fold in the changes files to the new 0.2.5.2-alpha changelog

ChangeLog

@@ -1,4 +1,52 @@
-Changes in version 0.2.5.2 - 2013-01-??
+Changes in version 0.2.5.2 - 2013-02-13
+
+  o Major features (client security):
+    - When we choose a path for a 3-hop circuit, make sure it contains
+      at least one relay that supports the NTor circuit extension
+      handshake. Otherwise, there is a chance that we're building
+      a circuit that's worth attacking by an adversary who finds
+      breaking 1024-bit crypto doable, and that chance changes the game
+      theory. Implements ticket 9777.
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+
+  o Major features (bridges):
+    - Don't launch pluggable transport proxies if we don't have any
+      bridges configured that would use them. Now we can list many
+      pluggable transports, and Tor will dynamically start one when it
+      hears a bridge address that needs it. Resolves ticket 5018.
+    - The bridge directory authority now assigns status flags (Stable,
+      Guard, etc) to bridges based on thresholds calculated over all
+      Running bridges. Now bridgedb can finally make use of its features
+      to e.g. include at least one Stable bridge in its answers. Fixes
+      bug 9859.
+
+  o Major features (other):
+    - Extend ORCONN controller event to include an "ID" parameter,
+      and add four new controller event types CONN_BW, CIRC_BW,
+      CELL_STATS, and TB_EMPTY that show connection and circuit usage.
+      The new events are emitted in private Tor networks only, with the
+      goal of being able to better track performance and load during
+      full-network simulations. Implements proposal 218 and ticket 7359.
+    - On some platforms (currently: recent OSX versions, glibc-based
+      platforms that support the ELF format, and a few other
+      Unix-like operating systems), Tor can now dump stack traces
+      when a crash occurs or an assertion fails. By default, traces
+      are dumped to stderr (if possible) and to any logs that are
+      reporting errors. Implements ticket 9299.
+
+  o Major bugfixes:
+    - Avoid a segfault on SIGUSR1, where we had freed a connection but did
+      not entirely remove it from the connection lists. Fixes bug 9602;
+      bugfix on 0.2.4.4-alpha.
+    - Do not treat streams that fail with reason
+      END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
+      since it could also indicate an ENETUNREACH connection error. Fixes
+      part of bug 10777; bugfix on 0.2.4.8-alpha.
 
   o Major bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20):
     - Do not allow OpenSSL engines to replace the PRNG, even when
@@ -25,6 +73,167 @@ Changes in version 0.2.5.2 - 2013-01-??
       only our first guard. Discovered while fixing bug 9946; bugfix
       on 0.2.4.8-alpha.
 
