      preferentially resolving them to partition users.
+    - Change log line for unreachability to explicitly suggest /etc/hosts
+      as the culprit. Also make it clearer what IP address and ports we're
+      testing for reachability.
+    - Put quotes around user-supplied strings when logging so users are
+      more likely to realize if they add bad characters (like quotes)
+      to the torrc.
+    - Let auth dir servers start without specifying an Address config
+      option.
+    - Make unit tests (and other invocations that aren't the real Tor)
+      run without launching listeners, creating subdirectories, and so on.
+
+
+Changes in version 0.1.1.5-alpha - 2005-08-08
+  o Bugfixes included in 0.1.0.14.
+
+  o Bugfixes on 0.1.0.x:
+    - If you write "HiddenServicePort 6667 127.0.0.1 6668" in your
+      torrc rather than "HiddenServicePort 6667 127.0.0.1:6668",
+      it would silently using ignore the 6668.
+
+
+Changes in version 0.1.0.14 - 2005-08-08
+  o Bugfixes on 0.1.0.x:
+      - Fix the other half of the bug with crypto handshakes
+        (CVE-2005-2643).
+      - Fix an assert trigger if you send a 'signal term' via the
+        controller when it's listening for 'event info' messages.
+
+
+Changes in version 0.1.1.4-alpha - 2005-08-04
+  o Bugfixes included in 0.1.0.13.
+
+  o Features:
+    - Improve tor_gettimeofday() granularity on windows.
+    - Make clients regenerate their keys when their IP address changes.
+    - Implement some more GETINFO goodness: expose helper nodes, config
+      options, getinfo keys.
+
+
+Changes in version 0.1.0.13 - 2005-08-04
+  o Bugfixes on 0.1.0.x:
+    - Fix a critical bug in the security of our crypto handshakes.
+    - Fix a size_t underflow in smartlist_join_strings2() that made
+      it do bad things when you hand it an empty smartlist.
+    - Fix Windows installer to ship Tor license (thanks to Aphex for
+      pointing out this oversight) and put a link to the doc directory
+      in the start menu.
+    - Explicitly set no-unaligned-access for sparc: it turns out the
+      new gcc's let you compile broken code, but that doesn't make it
+      not-broken.
+
+
+Changes in version 0.1.1.3-alpha - 2005-07-23
+  o Bugfixes on 0.1.1.2-alpha:
+    - Fix a bug in handling the controller's "post descriptor"
+      function.
+    - Fix several bugs in handling the controller's "extend circuit"
+      function.
+    - Fix a bug in handling the controller's "stream status" event.
+    - Fix an assert failure if we have a controller listening for
+      circuit events and we go offline.
+    - Re-allow hidden service descriptors to publish 0 intro points.
+    - Fix a crash when generating your hidden service descriptor if
+      you don't have enough intro points already.
+
+  o New features on 0.1.1.2-alpha:
+    - New controller function "getinfo accounting", to ask how
+      many bytes we've used in this time period.
+    - Experimental support for helper nodes: a lot of the risk from
+      a small static adversary comes because users pick new random
+      nodes every time they rebuild a circuit. Now users will try to
+      stick to the same small set of entry nodes if they can. Not
+      enabled by default yet.
+
+  o Bugfixes on 0.1.0.12:
+    - If you're an auth dir server, always publish your dirport,
+      even if you haven't yet found yourself to be reachable.
+    - Fix a size_t underflow in smartlist_join_strings2() that made
+      it do bad things when you hand it an empty smartlist.
+
+
+Changes in version 0.1.0.12 - 2005-07-18
+  o New directory servers:
+      - tor26 has changed IP address.
+
+  o Bugfixes on 0.1.0.x:
+    - Fix a possible double-free in tor_gzip_uncompress().
+    - When --disable-threads is set, do not search for or link against
+      pthreads libraries.
+    - Don't trigger an assert if an authoritative directory server
+      claims its dirport is 0.
+    - Fix bug with removing Tor as an NT service: some people were
+      getting "The service did not return an error." Thanks to Matt
+      Edman for the fix.
+
+
+Changes in version 0.1.1.2-alpha - 2005-07-15
+  o New directory servers:
+    - tor26 has changed IP address.
+
+  o Bugfixes on 0.1.0.x, crashes/leaks:
+    - Port the servers-not-obeying-their-exit-policies fix from
+      0.1.0.11.
+    - Fix an fd leak in start_daemon().
+    - On Windows, you can't always reopen a port right after you've
+      closed it. So change retry_listeners() to only close and re-open
+      ports that have changed.
+    - Fix a possible double-free in tor_gzip_uncompress().
+
+  o Bugfixes on 0.1.0.x, usability:
+    - When tor_socketpair() fails in Windows, give a reasonable
+      Windows-style errno back.
+    - Let people type "tor --install" as well as "tor -install" when
+      they
+      want to make it an NT service.
+    - NT service patch from Matt Edman to improve error messages.
+    - When the controller asks for a config option with an abbreviated
+      name, give the full name in our response.
+    - Correct the man page entry on TrackHostExitsExpire.
+    - Looks like we were never delivering deflated (i.e. compressed)
+      running-routers lists, even when asked. Oops.
+    - When --disable-threads is set, do not search for or link against
+      pthreads libraries.
+
+  o Bugfixes on 0.1.1.x:
+    - Fix a seg fault with autodetecting which controller version is
+      being used.
+
+  o Features:
+    - New hidden service descriptor format: put a version in it, and
+      let people specify introduction/rendezvous points that aren't
+      in "the directory" (which is subjective anyway).
+    - Allow the DEBUG controller event to work again. Mark certain log
+      entries as "don't tell this to controllers", so we avoid cycles.
+
+
+Changes in version 0.1.0.11 - 2005-06-30
+  o Bugfixes on 0.1.0.x:
+    - Fix major security bug: servers were disregarding their
+      exit policies if clients behaved unexpectedly.
+    - Make OS X init script check for missing argument, so we don't
+      confuse users who invoke it incorrectly.
+    - Fix a seg fault in "tor --hash-password foo".
+    - The MAPADDRESS control command was broken.
+
+
+Changes in version 0.1.1.1-alpha - 2005-06-29
+  o Bugfixes:
+    - Make OS X init script check for missing argument, so we don't
+      confuse users who invoke it incorrectly.
+    - Fix a seg fault in "tor --hash-password foo".
+    - Fix a possible way to DoS dirservers.
+    - When we complain that your exit policy implicitly allows local or
+      private address spaces, name them explicitly so operators can
+      fix it.
+    - Make the log message less scary when all the dirservers are
+      temporarily unreachable.
+    - We were printing the number of idle dns workers incorrectly when
+      culling them.
+
+  o Features:
+    - Revised controller protocol (version 1) that uses ascii rather
+      than binary. Add supporting libraries in python and java so you
+      can use the controller from your applications without caring how
+      our protocol works.
+    - Spiffy new support for crypto hardware accelerators. Can somebody
+      test this?
+
+
+Changes in version 0.0.9.10 - 2005-06-16
+  o Bugfixes on 0.0.9.x (backported from 0.1.0.10):
+    - Refuse relay cells that claim to have a length larger than the
+      maximum allowed. This prevents a potential attack that could read
+      arbitrary memory (e.g. keys) from an exit server's process
+      (CVE-2005-2050).
+
+
+Changes in version 0.1.0.10 - 2005-06-14
+  o Allow a few EINVALs from libevent before dying. Warn on kqueue with
+    libevent before 1.1a.
+
+
+Changes in version 0.1.0.9-rc - 2005-06-09
+  o Bugfixes:
+    - Reset buf->highwater every time buf_shrink() is called, not just on
+      a successful shrink. This was causing significant memory bloat.
+    - Fix buffer overflow when checking hashed passwords.
+    - Security fix: if seeding the RNG on Win32 fails, quit.
+    - Allow seeding the RNG on Win32 even when you're not running as
+      Administrator.
+    - Disable threading on Solaris too. Something is wonky with it,
+      cpuworkers, and reentrant libs.
+    - Reenable the part of the code that tries to flush as soon as an
+      OR outbuf has a full TLS record available. Perhaps this will make
+      OR outbufs not grow as huge except in rare cases, thus saving lots
+      of CPU time plus memory.
+    - Reject malformed .onion addresses rather then passing them on as
+      normal web requests.
+    - Adapt patch from Adam Langley: fix possible memory leak in
+      tor_lookup_hostname().
+    - Initialize libevent later in the startup process, so the logs are
+      already established by the time we start logging libevent warns.
+    - Use correct errno on win32 if libevent fails.
+    - Check and warn about known-bad/slow libevent versions.
+    - Pay more attention to the ClientOnly config option.
+    - Have torctl.in/tor.sh.in check for location of su binary (needed
+      on FreeBSD)
+    - Correct/add man page entries for LongLivedPorts, ExitPolicy,
+      KeepalivePeriod, ClientOnly, NoPublish, HttpProxy, HttpsProxy,
+      HttpProxyAuthenticator
+    - Stop warning about sigpipes in the logs. We're going to
+      pretend that getting these occasionally is normal and fine.
+    - Resolve OS X installer bugs: stop claiming to be 0.0.9.2 in
+      certain
+      installer screens; and don't put stuff into StartupItems unless
+      the user asks you to.
+    - Require servers that use the default dirservers to have public IP
+      addresses. We have too many servers that are configured with private
+      IPs and their admins never notice the log entries complaining that
+      their descriptors are being rejected.
+    - Add OSX uninstall instructions. An actual uninstall script will
+      come later.
+
+
+Changes in version 0.1.0.8-rc - 2005-05-23
+  o Bugfixes:
+    - It turns out that kqueue on OS X 10.3.9 was causing kernel
+      panics. Disable kqueue on all OS X Tors.
+    - Fix RPM: remove duplicate line accidentally added to the rpm
+      spec file.
+    - Disable threads on openbsd too, since its gethostaddr is not
+      reentrant either.
+    - Tolerate libevent 0.8 since it still works, even though it's
+      ancient.
+    - Enable building on Red Hat 9.0 again.
+    - Allow the middle hop of the testing circuit to be running any
+      version, now that most of them have the bugfix to let them connect
+      to unknown servers. This will allow reachability testing to work
+      even when 0.0.9.7-0.0.9.9 become obsolete.
+    - Handle relay cells with rh.length too large. This prevents
+      a potential attack that could read arbitrary memory (maybe even
+      keys) from the exit server's process.
+    - We screwed up the dirport reachability testing when we don't yet
+      have a cached version of the directory. Hopefully now fixed.
+    - Clean up router_load_single_router() (used by the controller),
+      so it doesn't seg fault on error.
+    - Fix a minor memory leak when somebody establishes an introduction
+      point at your Tor server.
+    - If a socks connection ends because read fails, don't warn that
+      you're not sending a socks reply back.
+
+  o Features:
+    - Add HttpProxyAuthenticator config option too, that works like
+      the HttpsProxyAuthenticator config option.
+    - Encode hashed controller passwords in hex instead of base64,
+      to make it easier to write controllers.
+
+
+Changes in version 0.1.0.7-rc - 2005-05-17
+  o Bugfixes:
+    - Fix a bug in the OS X package installer that prevented it from
+      installing on Tiger.
+    - Fix a script bug in the OS X package installer that made it
+      complain during installation.
+    - Find libevent even if it's hiding in /usr/local/ and your
+      CFLAGS and LDFLAGS don't tell you to look there.
+    - Be able to link with libevent as a shared library (the default
+      after 1.0d), even if it's hiding in /usr/local/lib and even
+      if you haven't added /usr/local/lib to your /etc/ld.so.conf,
+      assuming you're running gcc. Otherwise fail and give a useful
+      error message.
+    - Fix a bug in the RPM packager: set home directory for _tor to
+      something more reasonable when first installing.
+    - Free a minor amount of memory that is still reachable on exit.
+
+
+Changes in version 0.1.0.6-rc - 2005-05-14
+  o Bugfixes:
+    - Implement --disable-threads configure option. Disable threads on
+      netbsd by default, because it appears to have no reentrant resolver
+      functions.
+    - Apple's OS X 10.4.0 ships with a broken kqueue. The new libevent
+      release (1.1) detects and disables kqueue if it's broken.
+    - Append default exit policy before checking for implicit internal
+      addresses. Now we don't log a bunch of complaints on startup
+      when using the default exit policy.
+    - Some people were putting "Address  " in their torrc, and they had
+      a buggy resolver that resolved " " to 0.0.0.0. Oops.
+    - If DataDir is ~/.tor, and that expands to /.tor, then default to
+      LOCALSTATEDIR/tor instead.
+    - Fix fragmented-message bug in TorControl.py.
+    - Resolve a minor bug which would prevent unreachable dirports
+      from getting suppressed in the published descriptor.
+    - When the controller gave us a new descriptor, we weren't resolving
+      it immediately, so Tor would think its address was 0.0.0.0 until
+      we fetched a new directory.
+    - Fix an uppercase/lowercase case error in suppressing a bogus
+      libevent warning on some Linuxes.
+
+  o Features:
+    - Begin scrubbing sensitive strings from logs by default. Turn off
+      the config option SafeLogging if you need to do debugging.
+    - Switch to a new buffer management algorithm, which tries to avoid
+      reallocing and copying quite as much. In first tests it looks like
+      it uses *more* memory on average, but less cpu.
+    - First cut at support for "create-fast" cells. Clients can use
+      these when extending to their first hop, since the TLS already
+      provides forward secrecy and authentication. Not enabled on
+      clients yet.
+    - When dirservers refuse a router descriptor, we now log its
+      contactinfo, platform, and the poster's IP address.
+    - Call tor_free_all instead of connections_free_all after forking, to
+      save memory on systems that need to fork.
+    - Whine at you if you're a server and you don't set your contactinfo.
+    - Implement --verify-config command-line option to check if your torrc
+      is valid without actually launching Tor.
+    - Rewrite address "serifos.exit" to "localhost.serifos.exit"
+      rather than just rejecting it.
+
+
+Changes in version 0.1.0.5-rc - 2005-04-27
+  o Bugfixes:
+    - Stop trying to print a null pointer if an OR conn fails because
+      we didn't like its cert.
+  o Features:
+    - Switch our internal buffers implementation to use a ring buffer,
+      to hopefully improve performance for fast servers a lot.
+    - Add HttpsProxyAuthenticator support (basic auth only), based
+      on patch from Adam Langley.
+    - Bump the default BandwidthRate from 1 MB to 2 MB, to accommodate
+      the fast servers that have been joining lately.
+    - Give hidden service accesses extra time on the first attempt,
+      since 60 seconds is often only barely enough. This might improve
+      robustness more.
+    - Improve performance for dirservers: stop re-parsing the whole
+      directory every time you regenerate it.
+    - Add more debugging info to help us find the weird dns freebsd
+      pthreads bug; cleaner debug messages to help track future issues.
+
+
+Changes in version 0.0.9.9 - 2005-04-23
+  o Bugfixes on 0.0.9.x:
+    - If unofficial Tor clients connect and send weird TLS certs, our
+      Tor server triggers an assert. This release contains a minimal
+      backport from the broader fix that we put into 0.1.0.4-rc.
+
+
+Changes in version 0.1.0.4-rc - 2005-04-23
+  o Bugfixes:
+    - If unofficial Tor clients connect and send weird TLS certs, our
+      Tor server triggers an assert. Stop asserting, and start handling
+      TLS errors better in other situations too.
+    - When the controller asks us to tell it about all the debug-level
+      logs, it turns out we were generating debug-level logs while
+      telling it about them, which turns into a bad loop. Now keep
+      track of whether you're sending a debug log to the controller,
+      and don't log when you are.
+    - Fix the "postdescriptor" feature of the controller interface: on
+      non-complete success, only say "done" once.
+  o Features:
+    - Clients are now willing to load balance over up to 2mB, not 1mB,
+      of advertised bandwidth capacity.
+    - Add a NoPublish config option, so you can be a server (e.g. for
+      testing running Tor servers in other Tor networks) without
+      publishing your descriptor to the primary dirservers.
+
+
+Changes in version 0.1.0.3-rc - 2005-04-08
+  o Improvements on 0.1.0.2-rc:
+    - Client now retries when streams end early for 'hibernating' or
+      'resource limit' reasons, rather than failing them.
+    - More automated handling for dirserver operators:
+      - Automatically approve nodes running 0.1.0.2-rc or later,
+        now that the the reachability detection stuff is working.
+      - Now we allow two unverified servers with the same nickname
+        but different keys. But if a nickname is verified, only that
+        nickname+key are allowed.
+      - If you're an authdirserver connecting to an address:port,
+        and it's not the OR you were expecting, forget about that
+        descriptor. If he *was* the one you were expecting, then forget
+        about all other descriptors for that address:port.
+      - Allow servers to publish descriptors from 12 hours in the future.
+        Corollary: only whine about clock skew from the dirserver if
+        he's a trusted dirserver (since now even verified servers could
+        have quite wrong clocks).
+    - Adjust maximum skew and age for rendezvous descriptors: let skew
+      be 48 hours rather than 90 minutes.
+    - Efficiency improvements:
+      - Keep a big splay tree of (circid,orconn)->circuit mappings to make
+        it much faster to look up a circuit for each relay cell.
+      - Remove most calls to assert_all_pending_dns_resolves_ok(),
+        since they're eating our cpu on exit nodes.
+      - Stop wasting time doing a case insensitive comparison for every
+        dns name every time we do any lookup. Canonicalize the names to
+        lowercase and be done with it.
