Start working on an 0.2.3 changelog

This is just sorting the entries and lightly editing a couple of
problems I found.

ChangeLog

@@ -1,3 +1,359 @@
+Changes in version 0.2.6.3-alpha - 2015-02-??
+
+  blah blah blah
+
+  o Major features (changed defaults):
+    - Prevent relay operators from unintentionally running exits: When
+      a relay is configured as an exit node, we now warn the user
+      unless the 'ExitRelay' option is set to 1. We warn even more
+      loudly if the relay is configured with the default exit policy,
+      since this tends to indicate accidental misconfiguration.
+      Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
+      Closes ticket 10067.
+
+  o Major features (security)
+    - Implementation of an AF_UNIX socket  option to implement a SOCKS
+      proxy reachable by Unix Domain Socket. This allows client applications to
+      communicate with Tor without having the ability to create AF_INET or
+      AF_INET6 family sockets. If an application has permission to create a socket
+      with AF_UNIX, it may directly communicate with Tor as if it were an other
+      SOCKS proxy. This should allow high risk applications to be entirely prevented
+      from connecting directly with TCP/IP, they will be able to only connect to the
+      internet through AF_UNIX and only through Tor.
+      To create a socket of this type, use the syntax "unix:/path/to/socket".
+      Closes ticket 12585.
+
+  o Major features (hidden services):
+    - Support mapping hidden service virtual ports to AF_UNIX sockets on
+      suitable platforms.  Resolves ticket #11485.
+
+  o Major features (performance):
+    - Refactor the CPU worker implementation for better performance by
+      avoiding the kernel and lengthening pipelines. The original
+      implementation used sockets to transfer data from the main thread
+      to the worker threads, and didn't allow any thread to be assigned
+      more than a single piece of work at once. The new implementation
+      avoids communications overhead by making requests in shared
+      memory, avoiding kernel IO where possible, and keeping more
+      request in flight at once. Resolves issue #9682.
+
+  o Removed features:
+    - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
+      longer silently accepted as an alias for 'ExitNodes'.
+
+  o Major bugfixes (client):
+    - Allow MapAddress and AutomapHostsOnResolve to work together when an
+      address is mapped into another address type that must be
+      automapped at resolve time.  Fixes bug 7555; bugfix on
+      0.2.0.1-alpha.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.  Fixes
+      bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
+      by "cypherpunks".
+
+  o Major bugfixes (mixed relay-client operation):
+    - When running as a relay and a client at the same time (not
+      recommended), if we decide not to use a new guard because we
+      want to retry older guards, only close the locally-originating
+      circuits passing through that guard. Previously we would close
+      all the circuits. Fixes bug 9819; bugfix on
+      0.2.1.1-alpha. Reported by "skruffy".
+
+  o Minor features (authorities, testing):
+    - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard.
+      Ensures that authorities vote the HSDir flag for the listed
+      relays regardless of uptime or ORPort connectivity.
+      Respects the value of VoteOnHidServDirectoriesV2.
+      Partial implementation for ticket 14067. Patch by "teor".
+
+  o Minor features (build):
+    - New --disable-system-torrc compile-time option to prevent Tor from
+      looking for a system-wide torrc or torrc-defaults tile. Resolves
+      ticket 13037.
+
+  o Minor features (controller):
+    - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
+      events to let controllers observe circuit isolation inputs.
+      Closes ticket 8405.
+    - ControlPort now supports the unix:/path/to/dir syntax as an alternative
+      to the ControlSocket option, for consistency with SocksPort and
+      hidden services.  Closes ticket 14451.
+    - New "GETINFO bw-event-cache" to get information about recent bandwidth
+      events. Closes ticket 14128. Useful for controllers to get recent
+      bandwidth history after the fix for 13988.
+
+  o Minor features (directory client):
+    - When downloading server- or microdescriptors from a directory server,
+      we no longer launch multiple simultaneous requests to the same server.
+      This reduces load on the directory servers, especially when directory
+      guards are in use.  Closes ticket 9969.
+    - When downloading server- or microdescriptors over a tunneled
+      connection, do not limit the length of our request to what the Squid
+      proxy is willing to handle.  Part of ticket 9969.
+
+  o Minor features (directory system):
+    - Authorities can now vote on the correct digests and latest versions for
+      different software packages. This allows packages that include Tor to use
+      the Tor authority system as a way to get notified of updates and their
+      correct digests. Implements proposal 227. Closes ticket 10395.
+
+  o Minor features (directory, memory usage):
+    - When we have recently been under memory pressure (over 3/4 of
+      MaxMemInQueues is allocated), then allocate smaller zlib objects for
+      small requests. Closes ticket 11791.
+
+  o Minor features (DOS resistance):
+    - Count the total number of bytes used storing hidden service descriptors
+      against the value of MaxMemInQueues. If we're low on memory, and more
+      than 20% of our memory is used holding hidden service descriptors, free
+      them until no more than 10% of our memory holds hidden service
+      descriptors. Free the least recently fetched descriptors first.