+  o Minor features (bridges, pluggable transports):
+    - Add threshold cutoffs to the networkstatus document created by
+      the Bridge Authority. Fixes bug 1117.
+    - On Windows, spawn background processes using the CREATE_NO_WINDOW
+      flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
+      doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
+      Vidalia set this option for us.) Implements ticket 10297.
+
+  o Minor features (security):
+    - Always clear OpenSSL bignums before freeing them -- even bignums
+      that don't contain secrets. Resolves ticket 10793. Patch by
+      Florent Daigniere.
+
+  o Minor features (config options and command line):
+    - Add an --allow-missing-torrc commandline option that tells Tor to
+      run even if the configuration file specified by -f is not available.
+      Implements ticket 10060.
+    - Add support for the TPROXY transparent proxying facility on Linux.
+      See documentation for the new TransProxyType option for more
+      details. Implementation by "thomo". Closes ticket 10582.
+
+  o Minor features (controller):
+    - Add a new "HS_DESC" controller event that reports activities
+      related to hidden service descriptors. Resolves ticket 8510.
+    - New "DROPGUARDS" controller command to forget all current entry
+      guards. Not recommended for ordinary use, since replacing guards
+      too frequently makes several attacks easier. Resolves ticket 9934;
+      patch from "ra".
+
+  o Minor features (build):
+    - Assume that a user using ./configure --host wants to cross-compile,
+      and give an error if we cannot find a properly named
+      tool-chain. Add a --disable-tool-name-check option to proceed
+      nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.
+    - If we run ./configure and the compiler recognizes -fstack-protector
+      but the linker rejects it, warn the user about a potentially missing
+      libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.
+
+  o Minor features (testing):
+    - If Python is installed, "make check" now runs extra tests beyond
+      the unit test scripts.
+    - When bootstrapping a test network, sometimes very few relays get
+      the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
+      specify a set of relays which should be voted Guard regardless of
+      their uptime or bandwidth. Addresses ticket 9206.
+
+  o Minor features (log messages):
+    - When ServerTransportPlugin is set on a bridge, Tor can write more
+      useful statistics about bridge use in its extrainfo descriptors,
+      but only if the Extended ORPort ("ExtORPort") is set too. Add a
+      log message to inform the user in this case. Resolves ticket 9651.
+    - When receiving a new controller connection, log the origin address.
+      Resolves ticket 9698; patch from "sigpipe".
+    - When logging OpenSSL engine status at startup, log the status of
+      more engines. Fixes ticket 10043; patch from Joshua Datko.
+    - Turn "circuit handshake stats since last time" log messages into a
+      heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
+
+  o Minor features (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
+    - Improve the circuit queue out-of-memory handler. Previously, when
+      we ran low on memory, we'd close whichever circuits had the most
+      queued cells. Now, we close those that have the *oldest* queued
+      cells, on the theory that those are most responsible for us
+      running low on memory. Based on analysis from a forthcoming paper
+      by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
+    - Generate bootstrapping status update events correctly when fetching
+      microdescriptors. Fixes bug 9927.
+    - Update to the October 2 2013 Maxmind GeoLite Country database.
+
+  o Minor bugfixes (clients):
+    - When closing a channel that has already been open, do not close
+      pending circuits that were waiting to connect to the same relay.
+      Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for
+      finding this bug.
+
+  o Minor bugfixes (relays):
+    - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
+      exit node as a NOROUTE error, not an INTERNAL error, since they
+      can apparently happen when trying to connect to the wrong sort
+      of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (bridges):
+    - Fix a bug where the first connection works to a bridge that uses a
+      pluggable transport with client-side parameters, but we don't send
+      the client-side parameters on subsequent connections. (We don't
+      use any pluggable transports with client-side parameters yet,
+      but ScrambleSuit will soon become the first one.) Fixes bug 9162;
+      bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
+
+  o Minor bugfixes (node selection):
+    - If ExcludeNodes is set, consider non-excluded hidden service
+      directory servers before excluded ones. Do not consider excluded
+      hidden service directory servers at all if StrictNodes is
+      set. (Previously, we would sometimes decide to connect to those
+      servers, and then realize before we initiated a connection that
+      we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
+      Reported by "mr-4".
+    - If we set the ExitNodes option but it doesn't include any nodes
+      that have the Exit flag, we would choose not to bootstrap. Now we
+      bootstrap so long as ExitNodes includes nodes which can exit to
+      some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (controller and command-line):
+    - If changing a config option via "setconf" fails in a recoverable
+      way, we used to nonetheless write our new control ports to the
+      file described by the "ControlPortWriteToFile" option. Now we only
+      write out that file if we successfully switch to the new config
+      option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
+    - When a command-line option such as --version or --help that
+      ordinarily implies --hush appears on the command line along with
+      --quiet, then actually obey --quiet. Previously, we obeyed --quiet
+      only if it appeared later on the command line. Fixes bug 9578;
+      bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (code correctness):
+    - Previously we used two temporary files when writing descriptors to
+      disk; now we only use one. Fixes bug 1376.
+    - Remove an erroneous (but impossible and thus harmless) pointer
+      comparison that would have allowed compilers to skip a bounds
+      check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
+      0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
+    - Fix an always-true assertion in pluggable transports code so it
+      actually checks what it was trying to check. Fixes bug 10046;
+      bugfix on 0.2.3.9-alpha. Found by "dcb".
+
+  o Minor bugfixes (protocol correctness):
+    - When receiving a VERSIONS cell with an odd number of bytes, close
+      the connection immediately since the cell is malformed. Fixes bug
+      10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
+      "rl1987".
+
+  o Minor bugfixes (build):
+    - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
+      turned off (that is, without support for v2 link handshakes). Fixes
+      bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".
+    - Fix compilation warnings and startup issues when running with
+      "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on
+      0.2.5.1-alpha.
+    - Fix compilation on Solaris 9, which didn't like us having an
+      identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.
+
+  o Minor bugfixes (testing):
+    - Fix a segmentation fault in our benchmark code when running with
+      Fedora's OpenSSL package, or any other OpenSSL that provides
+      ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.
+
+  o Minor bugfixes (log messages):
+    - Fix a bug where clients using bridges would report themselves
+      as 50% bootstrapped even without a live consensus document.
+      Fixes bug 9922; bugfix on 0.2.1.1-alpha.
+    - Suppress a warning where, if there's only one directory authority
+      in the network, we would complain that votes and signatures cannot
+      be uploaded to other directory authorities. Fixes bug 10842;
+      bugfix on 0.2.2.26-beta.
+    - Report bootstrapping progress correctly when we're downloading
+      microdescriptors. We had updated our "do we have enough microdescs
+      to begin building circuits?" logic most recently in 0.2.4.10-alpha
+      (see bug 5956), but we left the bootstrap status event logic at
+      "how far through getting 1/4 of them are we?" Fixes bug 9958;
+      bugfix on 0.2.2.36, which is where they diverged (see bug 5343).
+
   o Minor bugfixes (new since 0.2.5.1-alpha, also in 0.2.4.20):
     - Avoid a crash bug when starting with a corrupted microdescriptor
       cache file. Fixes bug 10406; bugfix on 0.2.2.6-alpha.
@@ -63,22 +272,39 @@ Changes in version 0.2.5.2 - 2013-01-??
       sorry. Fixes bug 9928; bugfix on 0.2.3.18-rc. Bug found by
       Pedro Ribeiro.
 