+    - Start sending 'truncated' cells back rather than destroy cells,
+      if the circuit closes in front of you. This means we won't have
+      to abandon partially built circuits.
+    - Only warn once per nickname from add_nickname_list_to_smartlist
+      per failure, so an entrynode or exitnode choice that's down won't
+      yell so much.
+    - Put a note in the torrc about abuse potential with the default
+      exit policy.
+    - Revise control spec and implementation to allow all log messages to
+      be sent to controller with their severities intact (suggested by
+      Matt Edman). Update TorControl to handle new log event types.
+    - Provide better explanation messages when controller's POSTDESCRIPTOR
+      fails.
+    - Stop putting nodename in the Platform string in server descriptors.
+      It doesn't actually help, and it is confusing/upsetting some people.
+
+  o Bugfixes on 0.1.0.2-rc:
+    - We were printing the host mask wrong in exit policies in server
+      descriptors. This isn't a critical bug though, since we were still
+      obeying the exit policy internally.
+    - Fix Tor when compiled with libevent but without pthreads: move
+      connection_unregister() from _connection_free() to
+      connection_free().
+    - Fix an assert trigger (already fixed in 0.0.9.x): when we have
+      the rare mysterious case of accepting a conn on 0.0.0.0:0, then
+      when we look through the connection array, we'll find any of the
+      cpu/dnsworkers. This is no good.
+
+  o Bugfixes on 0.0.9.8:
+    - Fix possible bug on threading platforms (e.g. win32) which was
+      leaking a file descriptor whenever a cpuworker or dnsworker died.
+    - When using preferred entry or exit nodes, ignore whether the
+      circuit wants uptime or capacity. They asked for the nodes, they
+      get the nodes.
+    - chdir() to your datadirectory at the *end* of the daemonize process,
+      not the beginning. This was a problem because the first time you
+      run tor, if your datadir isn't there, and you have runasdaemon set
+      to 1, it will try to chdir to it before it tries to create it. Oops.
+    - Handle changed router status correctly when dirserver reloads
+      fingerprint file. We used to be dropping all unverified descriptors
+      right then. The bug was hidden because we would immediately
+      fetch a directory from another dirserver, which would include the
+      descriptors we just dropped.
+    - When we're connecting to an OR and he's got a different nickname/key
+      than we were expecting, only complain loudly if we're an OP or a
+      dirserver. Complaining loudly to the OR admins just confuses them.
+    - Tie MAX_DIR_SIZE to MAX_BUF_SIZE, so now directory sizes won't get
+      artificially capped at 500kB.
+
+
+Changes in version 0.0.9.8 - 2005-04-07
+  o Bugfixes on 0.0.9.x:
+    - We have a bug that I haven't found yet. Sometimes, very rarely,
+      cpuworkers get stuck in the 'busy' state, even though the cpuworker
+      thinks of itself as idle. This meant that no new circuits ever got
+      established. Here's a workaround to kill any cpuworker that's been
+      busy for more than 100 seconds.
+
+
+Changes in version 0.1.0.2-rc - 2005-04-01
+  o Bugfixes on 0.1.0.1-rc:
+    - Fixes on reachability detection:
+      - Don't check for reachability while hibernating.
+      - If ORPort is reachable but DirPort isn't, still publish the
+        descriptor, but zero out DirPort until it's found reachable.
+      - When building testing circs for ORPort testing, use only
+        high-bandwidth nodes, so fewer circuits fail.
+      - Complain about unreachable ORPort separately from unreachable
+        DirPort, so the user knows what's going on.
+      - Make sure we only conclude ORPort reachability if we didn't
+        initiate the conn. Otherwise we could falsely conclude that
+        we're reachable just because we connected to the guy earlier
+        and he used that same pipe to extend to us.
+      - Authdirservers shouldn't do ORPort reachability detection,
+        since they're in clique mode, so it will be rare to find a
+        server not already connected to them.
+      - When building testing circuits, always pick middle hops running
+        Tor 0.0.9.7, so we avoid the "can't extend to unknown routers"
+        bug. (This is a kludge; it will go away when 0.0.9.x becomes
+        obsolete.)
+      - When we decide we're reachable, actually publish our descriptor
+        right then.
+    - Fix bug in redirectstream in the controller.
+    - Fix the state descriptor strings so logs don't claim edge streams
+      are in a different state than they actually are.
+    - Use recent libevent features when possible (this only really affects
+      win32 and osx right now, because the new libevent with these
+      features hasn't been released yet). Add code to suppress spurious
+      libevent log msgs.
+    - Prevent possible segfault in connection_close_unattached_ap().
+    - Fix newlines on torrc in win32.
+    - Improve error msgs when tor-resolve fails.
+
+  o Improvements on 0.0.9.x:
+    - New experimental script tor/contrib/ExerciseServer.py (needs more
+      work) that uses the controller interface to build circuits and
+      fetch pages over them. This will help us bootstrap servers that
+      have lots of capacity but haven't noticed it yet.
+    - New experimental script tor/contrib/PathDemo.py (needs more work)
+      that uses the controller interface to let you choose whole paths
+      via addresses like
+      "...path"
+    - When we've connected to an OR and handshaked but didn't like
+      the result, we were closing the conn without sending destroy
+      cells back for pending circuits. Now send those destroys.
+
+
+Changes in version 0.0.9.7 - 2005-04-01
+  o Bugfixes on 0.0.9.x:
+    - Fix another race crash bug (thanks to Glenn Fink for reporting).
+    - Compare identity to identity, not to nickname, when extending to
+      a router not already in the directory. This was preventing us from
+      extending to unknown routers. Oops.
+    - Make sure to create OS X Tor user in <500 range, so we aren't
+      creating actual system users.
+    - Note where connection-that-hasn't-sent-end was marked, and fix
+      a few really loud instances of this harmless bug (it's fixed more
+      in 0.1.0.x).
+
+
+Changes in version 0.1.0.1-rc - 2005-03-28
+  o New features:
+    - Add reachability testing. Your Tor server will automatically try
+      to see if its ORPort and DirPort are reachable from the outside,
+      and it won't upload its descriptor until it decides they are.
+    - Handle unavailable hidden services better. Handle slow or busy
+      hidden services better.
+    - Add support for CONNECTing through https proxies, with "HttpsProxy"
+      config option.
+    - New exit policy: accept most low-numbered ports, rather than
+      rejecting most low-numbered ports.
+    - More Tor controller support (still experimental). See
+      http://tor.eff.org/doc/control-spec.txt for all the new features,
+      including signals to emulate unix signals from any platform;
+      redirectstream; extendcircuit; mapaddress; getinfo; postdescriptor;
+      closestream; closecircuit; etc.
+    - Make nt services work and start on startup on win32 (based on
+      patch by Matt Edman).
+    - Add a new AddressMap config directive to rewrite incoming socks
+      addresses. This lets you, for example, declare an implicit
+      required exit node for certain sites.
+    - Add a new TrackHostExits config directive to trigger addressmaps
+      for certain incoming socks addresses -- for sites that break when
+      your exit keeps changing (based on patch by Mike Perry).
+    - Redo the client-side dns cache so it's just an addressmap too.
+    - Notice when our IP changes, and reset stats/uptime/reachability.
+    - When an application is using socks5, give him the whole variety of
+      potential socks5 responses (connect refused, host unreachable, etc),
+      rather than just "success" or "failure".
+    - A more sane version numbering system. See
+      http://tor.eff.org/cvs/tor/doc/version-spec.txt for details.
+    - New contributed script "exitlist": a simple python script to
+      parse directories and find Tor nodes that exit to listed
+      addresses/ports.
+    - New contributed script "privoxy-tor-toggle" to toggle whether
+      Privoxy uses Tor. Seems to be configured for Debian by default.
+    - Report HTTP reasons to client when getting a response from directory
+      servers -- so you can actually know what went wrong.
+    - New config option MaxAdvertisedBandwidth which lets you advertise
+      a low bandwidthrate (to not attract as many circuits) while still
+      allowing a higher bandwidthrate in reality.
+
+  o Robustness/stability fixes:
+    - Make Tor use Niels Provos's libevent instead of its current
+      poll-but-sometimes-select mess. This will let us use faster async
+      cores (like epoll, kpoll, and /dev/poll), and hopefully work better
+      on Windows too.
+    - pthread support now too. This was forced because when we forked,
+      we ended up wasting a lot of duplicate ram over time. Also switch
+      to foo_r versions of some library calls to allow reentry and
+      threadsafeness.
+    - Better handling for heterogeneous / unreliable nodes:
+      - Annotate circuits w/ whether they aim to contain high uptime nodes
+        and/or high capacity nodes. When building circuits, choose
+        appropriate nodes.
+      - This means that every single node in an intro rend circuit,
+        not just the last one, will have a minimum uptime.
+      - New config option LongLivedPorts to indicate application streams
+        that will want high uptime circuits.
+      - Servers reset uptime when a dir fetch entirely fails. This
+        hopefully reflects stability of the server's network connectivity.
+      - If somebody starts his tor server in Jan 2004 and then fixes his
+        clock, don't make his published uptime be a year.
+      - Reset published uptime when you wake up from hibernation.
+    - Introduce a notion of 'internal' circs, which are chosen without
+      regard to the exit policy of the last hop. Intro and rendezvous
+      circs must be internal circs, to avoid leaking information. Resolve
+      and connect streams can use internal circs if they want.
+    - New circuit pooling algorithm: make sure to have enough circs around
+      to satisfy any predicted ports, and also make sure to have 2 internal
+      circs around if we've required internal circs lately (and with high
+      uptime if we've seen that lately too).
+    - Split NewCircuitPeriod option into NewCircuitPeriod (30 secs),
+      which describes how often we retry making new circuits if current
+      ones are dirty, and MaxCircuitDirtiness (10 mins), which describes
+      how long we're willing to make use of an already-dirty circuit.
+    - Cannibalize GENERAL circs to be C_REND, C_INTRO, S_INTRO, and S_REND
+      circ as necessary, if there are any completed ones lying around
+      when we try to launch one.
+    - Make hidden services try to establish a rendezvous for 30 seconds,
+      rather than for n (where n=3) attempts to build a circuit.
+    - Change SHUTDOWN_WAIT_LENGTH from a fixed 30 secs to a config option
+      "ShutdownWaitLength".
+    - Try to be more zealous about calling connection_edge_end when
+      things go bad with edge conns in connection.c.
+    - Revise tor-spec to add more/better stream end reasons.
+    - Revise all calls to connection_edge_end to avoid sending "misc",
+      and to take errno into account where possible.
+
+  o Bug fixes:
+    - Fix a race condition that can trigger an assert, when we have a
+      pending create cell and an OR connection fails right then.
+    - Fix several double-mark-for-close bugs, e.g. where we were finding
+      a conn for a cell even if that conn is already marked for close.
+    - Make sequence of log messages when starting on win32 with no config
+      file more reasonable.
+    - When choosing an exit node for a new non-internal circ, don't take
+      into account whether it'll be useful for any pending x.onion
+      addresses -- it won't.
+    - Turn addr_policy_compare from a tristate to a quadstate; this should
+      help address our "Ah, you allow 1.2.3.4:80. You are a good choice
+      for google.com" problem.
+    - Make "platform" string in descriptor more accurate for Win32 servers,
+      so it's not just "unknown platform".
+    - Fix an edge case in parsing config options (thanks weasel).
+      If they say "--" on the commandline, it's not an option.
+    - Reject odd-looking addresses at the client (e.g. addresses that
+      contain a colon), rather than having the server drop them because
+      they're malformed.
+    - tor-resolve requests were ignoring .exit if there was a working circuit
+      they could use instead.
+    - REUSEADDR on normal platforms means you can rebind to the port
+      right after somebody else has let it go. But REUSEADDR on win32
+      means to let you bind to the port _even when somebody else
+      already has it bound_! So, don't do that on Win32.
+    - Change version parsing logic: a version is "obsolete" if it is not
+      recommended and (1) there is a newer recommended version in the
+      same series, or (2) there are no recommended versions in the same
+      series, but there are some recommended versions in a newer series.
+      A version is "new" if it is newer than any recommended version in
+      the same series.
+    - Stop most cases of hanging up on a socks connection without sending
+      the socks reject.
+
+  o Helpful fixes:
+    - Require BandwidthRate to be at least 20kB/s for servers.
+    - When a dirserver causes you to give a warn, mention which dirserver
+      it was.
+    - New config option DirAllowPrivateAddresses for authdirservers.
+      Now by default they refuse router descriptors that have non-IP or
+      private-IP addresses.
+    - Stop publishing socksport in the directory, since it's not
+      actually meant to be public. For compatibility, publish a 0 there
+      for now.
+    - Change DirFetchPeriod/StatusFetchPeriod to have a special "Be
+      smart" value, that is low for servers and high for clients.
+    - If our clock jumps forward by 100 seconds or more, assume something
+      has gone wrong with our network and abandon all not-yet-used circs.
+    - Warn when exit policy implicitly allows local addresses.
+    - If we get an incredibly skewed timestamp from a dirserver mirror
+      that isn't a verified OR, don't warn -- it's probably him that's
+      wrong.
+    - Since we ship our own Privoxy on OS X, tweak it so it doesn't write
+      cookies to disk and doesn't log each web request to disk. (Thanks
+      to Brett Carrington for pointing this out.)
+    - When a client asks us for a dir mirror and we don't have one,
+      launch an attempt to get a fresh one.
+    - If we're hibernating and we get a SIGINT, exit immediately.
+    - Add --with-dmalloc ./configure option, to track memory leaks.
+    - And try to free all memory on closing, so we can detect what
+      we're leaking.
+    - Cache local dns resolves correctly even when they're .exit
+      addresses.
+    - Give a better warning when some other server advertises an
+      ORPort that is actually an apache running ssl.
+    - Add "opt hibernating 1" to server descriptor to make it clearer
+      whether the server is hibernating.
+
+
+Changes in version 0.0.9.6 - 2005-03-24
+  o Bugfixes on 0.0.9.x (crashes and asserts):
+    - Add new end stream reasons to maintenance branch. Fix bug where
+      reason (8) could trigger an assert. Prevent bug from recurring.
+    - Apparently win32 stat wants paths to not end with a slash.
+    - Fix assert triggers in assert_cpath_layer_ok(), where we were
+      blowing away the circuit that conn->cpath_layer points to, then
+      checking to see if the circ is well-formed. Backport check to make
+      sure we dont use the cpath on a closed connection.
+    - Prevent circuit_resume_edge_reading_helper() from trying to package
+      inbufs for marked-for-close streams.
+    - Don't crash on hup if your options->address has become unresolvable.
+    - Some systems (like OS X) sometimes accept() a connection and tell
+      you the remote host is 0.0.0.0:0. If this happens, due to some
+      other mis-features, we get confused; so refuse the conn for now.
+
+  o Bugfixes on 0.0.9.x (other):
+    - Fix harmless but scary "Unrecognized content encoding" warn message.
+    - Add new stream error reason: TORPROTOCOL reason means "you are not
+      speaking a version of Tor I understand; say bye-bye to your stream."
+    - Be willing to cache directories from up to ROUTER_MAX_AGE seconds
+      into the future, now that we are more tolerant of skew. This
+      resolves a bug where a Tor server would refuse to cache a directory
+      because all the directories it gets are too far in the future;
+      yet the Tor server never logs any complaints about clock skew.
+    - Mac packaging magic: make man pages useable, and do not overwrite
+      existing torrc files.
+    - Make OS X log happily to /var/log/tor/tor.log
+
+
+Changes in version 0.0.9.5 - 2005-02-22
+  o Bugfixes on 0.0.9.x:
+    - Fix an assert race at exit nodes when resolve requests fail.
+    - Stop picking unverified dir mirrors--it only leads to misery.
+    - Patch from Matt Edman to make NT services work better. Service
+      support is still not compiled into the executable by default.
+    - Patch from Dmitri Bely so the Tor service runs better under
+      the win32 SYSTEM account.
+    - Make tor-resolve actually work (?) on Win32.
+    - Fix a sign bug when getrlimit claims to have 4+ billion
+      file descriptors available.
+    - Stop refusing to start when bandwidthburst == bandwidthrate.
+    - When create cells have been on the onion queue more than five
+      seconds, just send back a destroy and take them off the list.
+
+
+Changes in version 0.0.9.4 - 2005-02-03
+  o Bugfixes on 0.0.9:
+    - Fix an assert bug that took down most of our servers: when
+      a server claims to have 1 GB of bandwidthburst, don't
+      freak out.
+    - Don't crash as badly if we have spawned the max allowed number
+      of dnsworkers, or we're out of file descriptors.
+    - Block more file-sharing ports in the default exit policy.
+    - MaxConn is now automatically set to the hard limit of max
+      file descriptors we're allowed (ulimit -n), minus a few for
+      logs, etc.
+    - Give a clearer message when servers need to raise their
+      ulimit -n when they start running out of file descriptors.
+    - SGI Compatibility patches from Jan Schaumann.
+    - Tolerate a corrupt cached directory better.
+    - When a dirserver hasn't approved your server, list which one.
+    - Go into soft hibernation after 95% of the bandwidth is used,
+      not 99%. This is especially important for daily hibernators who
+      have a small accounting max. Hopefully it will result in fewer
+      cut connections when the hard hibernation starts.
+    - Load-balance better when using servers that claim more than
+      800kB/s of capacity.
+    - Make NT services work (experimental, only used if compiled in).
+
+
+Changes in version 0.0.9.3 - 2005-01-21
+  o Bugfixes on 0.0.9:
+    - Backport the cpu use fixes from main branch, so busy servers won't
+      need as much processor time.
