diff --git a/Makefile.am b/Makefile.am
index 67c9cc9d2..b1f92f5b3 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -73,7 +73,7 @@ test-network: all
 
 test-stem: $(TESTING_TOR_BINARY)
 	@if test -d "$$STEM_SOURCE_DIR"; then \
-		"$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL; \
+		$(PYTHON) "$$STEM_SOURCE_DIR"/run_tests.py --tor $(TESTING_TOR_BINARY) --all --log notice --target RUN_ALL; \
 	else \
 		echo '$$STEM_SOURCE_DIR was not set.'; echo; \
 		echo "To run these tests, git clone https://git.torproject.org/stem.git/ ; export STEM_SOURCE_DIR=\`pwd\`/stem"; \
diff --git a/changes/15188 b/changes/15188
new file mode 100644
index 000000000..2065b3974
--- /dev/null
+++ b/changes/15188
@@ -0,0 +1,3 @@
+  o Minor bugfixes (testing):
+    - Avoid a side-effect in a tor_assert() in the unit tests. Fixes bug
+      15188; bugfix on 0.1.2.3-alpha. Patch from Tom van der Woerdt.
diff --git a/changes/bug15033 b/changes/bug15033
new file mode 100644
index 000000000..953e6c3d5
--- /dev/null
+++ b/changes/bug15033
@@ -0,0 +1,4 @@
+  o Minor bugfixes (tests):
+    - When running the zero-length-keys check, do not use the default
+      torrc file. Fixes bug 15033; bugfix on 0.2.6.3-alpha. Reported
+      by "reezer".
diff --git a/changes/bug15037 b/changes/bug15037
new file mode 100644
index 000000000..587d63186
--- /dev/null
+++ b/changes/bug15037
@@ -0,0 +1,4 @@
+  o Minor bugfixes (testing):
+    - When running the new 'make test-stem' target, use the configured
+      python binary. Fixes bug 15037; bugfix on 0.2.6.3-alpha. Patch
+      from "cypherpunks".
diff --git a/changes/bug15064 b/changes/bug15064
new file mode 100644
index 000000000..e6bd747b1
--- /dev/null
+++ b/changes/bug15064
@@ -0,0 +1,4 @@
+  o Major bugfixes (FreeBSD IPFW transparent proxy):
+    - Fix address detection with FreeBSD transparent proxies,
+      when "TransProxyType ipfw" is in use.
+      Fixes bug 15064; bugfix on 0.2.5.4-alpha.
diff --git a/changes/bug15083 b/changes/bug15083
new file mode 100644
index 000000000..5cc79b5ba
--- /dev/null
+++ b/changes/bug15083
@@ -0,0 +1,10 @@
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed
+      to buf_pullup() at exactly the wrong time. Fixes bug 15083;
+      bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
+
+    - Do not assert if the 'data' pointer on a buffer is advanced to the very
+      end of the buffer; log a BUG message instead.  Only assert if it is
+      past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
diff --git a/changes/bug15088 b/changes/bug15088
new file mode 100644
index 000000000..95878bdb3
--- /dev/null
+++ b/changes/bug15088
@@ -0,0 +1,4 @@
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - Upon receiving sighup, do not crash during attempts to call
+      wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from
+      "sanic".
diff --git a/changes/bug15151 b/changes/bug15151
new file mode 100644
index 000000000..b9c306155
--- /dev/null
+++ b/changes/bug15151
@@ -0,0 +1,3 @@
+  o Minor bugfixes (compilation):
+    - Fix a compilation warning on FreeBSD. Fixes bug 15151; bugfix on
+      0.2.6.2-alpha.
diff --git a/changes/feature15006 b/changes/feature15006
new file mode 100644
index 000000000..168a440ba
--- /dev/null
+++ b/changes/feature15006
@@ -0,0 +1,4 @@
+  o Minor features (controller):
+    - Messages about problems in the bootstrap process now include
+      information about the server we were trying to connect to when we
+      noticed the problem. Closes ticket 15006.
diff --git a/changes/ticket14128 b/changes/ticket14128
new file mode 100644
index 000000000..38b25fa7d
--- /dev/null
+++ b/changes/ticket14128
@@ -0,0 +1,5 @@
+  o Minor features (controller):
+    - New "GETINFO bw-event-cache" to get information about recent bandwidth
+      events. Closes ticket 14128. Useful for controllers to get recent
+      bandwidth history after the fix for 13988.
+
diff --git a/src/common/sandbox.c b/src/common/sandbox.c
index fe97af309..49316c619 100644
--- a/src/common/sandbox.c
+++ b/src/common/sandbox.c
@@ -176,6 +176,7 @@ static int filter_nopar_gen[] = {
 #endif
     SCMP_SYS(stat),
     SCMP_SYS(uname),
+    SCMP_SYS(wait4),
     SCMP_SYS(write),
     SCMP_SYS(writev),
     SCMP_SYS(exit_group),
diff --git a/src/or/buffers.c b/src/or/buffers.c
index 9f5dc70ed..be9974418 100644
--- a/src/or/buffers.c
+++ b/src/or/buffers.c
@@ -232,7 +232,7 @@ buf_pullup(buf_t *buf, size_t bytes, int nulterminate)
     size_t n = bytes - dest->datalen;
     src = dest->next;
     tor_assert(src);
-    if (n > src->datalen) {
+    if (n >= src->datalen) {
       memcpy(CHUNK_WRITE_PTR(dest), src->data, src->datalen);
       dest->datalen += src->datalen;
       dest->next = src->next;
@@ -2436,7 +2436,14 @@ assert_buf_ok(buf_t *buf)
       total += ch->datalen;
       tor_assert(ch->datalen <= ch->memlen);
       tor_assert(ch->data >= &ch->mem[0]);
-      tor_assert(ch->data < &ch->mem[0]+ch->memlen);
+      tor_assert(ch->data <= &ch->mem[0]+ch->memlen);
+      if (ch->data == &ch->mem[0]+ch->memlen) {
+        static int warned = 0;
+        if (! warned) {
+          log_warn(LD_BUG, "Invariant violation in buf.c related to #15083");
+          warned = 1;
+        }
+      }
       tor_assert(ch->data+ch->datalen <= &ch->mem[0] + ch->memlen);
       if (!ch->next)
         tor_assert(ch == buf->tail);
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 3c817decf..2a1a2f0fd 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -1598,7 +1598,6 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
   struct sockaddr_storage orig_dst;
   socklen_t orig_dst_len = sizeof(orig_dst);
   tor_addr_t addr;
-  int rv;
 