+      Resolves ticket 13806.
+
+  o Minor features (geoip):
+    - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database.
+
+  o Minor features (Guard nodes):
+    - Reduce the time delay before saving guard status to disk from 10
+      minute to 30 seconds (or from one hour to 10 minutes if
+      AvoidDiskWrites is set).  Closes ticket 12485.
+
+  o Minor features (hidden service):
+    - Make hidden service Sybil attacks harder by changing the minimum
+      time required to become an HSDir from 25 hours up to 96 hours.
+      Addresses ticket #14149.
+    - New option "HiddenServiceAllowUnknownPorts" to allow hidden
+      services to disable the anti-scanning feature introduced in
+      0.2.6.2-alpha. With this option not set, a connection to an
+      unlisted port closes the circuit.  With this option set, only a
+      RELAY_DONE cell is sent.  Closes ticket #14084.
+
+  o Minor features (interface):
+    - Implement '-f -' CLI suboption to allow torrc to be read
+      from standard input, thus not requiring to store torrc in file
+      system. Implements feature 13865.
+
+  o Minor features (logging):
+    - Add a count of unique clients to the bridge heartbeat message. Resolves
+      ticket 6852.
+    - Suppress "router info incompatible with extra info" message when
+      reading extrainfo documents from cache. (This message got loud
+      around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket
+      13762.
+    - Elevate authorized-client message from DEBUG to INFO. Closes
+      ticket 14015.
+
+  o Minor features (systemd):
+    - Various improvements and modernizations in systemd hardening support.
+      Closes ticket 13805. Patch from Craig Andrews.
+
+  o Minor features (stability):
+    - Prevent bugs from causing infinite loops in our hash-table
+      iteration code by adding assertions that cached hash values have
+      not been corrupted. Closes ticket 11737.
+
+  o Minor features (testing networks):
+    - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
+      and the default to 2 minutes. Closes ticket 13401. Patch by "nickm".
+    - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
+      but keep the default at 30 seconds. This reduces HS bootstrap time to
+      around 25 seconds. Change src/test/test-network.sh default time to match.
+      Closes ticket 13401. Patch by "teor".
+
+  o Minor bugfixes (automapping):
+    - Prevent changes to other options from removing the wildcard value "."
+      from "AutomapHostsSuffixes".
+      Fixes bug 12509; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (build):
+    - Avoid warnings when building with systemd 209 or later.
+      Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".
+
+  o Minor bugfixes (client DNS):
+    - Report the correct cached DNS expiration times. Previously, we
+      would report everything as "never expires."  Fixes bug 14193;
+      bugfix on 0.2.3.17-beta.
+    - Avoid a small memory leak when we find a cached answer for a reverse
+      DNS lookup in a client-side DNS cache. (Remember, client-side DNS
+      caching is off by default, and is not recommended.) Fixes bug 14259;
+      bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (client, automapping):
+    - Check for a missing option value in parse_virtual_addr_network
+      before asserting on the NULL in tor_addr_parse_mask_ports.
+      This avoids crashing on torrc lines like
+      Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option.
+      Fixes bug 14142; bugfix on 0.2.4.7-alpha.
+      Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve.
+      Fixes bug 14195; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (client, IPV6):
+    - Reject socks requests to literal IPv6 addresses when IPv6Traffic
+      flag is not set; and not because the NoIPv4Traffic flag was set.
+      Previously we'd looked at the NoIPv4Traffic flag for both types
+      of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.
+
+  o Minor bugfixes (client, bridges):
+    - When we are using bridges and we had a network connectivity problem, only
+      retry connecting to our currently configured bridges, not all bridges we
+      know about and remember using.
+      Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma.
+
+  o Minor bugfixes (compilation):
+    - Build without warnings with the stock OpenSSL srtp.h header,
+      which has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+    - The address of an array in the middle of a structure will
+      always be non-NULL. clang recognises this and complains.
+      Disable the tautologous and redundant check to silence
+      this warning.
+      Fixes bug 14001; bugfix on 0.2.1.2-alpha.
+    - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
+      Addresses ticket 14188.
+
+  o Minor bugfixes (controller):
+    - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close
+      reason.  Fixes bug 14207; bugfix on 0.2.6.2-alpha.
+    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116;
+      bugfix on 0.2.2.9-alpha.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one
+      another if they find themselves missing lots of votes.
+      Previously, they had been bumping against the 10 MB queued
+      data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha.
+    - Enlarge the buffer to read bw-auth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (file handling):
+    - Stop failing when key files are zero-length. Instead, generate new
+      keys, and overwrite the empty key files.
+      Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor".
+    - Stop generating a fresh .old RSA key file when the .old file is
+      missing. Fixes part of 13111; bugfix on 0.0.6rc1.
+    - Avoid overwriting .old key files with empty key files.