+    - Work better when we go offline and then come back, or when we
+      run Tor at boot before the network is up. We do this by
+      optimistically trying to fetch a new directory whenever an
+      application request comes in and we think we're offline -- the
+      human is hopefully a good measure of when the network is back.
+    - Backport some minimal hidserv bugfixes: keep rend circuits open as
+      long as you keep using them; actually publish hidserv descriptors
+      shortly after they change, rather than waiting 20-40 minutes.
+    - Enable Mac startup script by default.
+    - Fix duplicate dns_cancel_pending_resolve reported by Giorgos Pallas.
+    - When you update AllowUnverifiedNodes or FirewallPorts via the
+      controller's setconf feature, we were always appending, never
+      resetting.
+    - When you update HiddenServiceDir via setconf, it was screwing up
+      the order of reading the lines, making it fail.
+    - Do not rewrite a cached directory back to the cache; otherwise we
+      will think it is recent and not fetch a newer one on startup.
+    - Workaround for webservers that lie about Content-Encoding: Tor
+      now tries to autodetect compressed directories and compression
+      itself. This lets us Proxypass dir fetches through apache.
+
+
+Changes in version 0.0.9.2 - 2005-01-04
+  o Bugfixes on 0.0.9 (crashes and asserts):
+    - Fix an assert on startup when the disk is full and you're logging
+      to a file.
+    - If you do socks4 with an IP of 0.0.0.x but *don't* provide a socks4a
+      style address, then we'd crash.
+    - Fix an assert trigger when the running-routers string we get from
+      a dirserver is broken.
+    - Make worker threads start and run on win32. Now win32 servers
+      may work better.
+    - Bandaid (not actually fix, but now it doesn't crash) an assert
+      where the dns worker dies mysteriously and the main Tor process
+      doesn't remember anything about the address it was resolving.
+
+  o Bugfixes on 0.0.9 (Win32):
+    - Workaround for brain-damaged __FILE__ handling on MSVC: keep Nick's
+      name out of the warning/assert messages.
+    - Fix a superficial "unhandled error on read" bug on win32.
+    - The win32 installer no longer requires a click-through for our
+      license, since our Free Software license grants rights but does not
+      take any away.
+    - Win32: When connecting to a dirserver fails, try another one
+      immediately. (This was already working for non-win32 Tors.)
+    - Stop trying to parse $HOME on win32 when hunting for default
+      DataDirectory.
+    - Make tor-resolve.c work on win32 by calling network_init().
+
+  o Bugfixes on 0.0.9 (other):
+    - Make 0.0.9.x build on Solaris again.
+    - Due to a fencepost error, we were blowing away the \n when reporting
+      confvalue items in the controller. So asking for multiple config
+      values at once couldn't work.
+    - When listing circuits that are pending on an opening OR connection,
+      if we're an OR we were listing circuits that *end* at us as
+      being pending on every listener, dns/cpu worker, etc. Stop that.
+    - Dirservers were failing to create 'running-routers' or 'directory'
+      strings if we had more than some threshold of routers. Fix them so
+      they can handle any number of routers.
+    - Fix a superficial "Duplicate mark for close" bug.
+    - Stop checking for clock skew for OR connections, even for servers.
+    - Fix a fencepost error that was chopping off the last letter of any
+      nickname that is the maximum allowed nickname length.
+    - Update URLs in log messages so they point to the new website.
+    - Fix a potential problem in mangling server private keys while
+      writing to disk (not triggered yet, as far as we know).
+    - Include the licenses for other free software we include in Tor,
+      now that we're shipping binary distributions more regularly.
+
+
+Changes in version 0.0.9.1 - 2004-12-15
+  o Bugfixes on 0.0.9:
+    - Make hibernation actually work.
+    - Make HashedControlPassword config option work.
+    - When we're reporting event circuit status to a controller,
+      don't use the stream status code.
+
+
+Changes in version 0.0.9 - 2004-12-12
+  o Cleanups:
+    - Clean up manpage and torrc.sample file.
+    - Clean up severities and text of log warnings.
+  o Mistakes:
+    - Make servers trigger an assert when they enter hibernation.
+
+
+Changes in version 0.0.9rc7 - 2004-12-08
+  o Bugfixes on 0.0.9rc:
+    - Fix a stack-trashing crash when an exit node begins hibernating.
+    - Avoid looking at unallocated memory while considering which
+      ports we need to build circuits to cover.
+    - Stop a sigpipe: when an 'end' cell races with eof from the app,
+      we shouldn't hold-open-until-flush if the eof arrived first.
+    - Fix a bug with init_cookie_authentication() in the controller.
+    - When recommending new-format log lines, if the upper bound is
+      LOG_ERR, leave it implicit.
+
+  o Bugfixes on 0.0.8.1:
+    - Fix a whole slew of memory leaks.
+    - Fix isspace() and friends so they still make Solaris happy
+      but also so they don't trigger asserts on win32.
+    - Fix parse_iso_time on platforms without strptime (eg win32).
+    - win32: tolerate extra "readable" events better.
+    - win32: when being multithreaded, leave parent fdarray open.
+    - Make unit tests work on win32.
+
+
+Changes in version 0.0.9rc6 - 2004-12-06
+  o Bugfixes on 0.0.9pre:
+    - Clean up some more integer underflow opportunities (not exploitable
+      we think).
+    - While hibernating, hup should not regrow our listeners.
+    - Send an end to the streams we close when we hibernate, rather
+      than just chopping them off.
+    - React to eof immediately on non-open edge connections.
+
+  o Bugfixes on 0.0.8.1:
+    - Calculate timeout for waiting for a connected cell from the time
+      we sent the begin cell, not from the time the stream started. If
+      it took a long time to establish the circuit, we would time out
+      right after sending the begin cell.
+    - Fix router_compare_addr_to_addr_policy: it was not treating a port
+      of * as always matching, so we were picking reject *:* nodes as
+      exit nodes too. Oops.
+
+  o Features:
+    - New circuit building strategy: keep a list of ports that we've
+      used in the past 6 hours, and always try to have 2 circuits open
+      or on the way that will handle each such port. Seed us with port
+      80 so web users won't complain that Tor is "slow to start up".
+    - Make kill -USR1 dump more useful stats about circuits.
+    - When warning about retrying or giving up, print the address, so
+      the user knows which one it's talking about.
+    - If you haven't used a clean circuit in an hour, throw it away,
+      just to be on the safe side. (This means after 6 hours a totally
+      unused Tor client will have no circuits open.)
+
+
+Changes in version 0.0.9rc5 - 2004-12-01
+  o Bugfixes on 0.0.8.1:
+    - Disallow NDEBUG. We don't ever want anybody to turn off debug.
+    - Let resolve conns retry/expire also, rather than sticking around
+      forever.
+    - If we are using select, make sure we stay within FD_SETSIZE.
+
+  o Bugfixes on 0.0.9pre:
+    - Fix integer underflow in tor_vsnprintf() that may be exploitable,
+      but doesn't seem to be currently; thanks to Ilja van Sprundel for
+      finding it.
+    - If anybody set DirFetchPostPeriod, give them StatusFetchPeriod
+      instead. Impose minima and maxima for all *Period options; impose
+      even tighter maxima for fetching if we are a caching dirserver.
+      Clip rather than rejecting.
+    - Fetch cached running-routers from servers that serve it (that is,
+      authdirservers and servers running 0.0.9rc5-cvs or later.)
+
+  o Features:
+    - Accept *:706 (silc) in default exit policy.
+    - Implement new versioning format for post 0.1.
+    - Support "foo.nickname.exit" addresses, to let Alice request the
+      address "foo" as viewed by exit node "nickname". Based on a patch
+      by Geoff Goodell.
+    - Make tor --version --version dump the cvs Id of every file.
+
+
+Changes in version 0.0.9rc4 - 2004-11-28
+  o Bugfixes on 0.0.8.1:
+    - Make windows sockets actually non-blocking (oops), and handle
+      win32 socket errors better.
+
+  o Bugfixes on 0.0.9rc1:
+    - Actually catch the -USR2 signal.
+
+
+Changes in version 0.0.9rc3 - 2004-11-25
+  o Bugfixes on 0.0.8.1:
+    - Flush the log file descriptor after we print "Tor opening log file",
+      so we don't see those messages days later.
+
+  o Bugfixes on 0.0.9rc1:
+    - Make tor-resolve work again.
+    - Avoid infinite loop in tor-resolve if tor hangs up on it.
+    - Fix an assert trigger for clients/servers handling resolves.
+
+
+Changes in version 0.0.9rc2 - 2004-11-24
+  o Bugfixes on 0.0.9rc1:
+    - I broke socks5 support while fixing the eof bug.
+    - Allow unitless bandwidths and intervals; they default to bytes
+      and seconds.
+    - New servers don't start out hibernating; they are active until
+      they run out of bytes, so they have a better estimate of how
+      long it takes, and so their operators can know they're working.
+
+
+Changes in version 0.0.9rc1 - 2004-11-23
+  o Bugfixes on 0.0.8.1:
+    - Finally fix a bug that's been plaguing us for a year:
+      With high load, circuit package window was reaching 0. Whenever
+      we got a circuit-level sendme, we were reading a lot on each
+      socket, but only writing out a bit. So we would eventually reach
+      eof. This would be noticed and acted on even when there were still
+      bytes sitting in the inbuf.
+    - When poll() is interrupted, we shouldn't believe the revents values.
+
+  o Bugfixes on 0.0.9pre6:
+    - Fix hibernate bug that caused pre6 to be broken.
+    - Don't keep rephist info for routers that haven't had activity for
+      24 hours. (This matters now that clients have keys, since we track
+      them too.)
+    - Never call close_temp_logs while validating log options.
+    - Fix backslash-escaping on tor.sh.in and torctl.in.
+
+  o Features:
+    - Implement weekly/monthly/daily accounting: now you specify your
+      hibernation properties by
+      AccountingMax N bytes|KB|MB|GB|TB
+      AccountingStart day|week|month [day] HH:MM
+        Defaults to "month 1 0:00".
+    - Let bandwidth and interval config options be specified as 5 bytes,
+      kb, kilobytes, etc; and as seconds, minutes, hours, days, weeks.
+    - kill -USR2 now moves all logs to loglevel debug (kill -HUP to
+      get back to normal.)
+    - If your requested entry or exit node has advertised bandwidth 0,
+      pick it anyway.
+    - Be more greedy about filling up relay cells -- we try reading again
+      once we've processed the stuff we read, in case enough has arrived
+      to fill the last cell completely.
+    - Apply NT service patch from Osamu Fujino. Still needs more work.
+
+
+Changes in version 0.0.9pre6 - 2004-11-15
+  o Bugfixes on 0.0.8.1:
+    - Fix assert failure on malformed socks4a requests.
+    - Use identity comparison, not nickname comparison, to choose which
+      half of circuit-ID-space each side gets to use. This is needed
+      because sometimes we think of a router as a nickname, and sometimes
+      as a hex ID, and we can't predict what the other side will do.
+    - Catch and ignore SIGXFSZ signals when log files exceed 2GB; our
+      write() call will fail and we handle it there.
+    - Add a FAST_SMARTLIST define to optionally inline smartlist_get
+      and smartlist_len, which are two major profiling offenders.
+
+  o Bugfixes on 0.0.9pre5:
+    - Fix a bug in read_all that was corrupting config files on windows.
+    - When we're raising the max number of open file descriptors to
+      'unlimited', don't log that we just raised it to '-1'.
+    - Include event code with events, as required by control-spec.txt.
+    - Don't give a fingerprint when clients do --list-fingerprint:
+      it's misleading, because it will never be the same again.
+    - Stop using strlcpy in tor_strndup, since it was slowing us
+      down a lot.
+    - Remove warn on startup about missing cached-directory file.
+    - Make kill -USR1 work again.
+    - Hibernate if we start tor during the "wait for wakeup-time" phase
+      of an accounting interval. Log our hibernation plans better.
+    - Authoritative dirservers now also cache their directory, so they
+      have it on start-up.
+
+  o Features:
+    - Fetch running-routers; cache running-routers; compress
+      running-routers; serve compressed running-routers.z
+    - Add NSI installer script contributed by J Doe.
+    - Commit VC6 and VC7 workspace/project files.
+    - Commit a tor.spec for making RPM files, with help from jbash.
+    - Add contrib/torctl.in contributed by Glenn Fink.
+    - Implement the control-spec's SAVECONF command, to write your
+      configuration to torrc.
+    - Get cookie authentication for the controller closer to working.
+    - Include control-spec.txt in the tarball.
+    - When set_conf changes our server descriptor, upload a new copy.
+      But don't upload it too often if there are frequent changes.
+    - Document authentication config in man page, and document signals
+      we catch.
+    - Clean up confusing parts of man page and torrc.sample.
+    - Make expand_filename handle ~ and ~username.
+    - Use autoconf to enable largefile support where necessary. Use
+      ftello where available, since ftell can fail at 2GB.
+    - Distinguish between TOR_TLS_CLOSE and TOR_TLS_ERROR, so we can
+      log more informatively.
+    - Give a slightly more useful output for "tor -h".
+    - Refuse application socks connections to port 0.
+    - Check clock skew for verified servers, but allow unverified
+      servers and clients to have any clock skew.
+    - Break DirFetchPostPeriod into:
+      - DirFetchPeriod for fetching full directory,
+      - StatusFetchPeriod for fetching running-routers,
+      - DirPostPeriod for posting server descriptor,
+      - RendPostPeriod for posting hidden service descriptors.
+    - Make sure the hidden service descriptors are at a random offset
+      from each other, to hinder linkability.
+
+
+Changes in version 0.0.9pre5 - 2004-11-09
+  o Bugfixes on 0.0.9pre4:
+    - Fix a seg fault in unit tests (doesn't affect main program).
+    - Fix an assert bug where a hidden service provider would fail if
+      the first hop of his rendezvous circuit was down.
+    - Hidden service operators now correctly handle version 1 style
+      INTRODUCE1 cells (nobody generates them still, so not a critical
+      bug).
+    - If do_hup fails, actually notice.
+    - Handle more errnos from accept() without closing the listener.
+      Some OpenBSD machines were closing their listeners because
+      they ran out of file descriptors.
+    - Send resolve cells to exit routers that are running a new
+      enough version of the resolve code to work right.
+    - Better handling of winsock includes on non-MSV win32 compilers.
+    - Some people had wrapped their tor client/server in a script
+      that would restart it whenever it died. This did not play well
+      with our "shut down if your version is obsolete" code. Now people
+      don't fetch a new directory if their local cached version is
+      recent enough.
+    - Make our autogen.sh work on ksh as well as bash.
+
+  o Major Features:
+    - Hibernation: New config option "AccountingMaxKB" lets you
+      set how many KBytes per month you want to allow your server to
+      consume. Rather than spreading those bytes out evenly over the
+      month, we instead hibernate for some of the month and pop up
+      at a deterministic time, work until the bytes are consumed, then
+      hibernate again. Config option "MonthlyAccountingStart" lets you
+      specify which day of the month your billing cycle starts on.
+    - Control interface: a separate program can now talk to your
+      client/server over a socket, and get/set config options, receive
+      notifications of circuits and streams starting/finishing/dying,
+      bandwidth used, etc. The next step is to get some GUIs working.
+      Let us know if you want to help out. See doc/control-spec.txt .
+    - Ship a contrib/tor-control.py as an example script to interact
+      with the control port.
+    - "tor --hash-password zzyxz" will output a salted password for
+      use in authenticating to the control interface.
+    - New log format in config:
+      "Log minsev[-maxsev] stdout|stderr|syslog" or
+      "Log minsev[-maxsev] file /var/foo"
+
+  o Minor Features:
+    - DirPolicy config option, to let people reject incoming addresses
+      from their dirserver.
+    - "tor --list-fingerprint" will list your identity key fingerprint
+      and then exit.
+    - Add "pass" target for RedirectExit, to make it easier to break
+      out of a sequence of RedirectExit rules.
+    - Clients now generate a TLS cert too, in preparation for having
+      them act more like real nodes.
+    - Ship src/win32/ in the tarball, so people can use it to build.
+    - Make old win32 fall back to CWD if SHGetSpecialFolderLocation
+      is broken.
+    - New "router-status" line in directory, to better bind each verified
+      nickname to its identity key.
+    - Deprecate unofficial config option abbreviations, and abbreviations
+      not on the command line.
+    - Add a pure-C tor-resolve implementation.
+    - Use getrlimit and friends to ensure we can reach MaxConn (currently
+      1024) file descriptors.
+
+  o Code security improvements, inspired by Ilja:
+    - Replace sprintf with snprintf. (I think they were all safe, but
+      hey.)
+    - Replace strcpy/strncpy with strlcpy in more places.
+    - Avoid strcat; use snprintf or strlcat instead.
+    - snprintf wrapper with consistent (though not C99) overflow behavior.
+
+
+Changes in version 0.0.9pre4 - 2004-10-17
+  o Bugfixes on 0.0.9pre3:
+    - If the server doesn't specify an exit policy, use the real default
+      exit policy, not reject *:*.
+    - Ignore fascistfirewall when uploading/downloading hidden service
+      descriptors, since we go through Tor for those; and when using
+      an HttpProxy, since we assume it can reach them all.
+    - When looking for an authoritative dirserver, use only the ones
+      configured at boot. Don't bother looking in the directory.
+    - The rest of the fix for get_default_conf_file() on older win32.
+    - Make 'Routerfile' config option obsolete.