-  o Minor bugfixes:
-    - When closing a channel that has already been open, do not close
-      pending circuits that were waiting to connect to the same relay.
-      Fixes bug 9880; bugfix on 0.2.5.1-alpha. Thanks to skruffy for
-      finding this bug.
+  o Removed code and features:
+    - Clients now reject any directory authority certificates lacking
+      a dir-key-crosscert element. These have been included since
+      0.2.1.9-alpha, so there's no real reason for them to be optional
+      any longer. Completes proposal 157. Resolves ticket 10162.
+    - Remove all code that existed to support the v2 directory system,
+      since there are no longer any v2 directory authorities. Resolves
+      ticket 10758.
+    - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
+      options, which were used for designating authorities as "Hidden
+      service authorities". There has been no use of hidden service
+      authorities since 0.2.2.1-alpha, when we stopped uploading or
+      downloading v0 hidden service descriptors. Fixes bug 10881; also
+      part of a fix for bug 10841.
 
-  o Minor features (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
-    - Improve the circuit queue out-of-memory handler. Previously, when
-      we ran low on memory, we'd close whichever circuits had the most
-      queued cells. Now, we close those that have the *oldest* queued
-      cells, on the theory that those are most responsible for us
-      running low on memory. Based on analysis from a forthcoming paper
-      by Jansen, Tschorsch, Johnson, and Scheuermann. Fixes bug 9093.
-    - Generate bootstrapping status update events correctly when fetching
-      microdescriptors. Fixes bug 9927.
-    - Update to the October 2 2013 Maxmind GeoLite Country database.
+  o Code simplification and refactoring:
+    - Remove some old fallback code designed to keep Tor clients working
+      in a network with only two working relays. Elsewhere in the code we
+      have long since stopped supporting such networks, so there wasn't
+      much point in keeping it around. Addresses ticket 9926.
+    - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
+      bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
+    - Remove data structures which were introduced to implement the
+      CellStatistics option: they are now redundant with the addition
+      of a timestamp to the regular packed_cell_t data structure, which
+      we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements
+      ticket 10870.
+
+  o Documentation (man page) fixes:
+    - Update manpage to describe some of the files you can expect to
+      find in Tor's DataDirectory. Addresses ticket 9839.
+    - Document that all but one DirPort entry must have the NoAdvertise
+      flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
 
   o Documentation fixes (new since 0.2.5.1-alpha, also in 0.2.4.18-rc):
     - Clarify the usage and risks of setting the ContactInfo torrc line
@@ -88,6 +314,11 @@ Changes in version 0.2.5.2 - 2013-01-??
     - Replace remaining references to DirServer in man page and
       log entries. Resolves ticket 10124.
 