+    - Skip loading zero-length extra info store, router store, stats, state,
+      and key files.
+    - Avoid crashing when trying to reload a torrc specified as a relative
+      path with RunAsDaemon turned on.  Fixes bug 13397; bugfix on
+      0.2.3.11-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Close the intro circuit once we don't have any more usable intro
+      points instead of making it timeout at some point. This also make sure
+      no extra HS descriptor fetch is triggered.
+      Fixes bug 14224; bugfix on 0.0.6.
+    - When fetching a hidden service descriptor for a down service that we
+      recently up, do not keep refetching until we try the same replica twice
+      in a row.  Fixes bug 14219; bugfix on 0.2.0.10-alpha.
+    - Successfully launch Tor with a nonexistent hidden service directory.
+      Our fix for bug 13942 didn't catch this case. Fixes bug 14106;
+      bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (logging):
+    - Avoid crashing when there are more log domains than entries in
+      domain_list.  Bugfix on 0.2.3.1-alpha.
+    - Add a string representation for LD_SCHED.  Fixes bug 14740;
+      bugfix on 0.2.6.1-alpha.
+
+  o Minor bugfixes (parsing):
+    - Stop accepting milliseconds (or other junk) at the end of
+      descriptor publication times. Fixes bug 9286; bugfix on
+      0.0.2pre25.
+    - Support two-number and three-number version numbers correctly, in
+      case we change the Tor versioning system in the future.  Fixes bug
+      13661; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (portability):
+    - Fix the ioctl()-based network interface lookup code so that it will
+      work on systems that have variable-length struct ifreq, for example
+      Mac OS X.
+
+  o Minor bugfixes (shutdown):
+    - When shutting down, always call event_del() on lingering read or
+      write events before freeing them. Otherwise, we risk double-frees
+      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on
+      0.1.0.2-rc.
+
+  o Minor bugfixes (small memory leaks):
+    - Avoid leaking memory when using IPv6 virtual address mappings.
+      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der
+      Woerdt.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (systemd support):
+    - Fix detection and operation of systemd watchdog. Fixes part of
+      bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz.
+    - Run correctly under systemd with the RunAsDaemon option set.
+      Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz
+      Torcz.
+    - Inform the systemd supervisor about more changes in the Tor process
+      status. Implements part of ticket 14141. Patch from Tomasz Torcz.
+    - Cause the "--disable-systemd" option to actually disable systemd
+      support.  Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from
+      "blueness".
+
+  o Minor bugfixes (TLS):
+    - Check more thoroughly throughout the TLS code for possible unlogged
+      TLS errors. Possible diagnostic or fix for bug 13319.
+
+  o Code simplification and refactoring:
+    - Move fields related to isolating and configuring client ports
+      into a shared structure. Previously, they were duplicated across
+      port_cfg_t, listener_connection_t, and edge_connection_t.
+      Failure to copy one of them correctly had been the cause of at
+      least one bug in the past.  Closes ticket 8546.
+    - Refactor the get_interface_addresses_raw() Doom-function into
+      multiple smaller and easier to understand subfunctions. Cover the
+      resulting subfunctions with unit-tests. Fixes a significant portion 
+      of issue 12376.
+    - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only
+      for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202.
+    - Remove a test for a long-defunct broken version-one directory server.
+
+  o Documentation:
+    - Adding section on OpenBSD to our TUNING document. Thanks to
+      mmcc for writing the OpenBSD-specific tips. Resolves ticket
+      13702.
+    - Make the tor-resolve documentation match its help string and its
+      options. Resolves part of ticket 14325.
+    - Log a more useful error message from tor-resolve when failing to
+      look up a hidden service address. Resolves part of ticket 14325.
+
+  o Downgraded warnings:
+    - Don't warn when we've attempted to contact a relay using the wrong
+      ntor onion key. Closes ticket 9635.
+
+  o Testing:
+    - Make the checkdir/perms test complete successfully even if the
+      global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha.
+    - Test that tor does not fail when key files are zero-length.
+      Check that tor generates new keys, and overwrites the empty key files.
+    - Test that tor generates new keys when keys are missing (existing
+      behaviour).
+    - Test that tor does not overwrite key files that already contain data
+      (existing behaviour).
+      Tests bug 13111. Patch by "teor".
+    - New "make test-stem" target to run stem integration tests.
+      Requires that the "STEM_SOURCE_DIR" environment variable be set.
+      Closes ticket 14107.
+    - Make the test_cmdline_args.py script work correctly on Windows.
+      Patch from Gisle Vanem.
+    - Move the slower unit tests into a new "./src/test/test-slow" binary
+      that can be run independently of the other tests. Closes ticket 13243.
+    - Avoid undefined behavior when sampling huge values from the
+      Laplace distribution. This made unittests fail on Raspberry Pi.
+      Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha.
+
+
+
 Changes in version 0.2.6.2-alpha - 2014-12-31
   Tor 0.2.6.2-alpha is the second alpha release in the 0.2.6.x series.
   It introduces a major new backend for deciding when to send cells on