+
+  o Features:
+    - New 'MyFamily nick1,...' config option for a server to
+      specify other servers that shouldn't be used in the same circuit
+      with it. Only believed if nick1 also specifies us.
+    - New 'NodeFamily nick1,nick2,...' config option for a client to
+      specify nodes that it doesn't want to use in the same circuit.
+    - New 'Redirectexit pattern address:port' config option for a
+      server to redirect exit connections, e.g. to a local squid.
+
+
+Changes in version 0.0.9pre3 - 2004-10-13
+  o Bugfixes on 0.0.8.1:
+    - Better torrc example lines for dirbindaddress and orbindaddress.
+    - Improved bounds checking on parsed ints (e.g. config options and
+      the ones we find in directories.)
+    - Better handling of size_t vs int, so we're more robust on 64
+      bit platforms.
+    - Fix the rest of the bug where a newly started OR would appear
+      as unverified even after we've added his fingerprint and hupped
+      the dirserver.
+    - Fix a bug from 0.0.7: when read() failed on a stream, we would
+      close it without sending back an end. So 'connection refused'
+      would simply be ignored and the user would get no response.
+
+  o Bugfixes on 0.0.9pre2:
+    - Serving the cached-on-disk directory to people is bad. We now
+      provide no directory until we've fetched a fresh one.
+    - Workaround for bug on windows where cached-directories get crlf
+      corruption.
+    - Make get_default_conf_file() work on older windows too.
+    - If we write a *:* exit policy line in the descriptor, don't write
+      any more exit policy lines.
+
+  o Features:
+    - Use only 0.0.9pre1 and later servers for resolve cells.
+    - Make the dirservers file obsolete.
+      - Include a dir-signing-key token in directories to tell the
+        parsing entity which key is being used to sign.
+      - Remove the built-in bulky default dirservers string.
+      - New config option "Dirserver %s:%d [fingerprint]", which can be
+        repeated as many times as needed. If no dirservers specified,
+        default to moria1,moria2,tor26.
+    - Make moria2 advertise a dirport of 80, so people behind firewalls
+      will be able to get a directory.
+    - Http proxy support
+      - Dirservers translate requests for http://%s:%d/x to /x
+      - You can specify "HttpProxy %s[:%d]" and all dir fetches will
+        be routed through this host.
+      - Clients ask for /tor/x rather than /x for new enough dirservers.
+        This way we can one day coexist peacefully with apache.
+      - Clients specify a "Host: %s%d" http header, to be compatible
+        with more proxies, and so running squid on an exit node can work.
+
+
+Changes in version 0.0.8.1 - 2004-10-13
+  o Bugfixes:
+    - Fix a seg fault that can be triggered remotely for Tor
+      clients/servers with an open dirport.
+    - Fix a rare assert trigger, where routerinfos for entries in
+      our cpath would expire while we're building the path.
+    - Fix a bug in OutboundBindAddress so it (hopefully) works.
+    - Fix a rare seg fault for people running hidden services on
+      intermittent connections.
+    - Fix a bug in parsing opt keywords with objects.
+    - Fix a stale pointer assert bug when a stream detaches and
+      reattaches.
+    - Fix a string format vulnerability (probably not exploitable)
+      in reporting stats locally.
+    - Fix an assert trigger: sometimes launching circuits can fail
+      immediately, e.g. because too many circuits have failed recently.
+    - Fix a compile warning on 64 bit platforms.
+
+
+Changes in version 0.0.9pre2 - 2004-10-03
+  o Bugfixes:
+    - Make fetching a cached directory work for 64-bit platforms too.
+    - Make zlib.h a required header, not an optional header.
+
+
+Changes in version 0.0.9pre1 - 2004-10-01
+  o Bugfixes:
+    - Stop using separate defaults for no-config-file and
+      empty-config-file. Now you have to explicitly turn off SocksPort,
+      if you don't want it open.
+    - Fix a bug in OutboundBindAddress so it (hopefully) works.
+    - Improve man page to mention more of the 0.0.8 features.
+    - Fix a rare seg fault for people running hidden services on
+      intermittent connections.
+    - Change our file IO stuff (especially wrt OpenSSL) so win32 is
+      happier.
+    - Fix more dns related bugs: send back resolve_failed and end cells
+      more reliably when the resolve fails, rather than closing the
+      circuit and then trying to send the cell. Also attach dummy resolve
+      connections to a circuit *before* calling dns_resolve(), to fix
+      a bug where cached answers would never be sent in RESOLVED cells.
+    - When we run out of disk space, or other log writing error, don't
+      crash. Just stop logging to that log and continue.
+    - We were starting to daemonize before we opened our logs, so if
+      there were any problems opening logs, we would complain to stderr,
+      which wouldn't work, and then mysteriously exit.
+    - Fix a rare bug where sometimes a verified OR would connect to us
+      before he'd uploaded his descriptor, which would cause us to
+      assign conn->nickname as though he's unverified. Now we look through
+      the fingerprint list to see if he's there.
+    - Fix a rare assert trigger, where routerinfos for entries in
+      our cpath would expire while we're building the path.
+
+  o Features:
+    - Clients can ask dirservers for /dir.z to get a compressed version
+      of the directory. Only works for servers running 0.0.9, of course.
+    - Make clients cache directories and use them to seed their router
+      lists at startup. This means clients have a datadir again.
+    - Configuration infrastructure support for warning on obsolete
+      options.
+    - Respond to content-encoding headers by trying to uncompress as
+      appropriate.
+    - Reply with a deflated directory when a client asks for "dir.z".
+      We could use allow-encodings instead, but allow-encodings isn't
+      specified in HTTP 1.0.
+    - Raise the max dns workers from 50 to 100.
+    - Discourage people from setting their dirfetchpostperiod more often
+      than once per minute.
+    - Protect dirservers from overzealous descriptor uploading -- wait
+      10 seconds after directory gets dirty, before regenerating.
+
+
+Changes in version 0.0.8 - 2004-08-25
+  o Port it to SunOS 5.9 / Athena
+
+
+Changes in version 0.0.8rc2 - 2004-08-20
+  o Make it compile on cygwin again.
+  o When picking unverified routers, skip those with low uptime and/or
+    low bandwidth, depending on what properties you care about.
+
+
+Changes in version 0.0.8rc1 - 2004-08-18
+  o Changes from 0.0.7.3:
+    - Bugfixes:
+      - Fix assert triggers: if the other side returns an address 0.0.0.0,
+        don't put it into the client dns cache.
+      - If a begin failed due to exit policy, but we believe the IP address
+        should have been allowed, switch that router to exitpolicy reject *:*
+        until we get our next directory.
+    - Features:
+      - Clients choose nodes proportional to advertised bandwidth.
+      - Avoid using nodes with low uptime as introduction points.
+      - Handle servers with dynamic IP addresses: don't replace
+        options->Address with the resolved one at startup, and
+        detect our address right before we make a routerinfo each time.
+      - 'FascistFirewall' option to pick dirservers and ORs on specific
+        ports; plus 'FirewallPorts' config option to tell FascistFirewall
+        which ports are open. (Defaults to 80,443)
+      - Be more aggressive about trying to make circuits when the network
+        has changed (e.g. when you unsuspend your laptop).
+      - Check for time skew on http headers; report date in response to
+        "GET /".
+      - If the entrynode config line has only one node, don't pick it as
+        an exitnode.
+      - Add strict{entry|exit}nodes config options. If set to 1, then
+        we refuse to build circuits that don't include the specified entry
+        or exit nodes.
+      - OutboundBindAddress config option, to bind to a specific
+        IP address for outgoing connect()s.
+      - End truncated log entries (e.g. directories) with "[truncated]".
+
+  o Patches to 0.0.8preX:
+    - Bugfixes:
+      - Patches to compile and run on win32 again (maybe)?
+      - Fix crash when looking for ~/.torrc with no $HOME set.
+      - Fix a race bug in the unit tests.
+      - Handle verified/unverified name collisions better when new
+        routerinfo's arrive in a directory.
+      - Sometimes routers were getting entered into the stats before
+        we'd assigned their identity_digest. Oops.
+      - Only pick and establish intro points after we've gotten a
+        directory.
+    - Features:
+      - AllowUnverifiedNodes config option to let circuits choose no-name
+        routers in entry,middle,exit,introduction,rendezvous positions.
+        Allow middle and rendezvous positions by default.
+      - Add a man page for tor-resolve.
+
+
+Changes in version 0.0.7.3 - 2004-08-12
+  o Stop dnsworkers from triggering an assert failure when you
+    ask them to resolve the host "".
+
+
+Changes in version 0.0.8pre3 - 2004-08-09
+  o Changes from 0.0.7.2:
+    - Allow multiple ORs with same nickname in routerlist -- now when
+      people give us one identity key for a nickname, then later
+      another, we don't constantly complain until the first expires.
+    - Remember used bandwidth (both in and out), and publish 15-minute
+      snapshots for the past day into our descriptor.
+    - You can now fetch $DIRURL/running-routers to get just the
+      running-routers line, not the whole descriptor list. (But
+      clients don't use this yet.)
+    - When people mistakenly use Tor as an http proxy, point them
+      at the tor-doc.html rather than the INSTALL.
+    - Remove our mostly unused -- and broken -- hex_encode()
+      function. Use base16_encode() instead. (Thanks to Timo Lindfors
+      for pointing out this bug.)
+    - Rotate onion keys every 12 hours, not every 2 hours, so we have
+      fewer problems with people using the wrong key.
+    - Change the default exit policy to reject the default edonkey,
+      kazaa, gnutella ports.
+    - Add replace_file() to util.[ch] to handle win32's rename().
+
+  o Changes from 0.0.8preX:
+    - Fix two bugs in saving onion keys to disk when rotating, so
+      hopefully we'll get fewer people using old onion keys.
+    - Fix an assert error that was making SocksPolicy not work.
+    - Be willing to expire routers that have an open dirport -- it's
+      just the authoritative dirservers we want to not forget.
+    - Reject tor-resolve requests for .onion addresses early, so we
+      don't build a whole rendezvous circuit and then fail.
+    - When you're warning a server that he's unverified, don't cry
+      wolf unpredictably.
+    - Fix a race condition: don't try to extend onto a connection
+      that's still handshaking.
+    - For servers in clique mode, require the conn to be open before
+      you'll choose it for your path.
+    - Fix some cosmetic bugs about duplicate mark-for-close, lack of
+      end relay cell, etc.
+    - Measure bandwidth capacity over the last 24 hours, not just 12
+    - Bugfix: authoritative dirservers were making and signing a new
+      directory for each client, rather than reusing the cached one.
+
+
+Changes in version 0.0.8pre2 - 2004-08-04
+  o Changes from 0.0.7.2:
+    - Security fixes:
+      - Check directory signature _before_ you decide whether you're
+        you're running an obsolete version and should exit.
+      - Check directory signature _before_ you parse the running-routers
+        list to decide who's running or verified.
+    - Bugfixes and features:
+      - Check return value of fclose while writing to disk, so we don't
+        end up with broken files when servers run out of disk space.
+      - Log a warning if the user uses an unsafe socks variant, so people
+        are more likely to learn about privoxy or socat.
+      - Dirservers now include RFC1123-style dates in the HTTP headers,
+        which one day we will use to better detect clock skew.
+
+  o Changes from 0.0.8pre1:
+    - Make it compile without warnings again on win32.
+    - Log a warning if you're running an unverified server, to let you
+      know you might want to get it verified.
+    - Only pick a default nickname if you plan to be a server.
+
+
+Changes in version 0.0.8pre1 - 2004-07-23
+  o Bugfixes:
+    - Made our unit tests compile again on OpenBSD 3.5, and tor
+      itself compile again on OpenBSD on a sparc64.
+    - We were neglecting milliseconds when logging on win32, so
+      everything appeared to happen at the beginning of each second.
+
+  o Protocol changes:
+    - 'Extend' relay cell payloads now include the digest of the
+      intended next hop's identity key. Now we can verify that we're
+      extending to the right router, and also extend to routers we
+      hadn't heard of before.
+
+  o Features:
+    - Tor nodes can now act as relays (with an advertised ORPort)
+      without being manually verified by the dirserver operators.
+      - Uploaded descriptors of unverified routers are now accepted
+        by the dirservers, and included in the directory.
+      - Verified routers are listed by nickname in the running-routers
+        list; unverified routers are listed as "$".
+      - We now use hash-of-identity-key in most places rather than
+        nickname or addr:port, for improved security/flexibility.
+      - To avoid Sybil attacks, paths still use only verified servers.
+        But now we have a chance to play around with hybrid approaches.
+      - Nodes track bandwidth usage to estimate capacity (not used yet).
+      - ClientOnly option for nodes that never want to become servers.
+    - Directory caching.
+      - "AuthoritativeDir 1" option for the official dirservers.
+      - Now other nodes (clients and servers) will cache the latest
+        directory they've pulled down.
+      - They can enable their DirPort to serve it to others.
+      - Clients will pull down a directory from any node with an open
+        DirPort, and check the signature/timestamp correctly.
+      - Authoritative dirservers now fetch directories from other
+        authdirservers, to stay better synced.
+      - Running-routers list tells who's down also, along with noting
+        if they're verified (listed by nickname) or unverified (listed
+        by hash-of-key).
+      - Allow dirservers to serve running-router list separately.
+        This isn't used yet.
+    - ORs connect-on-demand to other ORs
+      - If you get an extend cell to an OR you're not connected to,
+        connect, handshake, and forward the create cell.
+      - The authoritative dirservers stay connected to everybody,
+        and everybody stays connected to 0.0.7 servers, but otherwise
+        clients/servers expire unused connections after 5 minutes.
+    - When servers get a sigint, they delay 30 seconds (refusing new
+      connections) then exit. A second sigint causes immediate exit.
+    - File and name management:
+      - Look for .torrc if no CONFDIR "torrc" is found.
+      - If no datadir is defined, then choose, make, and secure ~/.tor
+        as datadir.
+      - If torrc not found, exitpolicy reject *:*.
+      - Expands ~/ in filenames to $HOME/ (but doesn't yet expand ~arma).
+      - If no nickname is defined, derive default from hostname.
+      - Rename secret key files, e.g. identity.key -> secret_id_key,
+        to discourage people from mailing their identity key to tor-ops.
+    - Refuse to build a circuit before the directory has arrived --
+      it won't work anyway, since you won't know the right onion keys
+      to use.
+    - Try other dirservers immediately if the one you try is down. This
+      should tolerate down dirservers better now.
+    - Parse tor version numbers so we can do an is-newer-than check
+      rather than an is-in-the-list check.
+    - New socks command 'resolve', to let us shim gethostbyname()
+      locally.
+      - A 'tor_resolve' script to access the socks resolve functionality.
+      - A new socks-extensions.txt doc file to describe our
+        interpretation and extensions to the socks protocols.
+    - Add a ContactInfo option, which gets published in descriptor.
+    - Publish OR uptime in descriptor (and thus in directory) too.
+    - Write tor version at the top of each log file
+    - New docs in the tarball:
+      - tor-doc.html.
+      - Document that you should proxy your SSL traffic too.
+
+
+Changes in version 0.0.7.2 - 2004-07-07
+  o A better fix for the 0.0.0.0 problem, that will hopefully
+    eliminate the remaining related assertion failures.
+
+
+Changes in version 0.0.7.1 - 2004-07-04
+  o When an address resolves to 0.0.0.0, treat it as a failed resolve,
+    since internally we use 0.0.0.0 to signify "not yet resolved".
+
+
+Changes in version 0.0.7 - 2004-06-07
+  o Updated the man page to reflect the new features.
+
+
+Changes in version 0.0.7rc2 - 2004-06-06
+  o Changes from 0.0.7rc1:
+    - Make it build on Win32 again.
+  o Changes from 0.0.6.2:
+    - Rotate dnsworkers and cpuworkers on SIGHUP, so they get new config
+      settings too.
+
+
+Changes in version 0.0.7rc1 - 2004-06-02
+  o Bugfixes:
+    - On sighup, we were adding another log without removing the first
+      one. So log messages would get duplicated n times for n sighups.
+    - Several cases of using a connection after we'd freed it. The
+      problem was that connections that are pending resolve are in both
+      the pending_resolve tree, and also the circuit's resolving_streams
+      list. When you want to remove one, you must remove it from both.
+    - Fix a double-mark-for-close where an end cell arrived for a
+      resolving stream, and then the resolve failed.
+    - Check directory signatures based on name of signer, not on whom
+      we got the directory from. This will let us cache directories more
+      easily.
+  o Features:
+    - Crank up some of our constants to handle more users.
+
+
+Changes in version 0.0.7pre1 - 2004-06-02
+  o Fixes for crashes and other obnoxious bugs:
+    - Fix an epipe bug: sometimes when directory connections failed
+      to connect, we would give them a chance to flush before closing
+      them.
+    - When we detached from a circuit because of resolvefailed, we
+      would immediately try the same circuit twice more, and then
+      give up on the resolve thinking we'd tried three different
+      exit nodes.
+    - Limit the number of intro circuits we'll attempt to build for a
+      hidden service per 15-minute period.
+    - Check recommended-software string *early*, before actually parsing
+      the directory. Thus we can detect an obsolete version and exit,
+      even if the new directory format doesn't parse.
+  o Fixes for security bugs:
+    - Remember which nodes are dirservers when you startup, and if a
+      random OR enables his dirport, don't automatically assume he's
+      a trusted dirserver.
+  o Other bugfixes:
+    - Directory connections were asking the wrong poll socket to
+      start writing, and not asking themselves to start writing.