+  o Tool changes:
+    - Make the "tor-gencert" tool used by directory authority operators
+      create 2048-bit signing keys by default (rather than 1024-bit, since
+      1024-bit is uncomfortably small these days). Addresses ticket 10324.
+
 
 Changes in version 0.2.4.20 - 2013-12-22
   Tor 0.2.4.20 fixes potentially poor random number generation for users

changes/10582_tproxy

@@ -1,6 +0,0 @@
-  o Minor features:
-    - Add support for the TPROXY transparent proxying facility on Linux.
-      See documentation for the new TransProxyType option for more
-      details. Implementation by "thomo". Closes ticket 10582.
-
-

changes/10777_netunreach

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
-      exit node as a NOROUTE error, not an INTERNAL error, since they
-      can apparently happen when trying to connect to the wrong sort
-      of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
-

changes/bug10046

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Fix an always-true assertion in pluggable transports code so it
-      actually checks what it was trying to check. Fixes bug 10046;
-      bugfix on 0.2.3.9-alpha. Found by "dcb".

changes/bug10297

@@ -1,5 +0,0 @@
-  o Minor features:
-    - On Windows, spawn background processes using the CREATE_NO_WINDOW
-      flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
-      doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
-      Vidalia set this option for us.) Implements ticket 10297.

changes/bug10313

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Remove an erroneous (but impossible and thus harmless) pointer
-      comparison that would have allowed compilers to skip a bounds
-      check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
-      0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
-

changes/bug10324

@@ -1,4 +0,0 @@
-  o Tool changes:
-    - Make the "tor-gencert" tool used by directory authority operators
-      create 2048-bit signing keys by default (rather than 1024-bit, since
-      1024-bit is uncomfortably small these days). Addresses ticket 10324.

changes/bug10365

@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - When receiving a VERSIONS cell with an odd number of bytes, close
-      the connection immediately since the cell is malformed. Fixes bug
-      10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
-      "rl1987".
-
-

changes/bug10470

@@ -1,4 +0,0 @@
-  o Documentation fixes:
-    - Document that all but one DirPort entry must have the NoAdvertise
-      flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
-

changes/bug10485

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Turn "circuit handshake stats since last time" log messages into a
-      heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
-

changes/bug10536

@@ -1,5 +0,0 @@
-
-  o Code simplification and refactoring:
-    - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
-      bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
-

changes/bug10543

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - If we set the ExitNodes option but it doesn't include any nodes
-      that have the Exit flag, we would choose not to bootstrap. Now we
-      bootstrap so long as ExitNodes includes nodes which can exit to
-      some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
-

changes/bug10565

@@ -1,3 +0,0 @@
-  o Minor bugfixes:
-    - Fix compilation on Solaris 9, which didn't like us having an
-      identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.

changes/bug10722

@@ -1,8 +0,0 @@
-  o Minor bugfixes:
-    - If ExcludeNodes is set, consider non-excluded hidden service
-      directory servers before excluded ones. Do not consider excluded
-      hidden service directory servers at all if StrictNodes is
-      set. (Previously, we would sometimes decide to connect to those
-      servers, and then realize before we initiated a connection that
-      we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
-      Reported by "mr-4".

changes/bug10758

@@ -1,4 +0,0 @@
-  o Removed code and features:
-    - Remove all code that existed to support the v2 directory system,
-      since there are no longer any v2 directory authorities. Resolves
-      ticket 10758.

changes/bug10777_internal_024

@@ -1,5 +0,0 @@
-  o Major bugfixes:
-    - Do not treat streams that fail with reason
-      END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
-      since it could also indicate an ENETUNREACH connection error. Fixes
-      part of bug 10777; bugfix on 0.2.4.8-alpha.

changes/bug10793

@@ -1,4 +0,0 @@
-  o Minor features (security):
-    - Always clear OpenSSL bignums before freeing them -- even bignums
-      that don't contain secrets. Resolves ticket 10793. Patch by
-      Florent Daigniere.

changes/bug10835

@@ -1,4 +0,0 @@
-  o Minor bugfixes (testing):
-    - Fix a segmentation fault in our benchmark code when running with
-      Fedora's OpenSSL package, or any other OpenSSL that provides
-      ECDH but not P224. Fixes bug 10835; bugfix on 0.2.4.8-alpha.

changes/bug10842

@@ -1,5 +0,0 @@
-  o Minor bugfixes (log messages):
-    - Suppress a warning where, if there's only one directory authority
-      in the network, we would complain that votes and signatures cannot
-      be uploaded to other directory authorities. Fixes bug 10842;
-      bugfix on 0.2.2.26-beta.