changes/better_workqueues

@@ -1,10 +0,0 @@
-  o Major features:
-    - Refactor the CPU worker implementation for better performance by
-      avoiding the kernel and lengthening pipelines. The original
-      implementation used sockets to transfer data from the main thread
-      to the worker threads, and didn't allow any thread to be assigned
-      more than a single piece of work at once. The new implementation
-      avoids communications overhead by making requests in shared
-      memory, avoiding kernel IO where possible, and keeping more
-      request in flight at once. Resolves issue #9682.
-

changes/bug11791

@@ -1,4 +0,0 @@
-  o Minor features (directory, memory usage):
-    - When we have recently been under memory pressure (over 3/4 of
-      MaxMemInQueues is allocated), then allocate smaller zlib objects for
-      small requests. Closes ticket 11791.

changes/bug12485

@@ -1,4 +0,0 @@
-  o Minor features (Guard nodes):
-    - Reduce the time delay before saving guard status to disk from 10
-      minute to 30 seconds (or from one hour to 10 minutes if
-      AvoidDiskWrites is set).  Closes ticket 12485.

changes/bug12509

@@ -1,4 +0,0 @@
-  o Minor bugfixes (automapping):
-    - Prevent changes to other options from removing the wildcard value "."
-      from "AutomapHostsSuffixes".
-      Fixes bug 12509; bugfix on 0.2.0.1-alpha.

changes/bug12585

@@ -1,12 +0,0 @@
-  o Major features (security)
-    - Implementation of an AF_UNIX socket  option to implement a SOCKS
-      proxy reachable by Unix Domain Socket. This allows client applications to
-      communicate with Tor without having the ability to create AF_INET or
-      AF_INET6 family sockets. If an application has permission to create a socket
-      with AF_UNIX, it may directly communicate with Tor as if it were an other
-      SOCKS proxy. This should allow high risk applications to be entirely prevented
-      from connecting directly with TCP/IP, they will be able to only connect to the
-      internet through AF_UNIX and only through Tor.
-      To create a socket of this type, use the syntax "unix:/path/to/socket".
-      Closes ticket 12585.
-

changes/bug12985

@@ -1,5 +0,0 @@
-  o Minor bugfixes (shutdown):
-    - When shutting down, always call event_del() on lingering read or
-      write events before freeing them. Otherwise, we risk double-frees
-      or read-after-frees in event_base_free(). Fixes bug 12985; bugfix on
-      0.1.0.2-rc.

changes/bug13111-generate-keys-on-empty-file

@@ -1,20 +0,0 @@
-  o Minor bugfixes (file handling):
-    - Stop failing when key files are zero-length. Instead, generate new
-      keys, and overwrite the empty key files.
-      Fixes bug 13111; bugfix on all versions of Tor. Patch by "teor".
-    - Stop generating a fresh .old RSA key file when the .old file is
-      missing. Fixes part of 13111; bugfix on 0.0.6rc1.
-    - Avoid overwriting .old key files with empty key files.
-
-  o Minor enhancements (file handling):
-    - Skip loading zero-length extra info store, router store, stats, state,
-      and key files.
-
-  o Minor enhancements (testing):
-    - Test that tor does not fail when key files are zero-length.
-      Check that tor generates new keys, and overwrites the empty key files.
-    - Test that tor generates new keys when keys are missing (existing
-      behaviour).
-    - Test that tor does not overwrite key files that already contain data
-      (existing behaviour).
-      Tests bug 13111. Patch by "teor".