+    - When we detached from a circuit because we sent a begin but
+      didn't get a connected, we would use it again the first time;
+      but after that we would correctly switch to a different one.
+    - Stop warning when the first onion decrypt attempt fails; they
+      will sometimes legitimately fail now that we rotate keys.
+    - Override unaligned-access-ok check when $host_cpu is ia64 or
+      arm. Apparently they allow it but the kernel whines.
+    - Dirservers try to reconnect periodically too, in case connections
+      have failed.
+    - Fix some memory leaks in directory servers.
+    - Allow backslash in Win32 filenames.
+    - Made Tor build complain-free on FreeBSD, hopefully without
+      breaking other BSD builds. We'll see.
+  o Features:
+    - Doxygen markup on all functions and global variables.
+    - Make directory functions update routerlist, not replace it. So
+      now directory disagreements are not so critical a problem.
+    - Remove the upper limit on number of descriptors in a dirserver's
+      directory (not that we were anywhere close).
+    - Allow multiple logfiles at different severity ranges.
+    - Allow *BindAddress to specify ":port" rather than setting *Port
+      separately. Allow multiple instances of each BindAddress config
+      option, so you can bind to multiple interfaces if you want.
+    - Allow multiple exit policy lines, which are processed in order.
+      Now we don't need that huge line with all the commas in it.
+    - Enable accept/reject policies on SOCKS connections, so you can bind
+      to 0.0.0.0 but still control who can use your OP.
+
+
+Changes in version 0.0.6.2 - 2004-05-16
+  o Our integrity-checking digest was checking only the most recent cell,
+    not the previous cells like we'd thought.
+    Thanks to Stefan Mark for finding the flaw!
+
+
+Changes in version 0.0.6.1 - 2004-05-06
+  o Fix two bugs in our AES counter-mode implementation (this affected
+    onion-level stream encryption, but not TLS-level). It turns
+    out we were doing something much more akin to a 16-character
+    polyalphabetic cipher. Oops.
+    Thanks to Stefan Mark for finding the flaw!
+  o Retire moria3 as a directory server, and add tor26 as a directory
+    server.
+
+
+Changes in version 0.0.6 - 2004-05-02
+  [version bump only]
+
+
+Changes in version 0.0.6rc4 - 2004-05-01
+  o Update the built-in dirservers list to use the new directory format
+  o Fix a rare seg fault: if a node offering a hidden service attempts
+    to build a circuit to Alice's rendezvous point and fails before it
+    reaches the last hop, it retries with a different circuit, but
+    then dies.
+  o Handle windows socket errors correctly.
+
+
+Changes in version 0.0.6rc3 - 2004-04-28
+  o Don't expire non-general excess circuits (if we had enough
+    circuits open, we were expiring rendezvous circuits -- even
+    when they had a stream attached. oops.)
+  o Fetch randomness from /dev/urandom better (not via fopen/fread)
+  o Better debugging for tls errors
+  o Some versions of openssl have an SSL_pending function that erroneously
+    returns bytes when there is a non-application record pending.
+  o Set Content-Type on the directory and hidserv descriptor.
+  o Remove IVs from cipher code, since AES-ctr has none.
+  o Win32 fixes. Tor now compiles on win32 with no warnings/errors.
+    o We were using an array of length zero in a few places.
+    o win32's gethostbyname can't resolve an IP to an IP.
+    o win32's close can't close a socket.
+
+
+Changes in version 0.0.6rc2 - 2004-04-26
+  o Fix a bug where we were closing tls connections intermittently.
+    It turns out openssl keeps its errors around -- so if an error
+    happens, and you don't ask about it, and then another openssl
+    operation happens and succeeds, and you ask if there was an error,
+    it tells you about the first error. Fun fun.
+  o Fix a bug that's been lurking since 27 may 03 (!)
+    When passing back a destroy cell, we would use the wrong circ id.
+    'Mostly harmless', but still worth fixing.
+  o Since we don't support truncateds much, don't bother sending them;
+    just close the circ.
+  o check for  so we build on NetBSD again (I hope).
+  o don't crash if a conn that sent a begin has suddenly lost its circuit
+    (this was quite rare).
+
+
+Changes in version 0.0.6rc1 - 2004-04-25
+  o We now rotate link (tls context) keys and onion keys.
+  o CREATE cells now include oaep padding, so you can tell
+    if you decrypted them correctly.
+  o Add bandwidthburst to server descriptor.
+  o Directories now say which dirserver signed them.
+  o Use a tor_assert macro that logs failed assertions too.
+
+
+Changes in version 0.0.6pre5 - 2004-04-18
+  o changes from 0.0.6pre4:
+    - make tor build on broken freebsd 5.2 installs
+    - fix a failed assert when you try an intro point, get a nack, and try
+      a second one and it works.
+    - when alice uses a port that the hidden service doesn't accept,
+      it now sends back an end cell (denied by exit policy). otherwise
+      alice would just have to wait to time out.
+    - fix another rare bug: when we had tried all the intro
+      points for a hidden service, we fetched the descriptor
+      again, but we left our introcirc thinking it had already
+      sent an intro, so it kept waiting for a response...
+    - bugfix: when you sleep your hidden-service laptop, as soon
+      as it wakes up it tries to upload a service descriptor, but
+      socketpair fails for some reason (localhost not up yet?).
+      now we simply give up on that upload, and we'll try again later.
+      i'd still like to find the bug though.
+    - if an intro circ waiting for an ack dies before getting one, then
+      count it as a nack
+    - we were reusing stale service descriptors and refetching usable
+      ones. oops.
+
+
+Changes in version 0.0.6pre4 - 2004-04-14
+  o changes from 0.0.6pre3:
+    - when bob fails to connect to the rendezvous point, and his
+      circ didn't fail because of the rendezvous point itself, then
+      he retries a couple of times
+    - we expire introduction and rendezvous circs more thoroughly
+      (sometimes they were hanging around forever)
+    - we expire unattached rendezvous streams that have been around
+      too long (they were sticking around forever).
+    - fix a measly fencepost error that was crashing everybody with
+      a strict glibc.
+
+
+Changes in version 0.0.6pre3 - 2004-04-14
+  o changes from 0.0.6pre2:
+    - make hup work again
+    - fix some memory leaks for dirservers
+    - allow more skew in rendezvous descriptor timestamps, to help
+      handle people like blanu who don't know what time it is
+    - normal circs are 3 hops, but some rend/intro circs are 4, if
+      the initiator doesn't get to choose the last hop
+    - send acks for introductions, so alice can know whether to try
+      again
+    - bob publishes intro points more correctly
+  o changes from 0.0.5:
+    - fix an assert trigger that's been plaguing us since the days
+      of 0.0.2prexx (thanks weasel!)
+    - retry stream correctly when we fail to connect because of
+      exit-policy-reject (should try another) or can't-resolve-address
+      (also should try another, because dns on random internet servers
+      is flaky).
+    - when we hup a dirserver and we've *removed* a server from the
+      approved-routers list, now we remove that server from the
+      in-memory directories too
+
+
+Changes in version 0.0.6pre2 - 2004-04-08
+  o We fixed our base32 implementation. Now it works on all architectures.
+
+
+Changes in version 0.0.6pre1 - 2004-04-08
+  o Features:
+    - Hidden services and rendezvous points are implemented. Go to
+      http://6sxoyfb3h2nvok2d.onion/ for an index of currently available
+      hidden services. (This only works via a socks4a proxy such as
+      Privoxy, and currently it's quite slow.)
+
+
+Changes in version 0.0.5 - 2004-03-30
+  [version bump only]
+
+
+Changes in version 0.0.5rc3 - 2004-03-29
+  o Install torrc as torrc.sample -- we no longer clobber your
+    torrc. (Woo!)
+  o Re-enable recommendedversion checking (we broke it in rc2, oops)
+  o Add in a 'notice' log level for things the operator should hear
+    but that aren't warnings
+
+
+Changes in version 0.0.5rc2 - 2004-03-29
+  o Hold socks connection open until reply is flushed (if possible)
+  o Make exit nodes resolve IPs to IPs immediately, rather than asking
+    the dns farm to do it.
+  o Fix c99 aliasing warnings in rephist.c
+  o Don't include server descriptors that are older than 24 hours in the
+    directory.
+  o Give socks 'reject' replies their whole 15s to attempt to flush,
+    rather than seeing the 60s timeout and assuming the flush had failed.
+  o Clean automake droppings from the cvs repository
+
+
+Changes in version 0.0.5rc1 - 2004-03-28
+  o Fix mangled-state bug in directory fetching (was causing sigpipes).
+  o Only build circuits after we've fetched the directory: clients were
+    using only the directory servers before they'd fetched a directory.
+    This also means longer startup time; so it goes.
+  o Fix an assert trigger where an OP would fail to handshake, and we'd
+    expect it to have a nickname.
+  o Work around a tsocks bug: do a socks reject when AP connection dies
+    early, else tsocks goes into an infinite loop.
+
+
+Changes in version 0.0.4 - 2004-03-26
+  o When connecting to a dirserver or OR and the network is down,
+    we would crash.
+
+
+Changes in version 0.0.3 - 2004-03-26
+  o Warn and fail if server chose a nickname with illegal characters
+  o Port to Solaris and Sparc:
+    - include missing header fcntl.h
+    - have autoconf find -lsocket -lnsl automatically
+    - deal with hardware word alignment
+    - make uname() work (solaris has a different return convention)
+    - switch from using signal() to sigaction()
+  o Preliminary work on reputation system:
+    - Keep statistics on success/fail of connect attempts; they're published
+      by kill -USR1 currently.
+    - Add a RunTesting option to try to learn link state by creating test
+      circuits, even when SocksPort is off.
+    - Remove unused open circuits when there are too many.
+
+
+Changes in version 0.0.2 - 2004-03-19
+    - Include strlcpy and strlcat for safer string ops
+    - define INADDR_NONE so we compile (but still not run) on solaris
+
+
+Changes in version 0.0.2pre27 - 2004-03-14
+  o Bugfixes:
+    - Allow internal tor networks (we were rejecting internal IPs,
+      now we allow them if they're set explicitly).
+    - And fix a few endian issues.
+
+
+Changes in version 0.0.2pre26 - 2004-03-14
+  o New features:
+    - If a stream times out after 15s without a connected cell, don't
+      try that circuit again: try a new one.
+    - Retry streams at most 4 times. Then give up.
+    - When a dirserver gets a descriptor from an unknown router, it
+      logs its fingerprint (so the dirserver operator can choose to
+      accept it even without mail from the server operator).
+    - Inform unapproved servers when we reject their descriptors.
+    - Make tor build on Windows again. It works as a client, who knows
+      about as a server.
+    - Clearer instructions in the torrc for how to set up a server.
+    - Be more efficient about reading fd's when our global token bucket
+      (used for rate limiting) becomes empty.
+  o Bugfixes:
+    - Stop asserting that computers always go forward in time. It's
+      simply not true.
+    - When we sent a cell (e.g. destroy) and then marked an OR connection
+      expired, we might close it before finishing a flush if the other
+      side isn't reading right then.
+    - Don't allow dirservers to start if they haven't defined
+      RecommendedVersions
+    - We were caching transient dns failures. Oops.
+    - Prevent servers from publishing an internal IP as their address.
+    - Address a strcat vulnerability in circuit.c
+
+
+Changes in version 0.0.2pre25 - 2004-03-04
+  o New features:
+    - Put the OR's IP in its router descriptor, not its fqdn. That way
+      we'll stop being stalled by gethostbyname for nodes with flaky dns,
+      e.g. poblano.
+  o Bugfixes:
+    - If the user typed in an address that didn't resolve, the server
+      crashed.
+
+
+Changes in version 0.0.2pre24 - 2004-03-03
+  o Bugfixes:
+    - Fix an assertion failure in dns.c, where we were trying to dequeue
+      a pending dns resolve even if it wasn't pending
+    - Fix a spurious socks5 warning about still trying to write after the
+      connection is finished.
+    - Hold certain marked_for_close connections open until they're finished
+      flushing, rather than losing bytes by closing them too early.
+    - Correctly report the reason for ending a stream
+    - Remove some duplicate calls to connection_mark_for_close
+    - Put switch_id and start_daemon earlier in the boot sequence, so it
+      will actually try to chdir() to options.DataDirectory
+    - Make 'make test' exit(1) if a test fails; fix some unit tests
+    - Make tor fail when you use a config option it doesn't know about,
+      rather than warn and continue.
+    - Make --version work
+    - Bugfixes on the rpm spec file and tor.sh, so it's more up to date
+
+
+Changes in version 0.0.2pre23 - 2004-02-29
+  o New features:
+    - Print a statement when the first circ is finished, so the user
+      knows it's working.
+    - If a relay cell is unrecognized at the end of the circuit,
+      send back a destroy. (So attacks to mutate cells are more
+      clearly thwarted.)
+    - New config option 'excludenodes' to avoid certain nodes for circuits.
+    - When it daemonizes, it chdir's to the DataDirectory rather than "/",
+      so you can collect coredumps there.
+ o Bugfixes:
+    - Fix a bug in tls flushing where sometimes data got wedged and
+      didn't flush until more data got sent. Hopefully this bug was
+      a big factor in the random delays we were seeing.
+    - Make 'connected' cells include the resolved IP, so the client
+      dns cache actually gets populated.
+    - Disallow changing from ORPort=0 to ORPort>0 on hup.
+    - When we time-out on a stream and detach from the circuit, send an
+      end cell down it first.
+    - Only warn about an unknown router (in exitnodes, entrynodes,
+      excludenodes) after we've fetched a directory.
+
+
+Changes in version 0.0.2pre22 - 2004-02-26
+  o New features:
+    - Servers publish less revealing uname information in descriptors.
+    - More memory tracking and assertions, to crash more usefully when
+      errors happen.
+    - If the default torrc isn't there, just use some default defaults.
+      Plus provide an internal dirservers file if they don't have one.
+    - When the user tries to use Tor as an http proxy, give them an http
+      501 failure explaining that we're a socks proxy.
+    - Dump a new router.desc on hup, to help confused people who change
+      their exit policies and then wonder why router.desc doesn't reflect
+      it.
+    - Clean up the generic tor.sh init script that we ship with.
+  o Bugfixes:
+    - If the exit stream is pending on the resolve, and a destroy arrives,
+      then the stream wasn't getting removed from the pending list. I
+      think this was the one causing recent server crashes.
+    - Use a more robust poll on OSX 10.3, since their poll is flaky.
+    - When it couldn't resolve any dirservers, it was useless from then on.
+      Now it reloads the RouterFile (or default dirservers) if it has no
+      dirservers.
+    - Move the 'tor' binary back to /usr/local/bin/ -- it turns out
+      many users don't even *have* a /usr/local/sbin/.
+
+
+Changes in version 0.0.2pre21 - 2004-02-18
+  o New features:
+    - There's a ChangeLog file that actually reflects the changelog.
+    - There's a 'torify' wrapper script, with an accompanying
+      tor-tsocks.conf, that simplifies the process of using tsocks for
+      tor. It even has a man page.
+    - The tor binary gets installed to sbin rather than bin now.
+    - Retry streams where the connected cell hasn't arrived in 15 seconds
+    - Clean up exit policy handling -- get the default out of the torrc,
+      so we can update it without forcing each server operator to fix
+      his/her torrc.
+    - Allow imaps and pop3s in default exit policy
+  o Bugfixes:
+    - Prevent picking middleman nodes as the last node in the circuit
+
+
+Changes in version 0.0.2pre20 - 2004-01-30
+  o New features:
+    - We now have a deb package, and it's in debian unstable. Go to
+      it, apt-getters. :)
+    - I've split the TotalBandwidth option into BandwidthRate (how many
+      bytes per second you want to allow, long-term) and
+      BandwidthBurst (how many bytes you will allow at once before the cap
+      kicks in). This better token bucket approach lets you, say, set
+      BandwidthRate to 10KB/s and BandwidthBurst to 10MB, allowing good
+      performance while not exceeding your monthly bandwidth quota.
+    - Push out a tls record's worth of data once you've got it, rather
+      than waiting until you've read everything waiting to be read. This
+      may improve performance by pipelining better. We'll see.
+    - Add an AP_CONN_STATE_CONNECTING state, to allow streams to detach
+      from failed circuits (if they haven't been connected yet) and attach
+      to new ones.
+    - Expire old streams that haven't managed to connect. Some day we'll
+      have them reattach to new circuits instead.
+
+  o Bugfixes:
+    - Fix several memory leaks that were causing servers to become bloated
+      after a while.
+    - Fix a few very rare assert triggers. A few more remain.
+    - Setuid to User _before_ complaining about running as root.
+
+
+Changes in version 0.0.2pre19 - 2004-01-07
+  o Bugfixes:
+    - Fix deadlock condition in dns farm. We were telling a child to die by
+      closing the parent's file descriptor to him. But newer children were
+      inheriting the open file descriptor from the parent, and since they
+      weren't closing it, the socket never closed, so the child never read
+      eof, so he never knew to exit. Similarly, dns workers were holding
+      open other sockets, leading to all sorts of chaos.
+    - New cleaner daemon() code for forking and backgrounding.
+    - If you log to a file, it now prints an entry at the top of the
+      logfile so you know it's working.
+    - The onionskin challenge length was 30 bytes longer than necessary.
+    - Started to patch up the spec so it's not quite so out of date.
+
+
+Changes in version 0.0.2pre18 - 2004-01-02
+  o Bugfixes:
+    - Fix endian issues with the 'integrity' field in the relay header.