changes/bug10870

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove data structures which were introduced to implement the
-      CellStatistics option: they are now redundant with the addition
-      of a timestamp to the regular packed_cell_t data structure, which
-      we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements
-      ticket 10870.

changes/bug10881

@@ -1,7 +0,0 @@
-  o Removed config options:
-    - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
-      options, which were used for designating authorities as "Hidden
-      service authorities". There has been no use of hidden service
-      authorities since 0.2.2.1-alpha, when we stopped uploading or
-      downloading v0 hidden service descriptors. Fixes bug 10881; also
-      part of a fix for bug 10841.

changes/bug1376

@@ -1,3 +0,0 @@
-  o Code simplification and refactoring: 
-    - Previously we used two temporary files when writing descriptors to
-      disk; now we only use one. Implements ticket 1376.

changes/bug4677

@@ -1,4 +0,0 @@
-  o Minor bugfixes (build):
-    - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
-      turned off (that is, without support for v2 link handshakes). Fixes
-      bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".

changes/bug5018

@@ -1,5 +0,0 @@
-  o Major features:
-    - Don't launch pluggable transport proxies if we don't have any
-      bridges configured that would use them. Now we can list many
-      pluggable transports, and Tor will dynamically start one when it
-      hears a bridge address that needs it. Resolves ticket 5018.

changes/bug5605

@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - If changing a config option via "setconf" fails in a recoverable
-      way, we used to nonetheless write our new control ports to the
-      file described by the "ControlPortWriteToFile" option. Now we only
-      write out that file if we successfully switch to the new config
-      option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
-

changes/bug7359

@@ -1,9 +0,0 @@
-  o Major features (controller):
-    - Extend ORCONN controller event to include an "ID" parameter,
-      and add four new controller event types CONN_BW, CIRC_BW,
-      CELL_STATS, and TB_EMPTY that show connection and circuit usage.
-      The new events are emitted in private Tor networks only, with the
-      goal of being able to better track performance and load during
-      full-network simulations. Implements proposal 218. Resolves
-      ticket 7359.
-

changes/bug9162

@@ -1,8 +0,0 @@
-  o Minor bugfixes:
-    - Fix a bug where the first connection works to a bridge that uses a
-      pluggable transport with client-side parameters, but we don't send
-      the client-side parameters on subsequent connections. (We don't
-      use any pluggable transports with client-side parameters yet,
-      but ScrambleSuit will soon become the first one.) Fixes bug 9162;
-      bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
-

changes/bug9206

@@ -1,6 +0,0 @@
-  o Minor features (testing):
-    - When bootstrapping a test network, sometimes very few relays get
-      the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
-      specify a set of relays which should be voted Guard regardless of
-      their uptime or bandwidth. Addresses ticket 9206.
-

changes/bug9578

@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - When a command-line option such as --version or --help that
-      ordinarily implies --hush appears on the command line along with
-      --quiet, then actually obey --quiet. Previously, we obeyed --quiet
-      only if it appeared later on the command line. Fixes bug 9578;
-      bugfix on 0.2.5.1-alpha.
-

changes/bug9602

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Avoid a segfault on SIGUSR1, where we had freed a connection but did
-      not entirely remove it from the connection lists. Fixes bug 9602;
-      bugfix on 0.2.4.4-alpha.

changes/bug9651

@@ -1,5 +0,0 @@
-  o Minor features:
-    - When ServerTransportPlugin is set on a bridge, Tor can write more
-      useful statistics about bridge use in its extrainfo descriptors,
-      but only if the Extended ORPort ("ExtORPort") is set too. Add a
-      log message to inform the user in this case. Resolves ticket 9651.

changes/bug9698

@@ -1,3 +0,0 @@
-  o Minor features:
-    - When receiving a new controller connection, log the origin address.
-      Resolves ticket 9698; patch from "sigpipe".

changes/bug9859

@@ -1,10 +0,0 @@
-  o Major features:
-    - The bridge directory authority now assigns status flags (Stable,
-      Guard, etc) to bridges based on thresholds calculated over all
-      Running bridges. Now bridgedb can finally make use of its features
-      to e.g. include at least one Stable bridge in its answers. Fixes
-      bug 9859.
-  o Minor features:
-    - Add threshold cutoffs to the networkstatus document created by
-      the Bridge Authority. Fixes bug 1117.
-

changes/bug9869

@@ -1,5 +0,0 @@
-  o Minor features (build):
-    - Assume that a user using ./configure --host wants to cross-compile,
-      and give an error if we cannot find a properly named
-      tool-chain. Add a --disable-tool-name-check option to proceed
-      nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.