changes/bug13319

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Check more thoroughly throughout the TLS code for possible unlogged
-      TLS errors. Possible diagnostic or fix for bug 13319.
-

changes/bug13397

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Avoid crashing when trying to reload a torrc specified as a relative
-      path with RunAsDaemon turned on.  Fixes bug 13397; bugfix on
-      0.2.3.11-alpha.

changes/bug13401

@@ -1,7 +0,0 @@
-  o Minor features (testing networks):
-    - Drop the minimum RendPostPeriod on a testing network to 5 seconds,
-      and the default to 2 minutes. Closes ticket 13401. Patch by "nickm".
-    - Drop the MIN_REND_INITIAL_POST_DELAY on a testing network to 5 seconds,
-      but keep the default at 30 seconds. This reduces HS bootstrap time to
-      around 25 seconds. Change src/test/test-network.sh default time to match.
-      Closes ticket 13401. Patch by "teor".

changes/bug13661

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-
-    - Support two-number and three-number version numbers correctly, in
-      case we change the Tor versioning system in the future.  Fixes bug
-      13661; bugfix on 0.0.8pre1.
-

changes/bug13805

@@ -1,3 +0,0 @@
-  o Minor features (systemd):
-    - Various improvements and modernizations in systemd hardening support.
-      Closes ticket 13805. Patch from Craig Andrews.

changes/bug13806

@@ -1,8 +0,0 @@
-  o Minor features (DOS resistance):
-    - Count the total number of bytes used storing hidden service descriptors
-      against the value of MaxMemInQueues. If we're low on memory, and more
-      than 20% of our memory is used holding hidden service descriptors, free
-      them until no more than 10% of our memory holds hidden service
-      descriptors. Free the least recently fetched descriptors first.
-      Resolves ticket 13806.
-

changes/bug13988

@@ -1,3 +0,0 @@
-  o Minor bugfixes (statistics):
-    - Increase period over which bandwidth observations are aggregated
-      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.

changes/bug14001-clang-warning

@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - The address of an array in the middle of a structure will
-      always be non-NULL. clang recognises this and complains.
-      Disable the tautologous and redundant check to silence
-      this warning.
-      Fixes bug 14001; bugfix on 0.2.1.2-alpha.
-

changes/bug14067-TestingDirAuthVoteHSDir

@@ -1,6 +0,0 @@
-  o Minor features (authorities, testing):
-    - Create TestingDirAuthVoteHSDir like TestingDirAuthVoteExit/Guard.
-      Ensures that authorities vote the HSDir flag for the listed
-      relays regardless of uptime or ORPort connectivity.
-      Respects the value of VoteOnHidServDirectoriesV2.
-      Partial implementation for ticket 14067. Patch by "teor".

changes/bug14072

@@ -1,3 +0,0 @@
-  o Minor bugfixes (build):
-    - Avoid warnings when building with systemd 209 or later.
-      Fixes bug 14072; bugfix on 0.2.6.2-alpha. Patch from "h.venev".

changes/bug14084

@@ -1,6 +0,0 @@
-  o Minor features:
-    - New option "HiddenServiceAllowUnknownPorts" to allow hidden
-      services to disable the anti-scanning feature introduced in
-      0.2.6.2-alpha. With this option not set, a connection to an
-      unlisted port closes the circuit.  With this option set, only a
-      RELAY_DONE cell is sent.  Closes ticket #14084.

changes/bug14090

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Avoid undefined behavior when sampling huge values from the
-      Laplace distribution. This made unittests fail on Raspberry Pi.
-      Bug found by Device. Fixes bug 14090; bugfix on 0.2.6.2-alpha.

changes/bug14106

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - Successfully launch Tor with a nonexistent hidden service directory.
-      Our fix for bug 13942 didn't catch this case. Fixes bug 14106;
-      bugfix on 0.2.6.2-alpha.

changes/bug14116_025

@@ -1,3 +0,0 @@
-  o Minor bugfixes (controller):
-    - Avoid crashing on a malformed EXTENDCIRCUIT command. Fixes bug 14116;
-      bugfix on 0.2.2.9-alpha.

changes/bug14123

@@ -1,4 +0,0 @@
-  o Minor bugfixes (small memory leaks):
-    - Avoid leaking memory when using IPv6 virtual address mappings.
-      Fixes bug 14123; bugfix on 0.2.4.7-alpha. Patch by Tom van der
-      Woerdt.