+    - Fix a potential bug where connections in state
+      AP_CONN_STATE_CIRCUIT_WAIT might unexpectedly ask to write.
+
+
+Changes in version 0.0.2pre17 - 2003-12-30
+  o Bugfixes:
+    - Made --debuglogfile (or any second log file, actually) work.
+    - Resolved an edge case in get_unique_circ_id_by_conn where a smart
+      adversary could force us into an infinite loop.
+
+  o Features:
+    - Each onionskin handshake now includes a hash of the computed key,
+      to prove the server's identity and help perfect forward secrecy.
+    - Changed cell size from 256 to 512 bytes (working toward compatibility
+      with MorphMix).
+    - Changed cell length to 2 bytes, and moved it to the relay header.
+    - Implemented end-to-end integrity checking for the payloads of
+      relay cells.
+    - Separated streamid from 'recognized' (otherwise circuits will get
+      messed up when we try to have streams exit from the middle). We
+      use the integrity-checking to confirm that a cell is addressed to
+      this hop.
+    - Randomize the initial circid and streamid values, so an adversary who
+      breaks into a node can't learn how many circuits or streams have
+      been made so far.
+
+
+Changes in version 0.0.2pre16 - 2003-12-14
+  o Bugfixes:
+    - Fixed a bug that made HUP trigger an assert
+    - Fixed a bug where a circuit that immediately failed wasn't being
+      counted as a failed circuit in counting retries.
+
+  o Features:
+    - Now we close the circuit when we get a truncated cell: otherwise we're
+      open to an anonymity attack where a bad node in the path truncates
+      the circuit and then we open streams at him.
+    - Add port ranges to exit policies
+    - Add a conservative default exit policy
+    - Warn if you're running tor as root
+    - on HUP, retry OR connections and close/rebind listeners
+    - options.EntryNodes: try these nodes first when picking the first node
+    - options.ExitNodes: if your best choices happen to include any of
+      your preferred exit nodes, you choose among just those preferred
+      exit nodes.
+    - options.ExcludedNodes: nodes that are never picked in path building
+
+
+Changes in version 0.0.2pre15 - 2003-12-03
+  o Robustness and bugfixes:
+    - Sometimes clients would cache incorrect DNS resolves, which would
+      really screw things up.
+    - An OP that goes offline would slowly leak all its sockets and stop
+      working.
+    - A wide variety of bugfixes in exit node selection, exit policy
+      handling, and processing pending streams when a new circuit is
+      established.
+    - Pick nodes for a path only from those the directory says are up
+    - Choose randomly from all running dirservers, not always the first one
+    - Increase allowed http header size for directory fetch.
+    - Stop writing to stderr (if we're daemonized it will be closed).
+    - Enable -g always, so cores will be more useful to me.
+    - Switch "-lcrypto -lssl" to "-lssl -lcrypto" for broken distributions.
+
+  o Documentation:
+    - Wrote a man page. It lists commonly used options.
+
+  o Configuration:
+    - Change default loglevel to warn.
+    - Make PidFile default to null rather than littering in your CWD.
+    - OnionRouter config option is now obsolete. Instead it just checks
+      ORPort>0.
+    - Moved to a single unified torrc file for both clients and servers.
+
+
+Changes in version 0.0.2pre14 - 2003-11-29
+  o Robustness and bugfixes:
+    - Force the admin to make the DataDirectory himself
+      - to get ownership/permissions right
+      - so clients no longer make a DataDirectory and then never use it
+    - fix bug where a client who was offline for 45 minutes would never
+      pull down a directory again
+    - fix (or at least hide really well) the dns assert bug that was
+      causing server crashes
+    - warnings and improved robustness wrt clockskew for certs
+    - use the native daemon(3) to daemonize, when available
+    - exit if bind() fails
+    - exit if neither socksport nor orport is defined
+    - include our own tor_timegm (Win32 doesn't have its own)
+    - bugfix for win32 with lots of connections
+    - fix minor bias in PRNG
+    - make dirserver more robust to corrupt cached directory
+
+  o Documentation:
+    - Wrote the design document (woo)
+
+  o Circuit building and exit policies:
+    - Circuits no longer try to use nodes that the directory has told them
+      are down.
+    - Exit policies now support bitmasks (18.0.0.0/255.0.0.0) and
+      bitcounts (18.0.0.0/8).
+    - Make AP connections standby for a circuit if no suitable circuit
+      exists, rather than failing
+    - Circuits choose exit node based on addr/port, exit policies, and
+      which AP connections are standing by
+    - Bump min pathlen from 2 to 3
+    - Relay end cells have a payload to describe why the stream ended.
+    - If the stream failed because of exit policy, try again with a new
+      circuit.
+    - Clients have a dns cache to remember resolved addresses.
+    - Notice more quickly when we have no working circuits
+
+  o Configuration:
+    - APPort is now called SocksPort
+    - SocksBindAddress, ORBindAddress, DirBindAddress let you configure
+      where to bind
+    - RecommendedVersions is now a config variable rather than
+      hardcoded (for dirservers)
+    - Reloads config on HUP
+    - Usage info on -h or --help
+    - If you set User and Group config vars, it'll setu/gid to them.
+
+
+Changes in version 0.0.2pre13 - 2003-10-19
+  o General stability:
+    - SSL_write no longer fails when it returns WANTWRITE and the number
+      of bytes in the buf has changed by the next SSL_write call.
+    - Fix segfault fetching directory when network is down
+    - Fix a variety of minor memory leaks
+    - Dirservers reload the fingerprints file on HUP, so I don't have
+      to take down the network when I approve a new router
+    - Default server config file has explicit Address line to specify fqdn
+
+  o Buffers:
+    - Buffers grow and shrink as needed (Cut process size from 20M to 2M)
+    - Make listener connections not ever alloc bufs
+
+  o Autoconf improvements:
+    - don't clobber an external CFLAGS in ./configure
+    - Make install now works
+    - create var/lib/tor on make install
+    - autocreate a tor.sh initscript to help distribs
+    - autocreate the torrc and sample-server-torrc with correct paths
+
+  o Log files and Daemonizing now work:
+    - If --DebugLogFile is specified, log to it at -l debug
+    - If --LogFile is specified, use it instead of commandline
+    - If --RunAsDaemon is set, tor forks and backgrounds on startup
diff --git a/Doxyfile.in b/Doxyfile.in
new file mode 100644
index 0000000..4374e54
--- /dev/null
+++ b/Doxyfile.in
@@ -0,0 +1,2513 @@
+# Doxyfile 1.8.15
+
+# (Tor's Doxyfile is automatically generated from "Doxyfile.in". Don't
+# edit Doxyfile; edit Doxyfile.in.)
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project.
+#
+# All text after a double hash (##) is considered a comment and is placed in
+# front of the TAG it is preceding.
+#
+# All text after a single hash (#) is considered a comment and will be ignored.
+# The format is:
+# TAG = value [value, ...]
+# For lists, items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (\" \").
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the configuration
+# file that follow. The default is UTF-8 which is also the encoding used for all
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the
+# iconv built into libc) for the transcoding. See
+# https://www.gnu.org/software/libiconv/ for the list of possible encodings.
+# The default value is: UTF-8.
+
+DOXYFILE_ENCODING      = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded by
+# double-quotes, unless you are using Doxywizard) that should identify the
+# project for which the documentation is generated. This name is used in the
+# title of most generated pages and in a few other places.
+# The default value is: My Project.
+
+PROJECT_NAME           = Tor
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number. This
+# could be handy for archiving the generated documentation or if some version
+# control system is used.
+
+PROJECT_NUMBER         = @VERSION@
+
+# Using the PROJECT_BRIEF tag one can provide an optional one line description
+# for a project that appears at the top of each page and should give viewer a
+# quick idea about the purpose of the project. Keep the description short.
+
+PROJECT_BRIEF          =
+
+# With the PROJECT_LOGO tag one can specify a logo or an icon that is included
+# in the documentation. The maximum height of the logo should not exceed 55
+# pixels and the maximum width should not exceed 200 pixels. Doxygen will copy
+# the logo to the output directory.
+
+PROJECT_LOGO           =
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path
+# into which the generated documentation will be written. If a relative path is
+# entered, it will be relative to the location where doxygen was started. If
+# left blank the current directory will be used.
+
+OUTPUT_DIRECTORY       = @abs_top_builddir@/doc/doxygen
+
+# If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub-
+# directories (in 2 levels) under the output directory of each output format and
+# will distribute the generated files over these directories. Enabling this
+# option can be useful when feeding doxygen a huge amount of source files, where
+# putting all generated files in the same directory would otherwise causes
+# performance problems for the file system.
+# The default value is: NO.
+
+CREATE_SUBDIRS         = NO
+
+# If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII
+# characters to appear in the names of generated files. If set to NO, non-ASCII
+# characters will be escaped, for example _xE3_x81_x84 will be used for Unicode
+# U+3044.
+# The default value is: NO.
+
+ALLOW_UNICODE_NAMES    = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese,
+# Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States),
+# Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian,
+# Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages),
+# Korean, Korean-en (Korean with English messages), Latvian, Lithuanian,
+# Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian,
+# Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish,
+# Ukrainian and Vietnamese.
+# The default value is: English.
+
+OUTPUT_LANGUAGE        = English
+
+# The OUTPUT_TEXT_DIRECTION tag is used to specify the direction in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all generated output in the proper direction.
+# Possible values are: None, LTR, RTL and Context.
+# The default value is: None.
+
+OUTPUT_TEXT_DIRECTION  = None
+
+# If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member
+# descriptions after the members that are listed in the file and class
+# documentation (similar to Javadoc). Set to NO to disable this.
+# The default value is: YES.
+
+BRIEF_MEMBER_DESC      = YES
+
+# If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief
+# description of a member or function before the detailed description
+#
+# Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+# The default value is: YES.
+
+REPEAT_BRIEF           = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator that is
+# used to form the text in various listings. Each string in this list, if found
+# as the leading text of the brief description, will be stripped from the text
+# and the result, after processing the whole list, is used as the annotated
+# text. Otherwise, the brief description is used as-is. If left blank, the
+# following values are used ($name is automatically replaced with the name of
+# the entity):The $name class, The $name widget, The $name file, is, provides,
+# specifies, contains, represents, a, an and the.
+
+ABBREVIATE_BRIEF       = "The $name class" \
+                         "The $name widget" \
+                         "The $name file" \
+                         is \
+                         provides \
+                         specifies \
+                         contains \
+                         represents \
+                         a \
+                         an \
+                         the
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# doxygen will generate a detailed section even if there is only a brief
+# description.
+# The default value is: NO.
+
+ALWAYS_DETAILED_SEC    = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+# The default value is: NO.
+
+INLINE_INHERITED_MEMB  = NO
+
+# If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path
+# before files name in the file list and in the header files. If set to NO the
+# shortest path that makes the file name unique will be used
+# The default value is: YES.
+
+FULL_PATH_NAMES        = YES
+
+# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path.
+# Stripping is only done if one of the specified strings matches the left-hand
+# part of the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the path to
+# strip.
+#
+# Note that you can specify absolute paths here, but also relative paths, which
+# will be relative from the directory where doxygen is started.
+# This tag requires that the tag FULL_PATH_NAMES is set to YES.
+
+STRIP_FROM_PATH        = ./src
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the
+# path mentioned in the documentation of a class, which tells the reader which
+# header file to include in order to use a class. If left blank only the name of
+# the header file containing the class definition is used. Otherwise one should
+# specify the list of include paths that are normally passed to the compiler
+# using the -I flag.
+
+STRIP_FROM_INC_PATH    =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but
+# less readable) file names. This can be useful is your file systems doesn't
+# support long names like on DOS, Mac, or CD-ROM.
+# The default value is: NO.
+
+SHORT_NAMES            = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the
+# first line (until the first dot) of a Javadoc-style comment as the brief
+# description. If set to NO, the Javadoc-style will behave just like regular Qt-
+# style comments (thus requiring an explicit @brief command for a brief
+# description.)
+# The default value is: NO.
+
+JAVADOC_AUTOBRIEF      = NO
+
+# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first
+# line (until the first dot) of a Qt-style comment as the brief description. If
+# set to NO, the Qt-style will behave just like regular Qt-style comments (thus
+# requiring an explicit \brief command for a brief description.)
+# The default value is: NO.
+
+QT_AUTOBRIEF           = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a
+# multi-line C++ special comment block (i.e. a block of //! or /// comments) as
+# a brief description. This used to be the default behavior. The new default is
+# to treat a multi-line C++ comment block as a detailed description. Set this
+# tag to YES if you prefer the old behavior instead.
+#
+# Note that setting this tag to YES also means that rational rose comments are
+# not recognized any more.
+# The default value is: NO.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the
+# documentation from any documented member that it re-implements.
+# The default value is: YES.
+
+INHERIT_DOCS           = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new
+# page for each member. If set to NO, the documentation of a member will be part
+# of the file/class/namespace that contains it.
+# The default value is: NO.
+
+SEPARATE_MEMBER_PAGES  = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen
+# uses this value to replace tabs by spaces in code fragments.
+# Minimum value: 1, maximum value: 16, default value: 4.
+
+TAB_SIZE               = 8
+
+# This tag can be used to specify a number of aliases that act as commands in
+# the documentation. An alias has the form:
+# name=value
+# For example adding
+# "sideeffect=@par Side Effects:\n"
+# will allow you to put the command \sideeffect (or @sideeffect) in the
+# documentation, which will result in a user-defined paragraph with heading
+# "Side Effects:". You can put \n's in the value part of an alias to insert
+# newlines (in the resulting output). You can put ^^ in the value part of an
+# alias to insert a newline as if a physical newline was in the original file.
+# When you need a literal { or } or , in the value part of an alias you have to
+# escape them by means of a backslash (\), this can lead to conflicts with the
+# commands \{ and \} for these it is advised to use the version @{ and @} or use
+# a double escape (\\{ and \\})
+
+ALIASES                =
+
+ALIASES += refdir{1}="\ref src/\1 \"\1\""
+
+ALIASES += ticket{1}="[ticket \1](https://bugs.torproject.org/\1)"
+
+# This tag can be used to specify a number of word-keyword mappings (TCL only).
+# A mapping has the form "name=value". For example adding "class=itcl::class"
+# will allow you to use the command class in the itcl::class meaning.
+
+TCL_SUBST              =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources
+# only. Doxygen will then generate output that is more tailored for C. For
+# instance, some of the names that are used will be different. The list of all
+# members will be omitted, etc.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_FOR_C  = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or
+# Python sources only. Doxygen will then generate output that is more tailored
+# for that language. For instance, namespaces will be presented as packages,
+# qualified scopes will look different, etc.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_JAVA   = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources. Doxygen will then generate output that is tailored for Fortran.
+# The default value is: NO.
+
+OPTIMIZE_FOR_FORTRAN   = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for VHDL.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_VHDL   = NO
+
+# Set the OPTIMIZE_OUTPUT_SLICE tag to YES if your project consists of Slice
+# sources only. Doxygen will then generate output that is more tailored for that
+# language. For instance, namespaces will be presented as modules, types will be
+# separated into more groups, etc.
+# The default value is: NO.
+
+OPTIMIZE_OUTPUT_SLICE  = NO
+
+# Doxygen selects the parser to use depending on the extension of the files it
+# parses. With this tag you can assign which parser to use for a given
+# extension. Doxygen has a built-in mapping, but you can override or extend it
+# using this tag. The format is ext=language, where ext is a file extension, and
+# language is one of the parsers supported by doxygen: IDL, Java, Javascript,
+# Csharp (C#), C, C++, D, PHP, md (Markdown), Objective-C, Python, Slice,
+# Fortran (fixed format Fortran: FortranFixed, free formatted Fortran:
+# FortranFree, unknown formatted Fortran: Fortran. In the later case the parser
+# tries to guess whether the code is fixed or free formatted code, this is the
+# default for Fortran type files), VHDL, tcl. For instance to make doxygen treat
+# .inc files as Fortran files (default is PHP), and .f files as C (default is
+# Fortran), use: inc=Fortran f=C.
+#
+# Note: For files without extension you can use no_extension as a placeholder.
+#
+# Note that for custom extensions you also need to set FILE_PATTERNS otherwise
+# the files are not read by doxygen.
+
+EXTENSION_MAPPING      = dox=md h=C c=C inc=C md=md
+
+# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments
+# according to the Markdown format, which allows for more readable
+# documentation. See https://daringfireball.net/projects/markdown/ for details.
+# The output of markdown processing is further processed by doxygen, so you can
+# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in
+# case of backward compatibilities issues.
+# The default value is: YES.
+
+MARKDOWN_SUPPORT       = YES
+
+# When the TOC_INCLUDE_HEADINGS tag is set to a non-zero value, all headings up
+# to that level are automatically included in the table of contents, even if
+# they do not have an id attribute.
+# Note: This feature currently applies only to Markdown headings.
+# Minimum value: 0, maximum value: 99, default value: 0.
+# This tag requires that the tag MARKDOWN_SUPPORT is set to YES.
+
+TOC_INCLUDE_HEADINGS   = 0
+
+# When enabled doxygen tries to link words that correspond to documented
+# classes, or namespaces to their corresponding documentation. Such a link can
+# be prevented in individual cases by putting a % sign in front of the word or
+# globally by setting AUTOLINK_SUPPORT to NO.
+# The default value is: YES.
+
+AUTOLINK_SUPPORT       = YES
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should set this
+# tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string);
+# versus func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+# The default value is: NO.