 #ifdef TRANS_TRPOXY
   if (options->TransProxyType_parsed == TPT_TPROXY) {
@@ -1613,6 +1612,7 @@ destination_from_socket(entry_connection_t *conn, socks_request_t *req)
 #endif
 
 #ifdef TRANS_NETFILTER
+  int rv = -1;
   switch (ENTRY_TO_CONN(conn)->socket_family) {
 #ifdef TRANS_NETFILTER_IPV4
     case AF_INET:
@@ -1763,7 +1763,8 @@ connection_ap_get_original_destination(entry_connection_t *conn,
   if (options->TransProxyType_parsed == TPT_PF_DIVERT)
     return destination_from_socket(conn, req);
 
-  if (options->TransProxyType_parsed == TPT_DEFAULT)
+  if (options->TransProxyType_parsed == TPT_DEFAULT ||
+      options->TransProxyType_parsed == TPT_IPFW)
     return destination_from_pf(conn, req);
 
   (void)conn;
diff --git a/src/or/control.c b/src/or/control.c
index a2b986768..e25c3b295 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -5086,19 +5086,26 @@ MOCK_IMPL(void,
 
   log_fn(severity,
          LD_CONTROL, "Problem bootstrapping. Stuck at %d%%: %s. (%s; %s; "
-         "count %d; recommendation %s)",
+         "count %d; recommendation %s; host %s at %s:%d)",
          status, summary, warn,
          orconn_end_reason_to_control_string(reason),
-         bootstrap_problems, recommendation);
+         bootstrap_problems, recommendation,
+         hex_str(or_conn->identity_digest, DIGEST_LEN),
+         or_conn->base_.address,
+         or_conn->base_.port);
 
   connection_or_report_broken_states(severity, LD_HANDSHAKE);
 
   tor_snprintf(buf, sizeof(buf),
       "BOOTSTRAP PROGRESS=%d TAG=%s SUMMARY=\"%s\" WARNING=\"%s\" REASON=%s "
-      "COUNT=%d RECOMMENDATION=%s",
+      "COUNT=%d RECOMMENDATION=%s HOSTID=\"%s\" HOSTADDR=\"%s:%d\"",
       bootstrap_percent, tag, summary, warn,
       orconn_end_reason_to_control_string(reason), bootstrap_problems,
-      recommendation);
+      recommendation,
+      hex_str(or_conn->identity_digest, DIGEST_LEN),
+      or_conn->base_.address,
+      (int)or_conn->base_.port);
+
   tor_snprintf(last_sent_bootstrap_message,
                sizeof(last_sent_bootstrap_message),
                "WARN %s", buf);
diff --git a/src/test/testing_common.c b/src/test/testing_common.c
index d7d6dacee..403c83bdd 100644
--- a/src/test/testing_common.c
+++ b/src/test/testing_common.c
@@ -165,18 +165,21 @@ static crypto_pk_t *pregen_keys[5] = {NULL, NULL, NULL, NULL, NULL};
 crypto_pk_t *
 pk_generate(int idx)
 {
+  int res;
 #ifdef CACHE_GENERATED_KEYS
   tor_assert(idx < N_PREGEN_KEYS);
   if (! pregen_keys[idx]) {
     pregen_keys[idx] = crypto_pk_new();
-    tor_assert(!crypto_pk_generate_key(pregen_keys[idx]));
+    res = crypto_pk_generate_key(pregen_keys[idx]);
+    tor_assert(!res);
   }
   return crypto_pk_dup_key(pregen_keys[idx]);
 #else
   crypto_pk_t *result;
   (void) idx;
   result = crypto_pk_new();
-  tor_assert(!crypto_pk_generate_key(result));
+  res = crypto_pk_generate_key(result);
+  tor_assert(!res);
   return result;
 #endif
 }
diff --git a/src/test/zero_length_keys.sh b/src/test/zero_length_keys.sh
index 4dea283fd..2fd11d38b 100755
--- a/src/test/zero_length_keys.sh
+++ b/src/test/zero_length_keys.sh
@@ -36,9 +36,11 @@ if [ ! -d "$DATA_DIR" ]; then
 fi
 trap "rm -rf '$DATA_DIR'" 0
 
+touch "$DATA_DIR"/empty_torrc
+
 # DisableNetwork means that the ORPort won't actually be opened.
 # 'ExitRelay 0' suppresses a warning.
-TOR="./src/or/tor --hush --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0"
+TOR="./src/or/tor --hush --DisableNetwork 1 --ShutdownWaitLength 0 --ORPort 12345 --ExitRelay 0 -f $DATA_DIR/empty_torrc"
 
 if [ -s "$DATA_DIR"/keys/secret_id_key ] && [ -s "$DATA_DIR"/keys/secret_onion_key ] &&
    [ -s "$DATA_DIR"/keys/secret_onion_key_ntor ]; then