changes/bug14125

@@ -1,5 +0,0 @@
-  o Minor bugfixes (dirauth):
-    - Enlarge the buffer to read bw-auth generated files to avoid an
-      issue when parsing the file in dirserv_read_measured_bandwidths().
-      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
-

changes/bug14129

@@ -1,7 +0,0 @@
-  o Major bugfixes (exit node stability):
-
-    - Fix an assertion failure that could occur under high DNS load.  Fixes
-      bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
-      by "cypherpunks".
-
-

changes/bug14141

@@ -1,11 +0,0 @@
-  o Minor bugfixes (systemd support):
-    - Fix detection and operation of systemd watchdog. Fixes part of
-      bug 14141; bugfix on 0.2.6.2-alpha. Patch from Tomasz Torcz.
-
-    - Run correctly under systemd with the RunAsDaemon option set.
-      Fixes part of bug 14141; bugfix on 0.2.5.7-rc. Patch from Tomasz
-      Torcz.
-
-  o Minor featurs (systemd support):
-    - Inform the systemd supervisor about more changes in the Tor process
-      status. Implements part of ticket 14141. Patch from Tomasz Torcz.

changes/bug14142-parse-virtual-addr

@@ -1,7 +0,0 @@
-  o Minor bugfixes (client):
-    - Check for a missing option value in parse_virtual_addr_network
-      before asserting on the NULL in tor_addr_parse_mask_ports.
-      This avoids crashing on torrc lines like
-      Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option.
-      Fixes bug 14142; bugfix on 0.2.4.7-alpha.
-      Patch by "teor".

changes/bug14149

@@ -1,4 +0,0 @@
-  o Minor features (hidden service parameters):
-    - Make hidden service Sybil attacks harder by changing the minimum
-      time required to become an HSDir from 25 hours up to 96 hours.
-      Addresses ticket #14149.

changes/bug14193

@@ -1,4 +0,0 @@
-  o Minor bugfixes (client DNS):
-    - Report the correct cached DNS expiration times. Previously, we
-      would report everything as "never expires."  Fixes bug 14193;
-      bugfix on 0.2.3.17-beta.

changes/bug14195

@@ -1,3 +0,0 @@
-  o Minor bugfixes (client):
-    - Fix a memory leak when using AutomapHostsOnResolve.
-      Fixes bug 14195; bugfix on 0.1.0.1-rc.

changes/bug14202

@@ -1,3 +0,0 @@
-  o Minor cleanup:
-    - Remove workaround in dirserv_thinks_router_is_hs_dir() that was only
-      for version <= 0.2.2.24 which is now deprecated. Closes ticket 14202.

changes/bug14207

@@ -1,3 +0,0 @@
-  o Minor bugfixes (controller):
-    - Add a code for the END_CIRC_REASON_IP_NOW_REDUNDANT circuit close
-      reason.  Fixes bug 14207; bugfix on 0.2.6.2-alpha.

changes/bug14215

@@ -1,5 +0,0 @@
-  o Minor bugfixes (tests):
-    - Make the checkdir/perms test complete successfully even if the
-      global umask is not 022. Fixes bug 14215; bugfix on 0.2.6.2-alpha.
-
-

changes/bug14216

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - When we are using bridges and we had a network connectivity problem, only
-      retry connecting to our currently configured bridges, not all bridges we
-      know about and remember using.
-      Fixes bug 14216; bugfix on tor-0.2.2.17-alpha. Patch from arma.

changes/bug14219

@@ -1,6 +0,0 @@
-  o Minor bugfixes (hidden services):
-
-    - When fetching a hidden service descriptor for a down service that we
-      recently up, do not keep refetching until we try the same replica twice
-      in a row.  Fixes bug 14219; bugfix on 0.2.0.10-alpha.
-

changes/bug14220

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Build without warnings with the stock OpenSSL srtp.h header,
-      which has a duplicate declaration of SSL_get_selected_srtp_profile().
-      Fixes bug 14220; this is OpenSSL's bug, not ours.