+
+BUILTIN_STL_SUPPORT    = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+# The default value is: NO.
+
+CPP_CLI_SUPPORT        = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip (see:
+# https://www.riverbankcomputing.com/software/sip/intro) sources only. Doxygen
+# will parse them like normal C++ but will assume all classes use public instead
+# of private inheritance when no explicit protection keyword is present.
+# The default value is: NO.
+
+SIP_SUPPORT            = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate
+# getter and setter methods for a property. Setting this option to YES will make
+# doxygen to replace the get and set methods by a property in the documentation.
+# This will only work if the methods are indeed getting or setting a simple
+# type. If this is not the case, or you want to show the methods anyway, you
+# should set this option to NO.
+# The default value is: YES.
+
+IDL_PROPERTY_SUPPORT   = NO
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+# The default value is: NO.
+
+DISTRIBUTE_GROUP_DOC   = NO
+
+# If one adds a struct or class to a group and this option is enabled, then also
+# any nested class or struct is added to the same group. By default this option
+# is disabled and one has to add nested compounds explicitly via \ingroup.
+# The default value is: NO.
+
+GROUP_NESTED_COMPOUNDS = NO
+
+# Set the SUBGROUPING tag to YES to allow class member groups of the same type
+# (for instance a group of public functions) to be put as a subgroup of that
+# type (e.g. under the Public Functions section). Set it to NO to prevent
+# subgrouping. Alternatively, this can be done per class using the
+# \nosubgrouping command.
+# The default value is: YES.
+
+SUBGROUPING            = YES
+
+# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions
+# are shown inside the group in which they are included (e.g. using \ingroup)
+# instead of on a separate page (for HTML and Man pages) or section (for LaTeX
+# and RTF).
+#
+# Note that this feature does not work in combination with
+# SEPARATE_MEMBER_PAGES.
+# The default value is: NO.
+
+INLINE_GROUPED_CLASSES = NO
+
+# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions
+# with only public data fields or simple typedef fields will be shown inline in
+# the documentation of the scope in which they are defined (i.e. file,
+# namespace, or group documentation), provided this scope is documented. If set
+# to NO, structs, classes, and unions are shown on a separate page (for HTML and
+# Man pages) or section (for LaTeX and RTF).
+# The default value is: NO.
+
+INLINE_SIMPLE_STRUCTS  = NO
+
+# When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or
+# enum is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically be
+# useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+# The default value is: NO.
+
+TYPEDEF_HIDES_STRUCT   = YES
+
+# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This
+# cache is used to resolve symbols given their name and scope. Since this can be
+# an expensive process and often the same symbol appears multiple times in the
+# code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small
+# doxygen will become slower. If the cache is too large, memory is wasted. The
+# cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range
+# is 0..9, the default is 0, corresponding to a cache size of 2^16=65536
+# symbols. At the end of a run doxygen will report the cache usage and suggest
+# the optimal cache size from a speed point of view.
+# Minimum value: 0, maximum value: 9, default value: 0.
+
+LOOKUP_CACHE_SIZE      = 0
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in
+# documentation are documented, even if no documentation was available. Private
+# class members and static file members will be hidden unless the
+# EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES.
+# Note: This will also disable the warnings about undocumented members that are
+# normally produced when WARNINGS is set to YES.
+# The default value is: NO.
+
+EXTRACT_ALL            = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will
+# be included in the documentation.
+# The default value is: NO.
+
+EXTRACT_PRIVATE        = NO
+
+# If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal
+# scope will be included in the documentation.
+# The default value is: NO.
+
+EXTRACT_PACKAGE        = NO
+
+# If the EXTRACT_STATIC tag is set to YES, all static members of a file will be
+# included in the documentation.
+# The default value is: NO.
+
+EXTRACT_STATIC         = YES
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined
+# locally in source files will be included in the documentation. If set to NO,
+# only classes defined in header files are included. Does not have any effect
+# for Java sources.
+# The default value is: YES.
+
+EXTRACT_LOCAL_CLASSES  = YES
+
+# This flag is only useful for Objective-C code. If set to YES, local methods,
+# which are defined in the implementation section but not in the interface are
+# included in the documentation. If set to NO, only methods in the interface are
+# included.
+# The default value is: NO.
+
+EXTRACT_LOCAL_METHODS  = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base name of
+# the file that contains the anonymous namespace. By default anonymous namespace
+# are hidden.
+# The default value is: NO.
+
+EXTRACT_ANON_NSPACES   = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all
+# undocumented members inside documented classes or files. If set to NO these
+# members will be included in the various overviews, but no documentation
+# section is generated. This option has no effect if EXTRACT_ALL is enabled.
+# The default value is: NO.
+
+HIDE_UNDOC_MEMBERS     = NO
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy. If set
+# to NO, these classes will be included in the various overviews. This option
+# has no effect if EXTRACT_ALL is enabled.
+# The default value is: NO.
+
+HIDE_UNDOC_CLASSES     = NO
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend
+# (class|struct|union) declarations. If set to NO, these declarations will be
+# included in the documentation.
+# The default value is: NO.
+
+HIDE_FRIEND_COMPOUNDS  = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any
+# documentation blocks found inside the body of a function. If set to NO, these
+# blocks will be appended to the function's detailed documentation block.
+# The default value is: NO.
+
+HIDE_IN_BODY_DOCS      = NO
+
+# The INTERNAL_DOCS tag determines if documentation that is typed after a
+# \internal command is included. If the tag is set to NO then the documentation
+# will be excluded. Set it to YES to include the internal documentation.
+# The default value is: NO.
+
+INTERNAL_DOCS          = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file
+# names in lower-case letters. If set to YES, upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+# The default value is: system dependent.
+
+CASE_SENSE_NAMES       = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with
+# their full class and namespace scopes in the documentation. If set to YES, the
+# scope will be hidden.
+# The default value is: NO.
+
+HIDE_SCOPE_NAMES       = YES
+
+# If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will
+# append additional text to a page's title, such as Class Reference. If set to
+# YES the compound reference will be hidden.
+# The default value is: NO.
+
+HIDE_COMPOUND_REFERENCE= NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of
+# the files that are included by a file in the documentation of that file.
+# The default value is: YES.
+
+SHOW_INCLUDE_FILES     = YES
+
+# If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each
+# grouped member an include statement to the documentation, telling the reader
+# which file to include in order to use the member.
+# The default value is: NO.
+
+SHOW_GROUPED_MEMB_INC  = NO
+
+# If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include
+# files with double quotes in the documentation rather than with sharp brackets.
+# The default value is: NO.
+
+FORCE_LOCAL_INCLUDES   = NO
+
+# If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the
+# documentation for inline members.
+# The default value is: YES.
+
+INLINE_INFO            = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the
+# (detailed) documentation of file and class members alphabetically by member
+# name. If set to NO, the members will appear in declaration order.
+# The default value is: YES.
+
+SORT_MEMBER_DOCS       = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief
+# descriptions of file, namespace and class members alphabetically by member
+# name. If set to NO, the members will appear in declaration order. Note that
+# this will also influence the order of the classes in the class list.
+# The default value is: NO.
+
+SORT_BRIEF_DOCS        = NO
+
+# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the
+# (brief and detailed) documentation of class members so that constructors and
+# destructors are listed first. If set to NO the constructors will appear in the
+# respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS.
+# Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief
+# member documentation.
+# Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting
+# detailed member documentation.
+# The default value is: NO.
+
+SORT_MEMBERS_CTORS_1ST = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy
+# of group names into alphabetical order. If set to NO the group names will
+# appear in their defined order.
+# The default value is: NO.
+
+SORT_GROUP_NAMES       = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by
+# fully-qualified names, including namespaces. If set to NO, the class list will
+# be sorted only by class name, not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the alphabetical
+# list.
+# The default value is: NO.
+
+SORT_BY_SCOPE_NAME     = NO
+
+# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper
+# type resolution of all parameters of a function it will reject a match between
+# the prototype and the implementation of a member function even if there is
+# only one candidate or it is obvious which candidate to choose by doing a
+# simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still
+# accept a match between prototype and implementation in such cases.
+# The default value is: NO.
+
+STRICT_PROTO_MATCHING  = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo
+# list. This list is created by putting \todo commands in the documentation.
+# The default value is: YES.
+
+GENERATE_TODOLIST      = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test
+# list. This list is created by putting \test commands in the documentation.
+# The default value is: YES.
+
+GENERATE_TESTLIST      = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug
+# list. This list is created by putting \bug commands in the documentation.
+# The default value is: YES.
+
+GENERATE_BUGLIST       = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO)
+# the deprecated list. This list is created by putting \deprecated commands in
+# the documentation.
+# The default value is: YES.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional documentation
+# sections, marked by \if  ... \endif and \cond 
+# ... \endcond blocks.
+
+ENABLED_SECTIONS       =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the
+# initial value of a variable or macro / define can have for it to appear in the
+# documentation. If the initializer consists of more lines than specified here
+# it will be hidden. Use a value of 0 to hide initializers completely. The
+# appearance of the value of individual variables and macros / defines can be
+# controlled using \showinitializer or \hideinitializer command in the
+# documentation regardless of this setting.
+# Minimum value: 0, maximum value: 10000, default value: 30.
+
+MAX_INITIALIZER_LINES  = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated at
+# the bottom of the documentation of classes and structs. If set to YES, the
+# list will mention the files that were used to generate the documentation.
+# The default value is: YES.
+
+SHOW_USED_FILES        = YES
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page. This
+# will remove the Files entry from the Quick Index and from the Folder Tree View
+# (if specified).
+# The default value is: YES.
+
+SHOW_FILES             = YES
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces
+# page. This will remove the Namespaces entry from the Quick Index and from the
+# Folder Tree View (if specified).
+# The default value is: YES.
+
+SHOW_NAMESPACES        = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command command input-file, where command is the value of the
+# FILE_VERSION_FILTER tag, and input-file is the name of an input file provided
+# by doxygen. Whatever the program writes to standard output is used as the file
+# version. For an example see the documentation.
+
+FILE_VERSION_FILTER    =
+
+# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed
+# by doxygen. The layout file controls the global structure of the generated
+# output files in an output format independent way. To create the layout file
+# that represents doxygen's defaults, run doxygen with the -l option. You can
+# optionally specify a file name after the option, if omitted DoxygenLayout.xml
+# will be used as the name of the layout file.
+#
+# Note that if you run doxygen from a directory containing a file called
+# DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE
+# tag is left empty.
+
+LAYOUT_FILE            =
+
+# The CITE_BIB_FILES tag can be used to specify one or more bib files containing
+# the reference definitions. This must be a list of .bib files. The .bib
+# extension is automatically appended if omitted. This requires the bibtex tool
+# to be installed. See also https://en.wikipedia.org/wiki/BibTeX for more info.
+# For LaTeX the style of the bibliography can be controlled using
+# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the
+# search path. See also \cite for info how to create references.
+
+CITE_BIB_FILES         =
+
+#---------------------------------------------------------------------------
+# Configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated to
+# standard output by doxygen. If QUIET is set to YES this implies that the
+# messages are off.
+# The default value is: NO.
+
+QUIET                  = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated to standard error (stderr) by doxygen. If WARNINGS is set to YES
+# this implies that the warnings are on.
+#
+# Tip: Turn warnings on while writing the documentation.
+# The default value is: YES.
+
+WARNINGS               = YES
+
+# If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate
+# warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag
+# will automatically be disabled.
+# The default value is: YES.
+
+WARN_IF_UNDOCUMENTED   = @DOXYGEN_WARN_ON_MISSING@
+
+# If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some parameters
+# in a documented function, or documenting parameters that don't exist or using
+# markup commands wrongly.
+# The default value is: YES.
+
+WARN_IF_DOC_ERROR      = YES
+
+# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that
+# are documented, but have no documentation for their parameters or return
+# value. If set to NO, doxygen will only warn about wrong or incomplete
+# parameter documentation, but not about the absence of documentation. If
+# EXTRACT_ALL is set to YES then this flag will automatically be disabled.
+# The default value is: NO.
+
+WARN_NO_PARAMDOC       = NO
+
+# If the WARN_AS_ERROR tag is set to YES then doxygen will immediately stop when
+# a warning is encountered.
+# The default value is: NO.
+
+WARN_AS_ERROR          = @DOXYGEN_FATAL_WARNINGS@
+
+# The WARN_FORMAT tag determines the format of the warning messages that doxygen
+# can produce. The string should contain the $file, $line, and $text tags, which
+# will be replaced by the file and line number from which the warning originated
+# and the warning text. Optionally the format may contain $version, which will
+# be replaced by the version of the file (if it could be obtained via
+# FILE_VERSION_FILTER)
+# The default value is: $file:$line: $text.
+
+WARN_FORMAT            = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning and error
+# messages should be written. If left blank the output is written to standard
+# error (stderr).
+
+WARN_LOGFILE           =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag is used to specify the files and/or directories that contain
+# documented source files. You may enter file names like myfile.cpp or
+# directories like /usr/src/myproject. Separate the files or directories with
+# spaces. See also FILE_PATTERNS and EXTENSION_MAPPING
+# Note: If this tag is empty the current directory is searched.
+
+INPUT                  = ./src/
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses
+# libiconv (or the iconv built into libc) for the transcoding. See the libiconv
+# documentation (see: https://www.gnu.org/software/libiconv/) for the list of
+# possible encodings.
+# The default value is: UTF-8.
+
+INPUT_ENCODING         = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and
+# *.h) to filter out the source-files in the directories.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# read by doxygen.
+#
+# If left blank the following patterns are tested:*.c, *.cc, *.cxx, *.cpp,
+# *.c++, *.java, *.ii, *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h,
+# *.hh, *.hxx, *.hpp, *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc,
+# *.m, *.markdown, *.md, *.mm, *.dox, *.py, *.pyw, *.f90, *.f95, *.f03, *.f08,
+# *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, *.qsf and *.ice.
+
+FILE_PATTERNS          = *.c \
+                         *.h \
+                         *.inc \
+                         *.md
+
+# The RECURSIVE tag can be used to specify whether or not subdirectories should
+# be searched for input files as well.
+# The default value is: NO.
+
+RECURSIVE              = YES
+
+# The EXCLUDE tag can be used to specify files and/or directories that should be
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+#
+# Note that relative paths are relative to the directory from which doxygen is
+# run.
+
+EXCLUDE                = ./src/ext/ed25519 \
+                         ./src/ext/rust \
+                         ./src/trunnel \
+                         ./src/test \
+                         ./src/rust/registry
+
+# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
+# directories that are symbolic links (a Unix file system feature) are excluded
+# from the input.
+# The default value is: NO.
+
+EXCLUDE_SYMLINKS       = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories.
+#
+# Note that the wildcards are matched against the file with absolute path, so to
+# exclude all test directories for example use the pattern */test/*
+
+EXCLUDE_PATTERNS       =
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+#
+# Note that the wildcards are matched against the file with absolute path, so to
+# exclude all test directories use the pattern */test/*
+
+EXCLUDE_SYMBOLS        =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or directories
+# that contain example code fragments that are included (see the \include
+# command).
+
+EXAMPLE_PATH           =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and
+# *.h) to filter out the source-files in the directories. If left blank all
+# files are included.
+
+EXAMPLE_PATTERNS       = *
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude commands
+# irrespective of the value of the RECURSIVE tag.
+# The default value is: NO.
+
+EXAMPLE_RECURSIVE      = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or directories
+# that contain images that are to be included in the documentation (see the
+# \image command).
+
+IMAGE_PATH             =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command:
+#
+#  
+#
+# where  is the value of the INPUT_FILTER tag, and  is the
+# name of an input file. Doxygen will then use the output that the filter
+# program writes to standard output. If FILTER_PATTERNS is specified, this tag
+# will be ignored.
+#
+# Note that the filter must not add or remove lines; it is applied before the
+# code is scanned, but not when the output code is generated. If lines are added
+# or removed, the anchors will not be placed correctly.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
+
+INPUT_FILTER           =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis. Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match. The filters are a list of the form: pattern=filter
+# (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how
+# filters are used. If the FILTER_PATTERNS tag is empty or if none of the
+# patterns match the file name, INPUT_FILTER is applied.
+#
+# Note that for custom extensions or not directly supported extensions you also
+# need to set EXTENSION_MAPPING for the extension otherwise the files are not
+# properly processed by doxygen.
+
+FILTER_PATTERNS        =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will also be used to filter the input files that are used for
+# producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES).
+# The default value is: NO.
+
+FILTER_SOURCE_FILES    = NO
+
+# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file
+# pattern. A pattern will override the setting for FILTER_PATTERN (if any) and
+# it is also possible to disable source filtering for a specific pattern using
+# *.ext= (so without naming a filter).
+# This tag requires that the tag FILTER_SOURCE_FILES is set to YES.
+
+FILTER_SOURCE_PATTERNS =
+
+# If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that
+# is part of the input, its contents will be placed on the main page
+# (index.html). This can be useful if you have a project on for instance GitHub
+# and want to reuse the introduction page also for the doxygen output.
+
+USE_MDFILE_AS_MAINPAGE =
+
+#---------------------------------------------------------------------------
+# Configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will be
+# generated. Documented entities will be cross-referenced with these sources.
+#
+# Note: To get rid of all source code in the generated output, make sure that
+# also VERBATIM_HEADERS is set to NO.
+# The default value is: NO.
+
+SOURCE_BROWSER         = YES
+
+# Setting the INLINE_SOURCES tag to YES will include the body of functions,
+# classes and enums directly into the documentation.