changes/bug9922

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Fix a bug where clients using bridges would report themselves
-      as 50% bootstrapped even without a live consensus document.
-      Fixes bug 9922; bugfix on 0.2.1.1-alpha.
-

changes/bug9926

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Remove some old fallback code designed to keep Tor clients working
-      in a network with only two working relays. Elsewhere in the code we
-      have long since stopped supporting such networks, so there wasn't
-      much point in keeping it around. Addresses ticket 9926.
-

changes/bug9934

@@ -1,5 +0,0 @@
-  o Minor features (controller):
-    - New "DROPGUARDS" controller command to forget all current entry
-      guards. Not recommended for ordinary use, since replacing guards
-      too frequently makes several attacks easier. Resolves ticket 9934;
-      patch from "ra".

changes/bug9948

@@ -1,4 +0,0 @@
-  o Minor features (build):
-    - If we run ./configure and the compiler recognizes -fstack-protector
-      but the linker rejects it, warn the user about a potentially missing
-      libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.

changes/bug9958

@@ -1,8 +0,0 @@
-  o Minor bugfixes:
-    - Report bootstrapping progress correctly when we're downloading
-      microdescriptors. We had updated our "do we have enough microdescs
-      to begin building circuits?" logic most recently in 0.2.4.10-alpha
-      (see bug 5956), but we left the bootstrap status event logic at
-      "how far through getting 1/4 of them are we?" Fixes bug 9958;
-      bugfix on 0.2.2.36, which is where they diverged (see bug 5343).
-

changes/feature9777

@@ -1,7 +0,0 @@
-  o Major features:
-    - When we choose a path for a 3-hop circuit, make sure it contains
-      at least one relay that supports the NTor circuit extension
-      handshake. Otherwise, there is a chance that we're building
-      a circuit that's worth attacking by an adversary who finds
-      breaking 1024-bit crypto doable, and that chance changes the game
-      theory. Implements ticket 9777.

changes/prop157-require

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Clients now reject any directory authority certificates lacking
-      a dir-key-crosscert element. These have been included since
-      0.2.1.9-alpha, so there's no real reason for them to be optional
-      any longer. Completes proposal 157. Resolves ticket 10162.

changes/prop221

@@ -1,7 +0,0 @@
-  o Major features:
-    - Clients now look at the "usecreatefast" consensus parameter to
-      decide whether to use CREATE_FAST or CREATE cells for the first hop
-      of their circuit. This approach can improve security on connections
-      where Tor's circuit handshake is stronger than the available TLS
-      connection security levels, but the tradeoff is more computational
-      load on guard relays. Implements proposal 221. Resolves ticket 9386.

changes/python-tests

@@ -1,4 +0,0 @@
-  o Minor features:
-    - If Python is installed, "make check" now runs extra tests beyond
-      the unit test scripts.
-

changes/seccomp2-fixes

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Fix compilation warnings and startup issues when running with
-      "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on
-      0.2.5.1-alpha.

changes/stack_trace

@@ -1,8 +0,0 @@
-  o Major features:
-    - On some platforms (currently: recent OSX versions, glibc-based
-      platforms that support the ELF format, and a few other
-      Unix-like operating systems), Tor can now dump stack traces
-      when a crash occurs or an assertion fails. By default, traces
-      are dumped to stderr (if possible) and to any logs that are
-      reporting errors. Implements ticket 9299.
-

changes/ticket10043

@@ -1,4 +0,0 @@
-  o Minor features:
-    - When logging OpenSSL engine status at startup, log the status of
-      more engines. Fixes ticket 10043; patch from Joshua Datko.
-

changes/ticket10060

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Add an --allow-missing-torrc commandline option that tells Tor to
-      run even if the configuration file specified by -f is not available.
-      Implements ticket 10060.
-

changes/ticket8510

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Add a new "HS_DESC" controller event that reports activities
-      related to hidden service descriptors. Resolves ticket 8510.

changes/ticket9839

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Update manpage to describe some of the files you can expect to
-      find in Tor's DataDirectory. Addresses ticket 9839.