changes/bug14224

@@ -1,7 +0,0 @@
-  o Minor Bugfix
-    - Close the intro circuit once we don't have any more usable intro
-      points instead of making it timeout at some point. This also make sure
-      no extra HS descriptor fetch is triggered.
-      Fixes bug 14224; bugfix on 0.0.6.
-
-

changes/bug14259

@@ -1,6 +0,0 @@
-  o Minor bugfixes (client):
-    - Avoid a small memory leak when we find a cached answer for a reverse
-      DNS lookup in a client-side DNS cache. (Remember, client-side DNS
-      caching is off by default, and is not recommended.) Fixes bug 14259;
-      bugfix on 0.2.0.1-alpha.
-

changes/bug14261

@@ -1,5 +0,0 @@
-  o Minor bugfixes (directory authority):
-    - Allow directory authorities to fetch more data from one
-      another if they find themselves missing lots of votes.
-      Previously, they had been bumping against the 10 MB queued
-      data limit. Fixes bug 14261; bugfix on 0.1.2.5-alpha.

changes/bug14280

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Reject socks requests to literal IPv6 addresses when IPv6Traffic
-      flag is not set; and not because the NoIPv4Traffic flag was set.
-      Previously we'd looked at the NoIPv4Traffic flag for both types
-      of literal addresses. Fixes bug 14280; bugfix on 0.2.4.7-alpha.

changes/bug14350

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Cause the "--disable-systemd" option to actually disable systemd
-      support.  Fixes bug 14350; bugfix on 0.2.6.2-alpha. Patch from
-      "blueness".

changes/bug14451

@@ -1,5 +0,0 @@
-  o Minor features:
-    - ControlPort now supports the unix:/path/to/dir syntax as an alternative
-      to the ControlSocket option, for consistency with SocksPort and
-      hidden services.  Closes ticket 14451.
-

changes/bug14740

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Avoid crashing when there are more log domains than entries in
-      domain_list.  Bugfix on 0.2.3.1-alpha.
-    - Add a string representation for LD_SCHED.  Fixes bug 14740;
-      bugfix on 0.2.6.1-alpha.

changes/bug6852

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Add a unique client counter to the heartbeat message. Resolves
-      ticket 6852.

changes/bug7555

@@ -1,5 +0,0 @@
-  o Major bugfixes (client):
-    - Allow MapAddress and AutomapHostsOnResolve to work together when an
-      address is mapped into another address type that must be
-      automapped at resolve time.  Fixes bug 7555; bugfix on
-      0.2.0.1-alpha.

changes/bug8546

@@ -1,6 +0,0 @@
-  o Code simplification and refactoring:
-    - Move fields related to isolating and configuring client ports
-      into a shared structure. Previously, they were duplicated across
-      port_cfg_t, listener_connection_t, and edge_connection_t.
-      Failure to copy one of them correctly had been the cause of at
-      least one bug in the past.  Closes ticket 8546.

changes/bug9286

@@ -1,4 +0,0 @@
-  o Minor bugfixes (parsing):
-    - Stop accepting milliseconds (or other junk) at the end of
-      descriptor publication times. Fixes bug 9286; bugfix on
-      0.0.2pre25.

changes/bug9635

@@ -1,3 +0,0 @@
-  o Downgraded warnings:
-    - Don't warn when we've attempted to contact a relay using the wrong
-      ntor onion key. Closes ticket 9635.

changes/bug9819

@@ -1,8 +0,0 @@
-  o Major bugfixes (mixed relay-client operation):
-
-    - When running as a relay and a client at the same time (not
-      recommended), if we decide not to use a new guard because we
-      want to retry older guards, only close the locally-originating
-      circuits passing through that guard. Previously we would close
-      all the circuits. Fixes bug 9819; bugfix on
-      0.2.1.1-alpha. Reported by "skruffy".

changes/doc13702

@@ -1,4 +0,0 @@
-  o Documentation:
-    - Adding section on OpenBSD to our TUNING document. Thanks to
-      mmcc for writing the OpenBSD-specific tips. Resolves ticket
-      13702.

changes/feature10067

@@ -1,12 +0,0 @@
-  o Major features (changed defaults):
-    - Prevent relay operators from unintentionally running exits: When
-      a relay is configured as an exit node, we now warn the user
-      unless the 'ExitRelay' option is set to 1. We warn even more
-      loudly if the relay is configured with the default exit policy,
-      since this tends to indicate accidental misconfiguration.
-      Setting 'ExitRelay' to 0 stops Tor from running as an exit relay.
-      Closes ticket 10067.
-
-  o Removed features:
-    - To avoid confusion with the 'ExitRelay' option, 'ExitNode' is no
-      longer silently accepted as an alias for 'ExitNodes'.

changes/feature13865

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Implement '-f -' CLI suboption to allow torrc to be read 
-      from standard input, thus not requiring to store torrc in file
-      system. Implements feature 13865.
-

changes/feature14015

@@ -1,3 +0,0 @@
-  o Minor features (logging, hidden services):
-    - Elevate authorized-client message from DEBUG to INFO. Closes
-      ticket 14015.