+# The default value is: NO.
+
+INLINE_SOURCES         = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any
+# special comment blocks from generated source code fragments. Normal C, C++ and
+# Fortran comments will always remain visible.
+# The default value is: YES.
+
+STRIP_CODE_COMMENTS    = NO
+
+# If the REFERENCED_BY_RELATION tag is set to YES then for each documented
+# entity all documented functions referencing it will be listed.
+# The default value is: NO.
+
+REFERENCED_BY_RELATION = YES
+
+# If the REFERENCES_RELATION tag is set to YES then for each documented function
+# all documented entities called/used by that function will be listed.
+# The default value is: NO.
+
+REFERENCES_RELATION    = NO
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set
+# to YES then the hyperlinks from functions in REFERENCES_RELATION and
+# REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will
+# link to the documentation.
+# The default value is: YES.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the
+# source code will show a tooltip with additional information such as prototype,
+# brief description and links to the definition and documentation. Since this
+# will make the HTML file larger and loading of large files a bit slower, you
+# can opt to disable this feature.
+# The default value is: YES.
+# This tag requires that the tag SOURCE_BROWSER is set to YES.
+
+SOURCE_TOOLTIPS        = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code will
+# point to the HTML generated by the htags(1) tool instead of doxygen built-in
+# source browser. The htags tool is part of GNU's global source tagging system
+# (see https://www.gnu.org/software/global/global.html). You will need version
+# 4.8.6 or higher.
+#
+# To use it do the following:
+# - Install the latest version of global
+# - Enable SOURCE_BROWSER and USE_HTAGS in the configuration file
+# - Make sure the INPUT points to the root of the source tree
+# - Run doxygen as normal
+#
+# Doxygen will invoke htags (and that will in turn invoke gtags), so these
+# tools must be available from the command line (i.e. in the search path).
+#
+# The result: instead of the source browser generated by doxygen, the links to
+# source code will now point to the output of htags.
+# The default value is: NO.
+# This tag requires that the tag SOURCE_BROWSER is set to YES.
+
+USE_HTAGS              = NO
+
+# If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a
+# verbatim copy of the header file for each class for which an include is
+# specified. Set to NO to disable this.
+# See also: Section \class.
+# The default value is: YES.
+
+VERBATIM_HEADERS       = YES
+
+#---------------------------------------------------------------------------
+# Configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all
+# compounds will be generated. Enable this if the project contains a lot of
+# classes, structs, unions or interfaces.
+# The default value is: YES.
+
+ALPHABETICAL_INDEX     = YES
+
+# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in
+# which the alphabetical index list will be split.
+# Minimum value: 1, maximum value: 20, default value: 5.
+# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
+
+COLS_IN_ALPHA_INDEX    = 5
+
+# In case all classes in a project start with a common prefix, all classes will
+# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag
+# can be used to specify a prefix (or a list of prefixes) that should be ignored
+# while generating the index headers.
+# This tag requires that the tag ALPHABETICAL_INDEX is set to YES.
+
+IGNORE_PREFIX          =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output
+# The default value is: YES.
+
+GENERATE_HTML          = YES
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a
+# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of
+# it.
+# The default directory is: html.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_OUTPUT            = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each
+# generated HTML page (for example: .htm, .php, .asp).
+# The default value is: .html.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_FILE_EXTENSION    = .html
+
+# The HTML_HEADER tag can be used to specify a user-defined HTML header file for
+# each generated HTML page. If the tag is left blank doxygen will generate a
+# standard header.
+#
+# To get valid HTML the header file that includes any scripts and style sheets
+# that doxygen needs, which is dependent on the configuration options used (e.g.
+# the setting GENERATE_TREEVIEW). It is highly recommended to start with a
+# default header using
+# doxygen -w html new_header.html new_footer.html new_stylesheet.css
+# YourConfigFile
+# and then modify the file new_header.html. See also section "Doxygen usage"
+# for information on how to generate the default header that doxygen normally
+# uses.
+# Note: The header is subject to change so you typically have to regenerate the
+# default header when upgrading to a newer version of doxygen. For a description
+# of the possible markers and block names see the documentation.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_HEADER            =
+
+# The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each
+# generated HTML page. If the tag is left blank doxygen will generate a standard
+# footer. See HTML_HEADER for more information on how to generate a default
+# footer and what special commands can be used inside the footer. See also
+# section "Doxygen usage" for information on how to generate the default footer
+# that doxygen normally uses.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_FOOTER            =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading style
+# sheet that is used by each HTML page. It can be used to fine-tune the look of
+# the HTML output. If left blank doxygen will generate a default style sheet.
+# See also section "Doxygen usage" for information on how to generate the style
+# sheet that doxygen normally uses.
+# Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as
+# it is more robust and this tag (HTML_STYLESHEET) will in the future become
+# obsolete.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_STYLESHEET        =
+
+# The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined
+# cascading style sheets that are included after the standard style sheets
+# created by doxygen. Using this option one can overrule certain style aspects.
+# This is preferred over using HTML_STYLESHEET since it does not replace the
+# standard style sheet and is therefore more robust against future updates.
+# Doxygen will copy the style sheet files to the output directory.
+# Note: The order of the extra style sheet files is of importance (e.g. the last
+# style sheet in the list overrules the setting of the previous ones in the
+# list). For an example see the documentation.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_EXTRA_STYLESHEET  = doc/tor-doxygen.css
+
+# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or
+# other source files which should be copied to the HTML output directory. Note
+# that these files will be copied to the base HTML output directory. Use the
+# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these
+# files. In the HTML_STYLESHEET file, use the file name only. Also note that the
+# files will be copied as-is; there are no commands or markers available.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_EXTRA_FILES       =
+
+# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen
+# will adjust the colors in the style sheet and background images according to
+# this color. Hue is specified as an angle on a colorwheel, see
+# https://en.wikipedia.org/wiki/Hue for more information. For instance the value
+# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300
+# purple, and 360 is red again.
+# Minimum value: 0, maximum value: 359, default value: 220.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_HUE    = 150
+
+# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors
+# in the HTML output. For a value of 0 the output will use grayscales only. A
+# value of 255 will produce the most vivid colors.
+# Minimum value: 0, maximum value: 255, default value: 100.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_SAT    = 100
+
+# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the
+# luminance component of the colors in the HTML output. Values below 100
+# gradually make the output lighter, whereas values above 100 make the output
+# darker. The value divided by 100 is the actual gamma applied, so 80 represents
+# a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not
+# change the gamma.
+# Minimum value: 40, maximum value: 240, default value: 80.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_COLORSTYLE_GAMMA  = 80
+
+# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML
+# page will contain the date and time when the page was generated. Setting this
+# to YES can help to show when doxygen was last run and thus if the
+# documentation is up to date.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_TIMESTAMP         = NO
+
+# If the HTML_DYNAMIC_MENUS tag is set to YES then the generated HTML
+# documentation will contain a main index with vertical navigation menus that
+# are dynamically created via Javascript. If disabled, the navigation index will
+# consists of multiple levels of tabs that are statically embedded in every HTML
+# page. Disable this option to support browsers that do not have Javascript,
+# like the Qt help browser.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_DYNAMIC_MENUS     = YES
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_DYNAMIC_SECTIONS  = NO
+
+# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries
+# shown in the various tree structured indices initially; the user can expand
+# and collapse entries dynamically later on. Doxygen will expand the tree to
+# such a level that at most the specified number of entries are visible (unless
+# a fully collapsed tree already exceeds this amount). So setting the number of
+# entries 1 will produce a full collapsed tree by default. 0 is a special value
+# representing an infinite number of entries and will result in a full expanded
+# tree by default.
+# Minimum value: 0, maximum value: 9999, default value: 100.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+HTML_INDEX_NUM_ENTRIES = 100
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files will be
+# generated that can be used as input for Apple's Xcode 3 integrated development
+# environment (see: https://developer.apple.com/xcode/), introduced with OSX
+# 10.5 (Leopard). To create a documentation set, doxygen will generate a
+# Makefile in the HTML output directory. Running make will produce the docset in
+# that directory and running make install will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at
+# startup. See https://developer.apple.com/library/archive/featuredarticles/Doxy
+# genXcode/_index.html for more information.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_DOCSET        = NO
+
+# This tag determines the name of the docset feed. A documentation feed provides
+# an umbrella under which multiple documentation sets from a single provider
+# (such as a company or product suite) can be grouped.
+# The default value is: Doxygen generated docs.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_FEEDNAME        = "Doxygen generated docs"
+
+# This tag specifies a string that should uniquely identify the documentation
+# set bundle. This should be a reverse domain-name style string, e.g.
+# com.mycompany.MyDocSet. Doxygen will append .docset to the name.
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_BUNDLE_ID       = org.doxygen.Project
+
+# The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify
+# the documentation publisher. This should be a reverse domain-name style
+# string, e.g. com.mycompany.MyDocSet.documentation.
+# The default value is: org.doxygen.Publisher.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_PUBLISHER_ID    = org.doxygen.Publisher
+
+# The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher.
+# The default value is: Publisher.
+# This tag requires that the tag GENERATE_DOCSET is set to YES.
+
+DOCSET_PUBLISHER_NAME  = Publisher
+
+# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three
+# additional HTML index files: index.hhp, index.hhc, and index.hhk. The
+# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop
+# (see: https://www.microsoft.com/en-us/download/details.aspx?id=21138) on
+# Windows.
+#
+# The HTML Help Workshop contains a compiler that can convert all HTML output
+# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML
+# files are now used as the Windows 98 help format, and will replace the old
+# Windows help format (.hlp) on all Windows platforms in the future. Compressed
+# HTML files also contain an index, a table of contents, and you can search for
+# words in the documentation. The HTML workshop also contains a viewer for
+# compressed HTML files.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_HTMLHELP      = NO
+
+# The CHM_FILE tag can be used to specify the file name of the resulting .chm
+# file. You can add a path in front of the file if the result should not be
+# written to the html output directory.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+CHM_FILE               =
+
+# The HHC_LOCATION tag can be used to specify the location (absolute path
+# including file name) of the HTML help compiler (hhc.exe). If non-empty,
+# doxygen will try to run the HTML help compiler on the generated index.hhp.
+# The file has to be specified with full path.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+HHC_LOCATION           =
+
+# The GENERATE_CHI flag controls if a separate .chi index file is generated
+# (YES) or that it should be included in the master .chm file (NO).
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+GENERATE_CHI           = NO
+
+# The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc)
+# and project file content.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+CHM_INDEX_ENCODING     =
+
+# The BINARY_TOC flag controls whether a binary table of contents is generated
+# (YES) or a normal table of contents (NO) in the .chm file. Furthermore it
+# enables the Previous and Next buttons.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+BINARY_TOC             = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members to
+# the table of contents of the HTML help documentation and to the tree view.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTMLHELP is set to YES.
+
+TOC_EXPAND             = NO
+
+# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and
+# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that
+# can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help
+# (.qch) of the generated HTML documentation.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_QHP           = NO
+
+# If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify
+# the file name of the resulting .qch file. The path specified is relative to
+# the HTML output folder.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QCH_FILE               =
+
+# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help
+# Project output. For more information please see Qt Help Project / Namespace
+# (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#namespace).
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_NAMESPACE          = org.doxygen.Project
+
+# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt
+# Help Project output. For more information please see Qt Help Project / Virtual
+# Folders (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#virtual-
+# folders).
+# The default value is: doc.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_VIRTUAL_FOLDER     = doc
+
+# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom
+# filter to add. For more information please see Qt Help Project / Custom
+# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-
+# filters).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_CUST_FILTER_NAME   =
+
+# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the
+# custom filter to add. For more information please see Qt Help Project / Custom
+# Filters (see: http://doc.qt.io/archives/qt-4.8/qthelpproject.html#custom-
+# filters).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_CUST_FILTER_ATTRS  =
+
+# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this
+# project's filter section matches. Qt Help Project / Filter Attributes (see:
+# http://doc.qt.io/archives/qt-4.8/qthelpproject.html#filter-attributes).
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHP_SECT_FILTER_ATTRS  =
+
+# The QHG_LOCATION tag can be used to specify the location of Qt's
+# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the
+# generated .qhp file.
+# This tag requires that the tag GENERATE_QHP is set to YES.
+
+QHG_LOCATION           =
+
+# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be
+# generated, together with the HTML files, they form an Eclipse help plugin. To
+# install this plugin and make it available under the help contents menu in
+# Eclipse, the contents of the directory containing the HTML and XML files needs
+# to be copied into the plugins directory of eclipse. The name of the directory
+# within the plugins directory should be the same as the ECLIPSE_DOC_ID value.
+# After copying Eclipse needs to be restarted before the help appears.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_ECLIPSEHELP   = NO
+
+# A unique identifier for the Eclipse help plugin. When installing the plugin
+# the directory name containing the HTML and XML files should also have this
+# name. Each documentation set should have its own identifier.
+# The default value is: org.doxygen.Project.
+# This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES.
+
+ECLIPSE_DOC_ID         = org.doxygen.Project
+
+# If you want full control over the layout of the generated HTML pages it might
+# be necessary to disable the index and replace it with your own. The
+# DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top
+# of each HTML page. A value of NO enables the index and the value YES disables
+# it. Since the tabs in the index contain the same information as the navigation
+# tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+DISABLE_INDEX          = NO
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
+# structure should be generated to display hierarchical information. If the tag
+# value is set to YES, a side panel will be generated containing a tree-like
+# index structure (just like the one that is generated for HTML Help). For this
+# to work a browser that supports JavaScript, DHTML, CSS and frames is required
+# (i.e. any modern browser). Windows users are probably better off using the
+# HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can
+# further fine-tune the look of the index. As an example, the default style
+# sheet generated by doxygen has an example that shows how to put an image at
+# the root of the tree instead of the PROJECT_NAME. Since the tree basically has
+# the same information as the tab index, you could consider setting
+# DISABLE_INDEX to YES when enabling this option.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+GENERATE_TREEVIEW      = NO
+
+# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that
+# doxygen will group on one line in the generated HTML documentation.
+#
+# Note that a value of 0 will completely suppress the enum values from appearing
+# in the overview section.
+# Minimum value: 0, maximum value: 20, default value: 4.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+ENUM_VALUES_PER_LINE   = 4
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used
+# to set the initial width (in pixels) of the frame in which the tree is shown.
+# Minimum value: 0, maximum value: 1500, default value: 250.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+TREEVIEW_WIDTH         = 250
+
+# If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to
+# external symbols imported via tag files in a separate window.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+EXT_LINKS_IN_WINDOW    = NO
+
+# Use this tag to change the font size of LaTeX formulas included as images in
+# the HTML documentation. When you change the font size after a successful
+# doxygen run you need to manually remove any form_*.png images from the HTML
+# output directory to force them to be regenerated.
+# Minimum value: 8, maximum value: 50, default value: 10.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+FORMULA_FONTSIZE       = 10
+
+# Use the FORMULA_TRANSPARENT tag to determine whether or not the images
+# generated for formulas are transparent PNGs. Transparent PNGs are not
+# supported properly for IE 6.0, but are supported on all modern browsers.
+#
+# Note that when changing this option you need to delete any form_*.png files in
+# the HTML output directory before the changes have effect.
+# The default value is: YES.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+FORMULA_TRANSPARENT    = YES
+
+# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see
+# https://www.mathjax.org) which uses client side Javascript for the rendering
+# instead of using pre-rendered bitmaps. Use this if you do not have LaTeX
+# installed or if you want to formulas look prettier in the HTML output. When
+# enabled you may also need to install MathJax separately and configure the path
+# to it using the MATHJAX_RELPATH option.
+# The default value is: NO.
+# This tag requires that the tag GENERATE_HTML is set to YES.
+
+USE_MATHJAX            = NO
+
+# When MathJax is enabled you can set the default output format to be used for
+# the MathJax output. See the MathJax site (see:
+# http://docs.mathjax.org/en/latest/output.html) for more details.
+# Possible values are: HTML-CSS (which is slower, but has the best
+# compatibility), NativeMML (i.e. MathML) and SVG.
+# The default value is: HTML-CSS.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_FORMAT         = HTML-CSS
+
+# When MathJax is enabled you need to specify the location relative to the HTML
+# output directory using the MATHJAX_RELPATH option. The destination directory
+# should contain the MathJax.js script. For instance, if the mathjax directory
+# is located at the same level as the HTML output directory, then
+# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax
+# Content Delivery Network so you can quickly see the result without installing
+# MathJax. However, it is strongly recommended to install a local copy of
+# MathJax from https://www.mathjax.org before deployment.
+# The default value is: https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_RELPATH        = https://cdnjs.cloudflare.com/ajax/libs/mathjax/2.7.5/
+
+# The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax
+# extension names that should be enabled during MathJax rendering. For example
+# MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_EXTENSIONS     =
+
+# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces
+# of code that will be used on startup of the MathJax code. See the MathJax site
+# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an
+# example see the documentation.
+# This tag requires that the tag USE_MATHJAX is set to YES.
+
+MATHJAX_CODEFILE       =
+
+# When the SEARCHENGINE tag is enabled doxygen will generate a search box for
+# the HTML output. The underlying search engine uses javascript and DHTML and
+# should work on any modern browser. Note that when using HTML help
+# (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET)
+# there is already a search function so this one should typically be disabled.
+# For large projects the javascript based search engine can be slow, then
+# enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to
+# search using the keyboard; to jump to the search box use  + S
+# (what the  is depends on the OS and browser, but it is typically
+# , /