changes/feature8405

@@ -1,4 +0,0 @@
-  o Minor features (controller):
-    - Include SOCKS_USERNAME and SOCKS_PASSWORD values in controller
-      events to let controllers observe circuit isolation inputs.
-      Closes ticket 8405.

changes/fix-test-cmdline-args

@@ -1,4 +0,0 @@
-  o Testing:
-    - Make the test_cmdline_args.py script work correctly on Windows.
-      Patch from Gisle Vanem.
-      

changes/geoip-january2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.
-

changes/geoip6-january2015

@@ -1,2 +0,0 @@
-  o Minor features:
-    - Update geoip6 to the January 7 2015 Maxmind GeoLite2 Country database.

changes/prop227

@@ -1,5 +0,0 @@
-  o Minor features (directory system):
-    - Authorities can now vote on the correct digests and latest versions for
-      different software packages. This allows packages that include Tor to use
-      the Tor authority system as a way to get notified of updates and their
-      correct digests. Implements proposal 227. Closes ticket 10395.

changes/remove-bad-fp

@@ -1,3 +0,0 @@
-  o Removed features:
-    - Remove a test for a long-defunct broken version-one directory server.
-

changes/ticket11485

@@ -1,3 +0,0 @@
-  o Features (hidden services):
-    - Support mapping hidden service virtual ports to AF_UNIX sockets on
-      suitable platforms.  Resolves ticket #11485.

changes/ticket11737

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Prevent bugs from causing infinite loops in our hash-table
-      iteration code by adding assertions that cached hash values have
-      not been corrupted. Closes ticket 11737.

changes/ticket12376_part2

@@ -1,11 +0,0 @@
-  o Major refactoring:
-    - Refactor the get_interface_addresses_raw() Doom-function into
-      multiple smaller and easier to understand subfunctions. Cover the
-      resulting subfunctions with unit-tests. Fixes a significant portion 
-      of issue 12376.
-
-  o Minor bugfixes:
-    - Fix the ioctl()-based network interface lookup code so that it will
-      work on systems that have variable-length struct ifreq, for example
-      Mac OS X.
-

changes/ticket13037

@@ -1,4 +0,0 @@
-  o Minor features (build):
-    - New --disable-system-torrc compile-time option to prevent Tor from
-      looking for a system-wide torrc or torrc-defaults tile. Resolves
-      ticket 13037.

changes/ticket13243

@@ -1,3 +0,0 @@
-  o Testing:
-    - Move the slower unit tests into a new "./src/test/test-slow" binary
-      that can be run independently of the other tests. Closes ticket 13243.

changes/ticket13762

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Suppress "router info incompatible with extra info" message when
-      reading extrainfo documents from cache. (This message got loud
-      around when we closed bug 9812 in 0.2.6.2-alpha.) Closes ticket
-      13762.

changes/ticket14107

@@ -1,6 +0,0 @@
-  o Testing:
-
-    - New "make test-stem" target to run stem integration tests.
-      Requires that the "STEM_SOURCE_DIR" environment variable be set.
-      Closes ticket 14107.
-

changes/ticket14128

@@ -1,5 +0,0 @@
-  o Minor features (controller):
-    - New "GETINFO bw-event-cache" to get information about recent bandwidth
-      events. Closes ticket 14128. Useful for controllers to get recent
-      bandwidth history after the fix for 13988.
-

changes/ticket14188_part1

@@ -1,4 +0,0 @@
-  o Compilation fixes:
-    - Compile correctly with (unreleased) OpenSSL 1.1.0 headers.
-      Addresses ticket 14188.
-

changes/ticket14325

@@ -1,5 +0,0 @@
-  o Documentation:
-    - Make the tor-resolve documentation match its help string and its
-      options. Resolves part of ticket 14325.
-    - Log a more useful error message from tor-resolve when failing to
-      look up a hidden service address. Resolves part of ticket 14325.

changes/ticket9969

@@ -1,8 +0,0 @@
-  o Minor features (directory client):
-    - When downloading server- or microdescriptors from a directory server,
-      we no longer launch multiple simultaneous requests to the same server.
-      This reduces load on the directory servers, especially when directory
-      guards are in use.  Closes ticket 9969.
-    - When downloading server- or microdescriptors over a tunneled
-      connection, do not limit the length of our request to what the Squid
-      proxy is willing to handle.  Part of ticket 9969.