fold in the next 0.2.2 changes

ChangeLog

@@ -1,3 +1,59 @@
+Changes in version 0.2.2.36 - 2012-01-06
+  o Major security workaround:
+    - When building or running with any version of OpenSSL earlier
+      than 0.9.8s or 1.0.0f, disable SSLv3 support. These OpenSSL
+      versions had a bug (CVE-2011-4576) in which their block cipher
+      padding included uninitialized data, potentially leaking sensitive
+      information to any peer with whom they made a SSLv3 connection. Tor
+      does not use SSL v3 by default, but a hostile client or server
+      could force an SSLv3 connection in order to gain information that
+      they shouldn't have been able to get. The best solution here is to
+      upgrade to OpenSSL 0.9.8s or 1.0.0f (or later). But when building
+      or running with a non-upgraded OpenSSL, we should instead make
+      sure that the bug can't happen by disabling SSLv3 entirely.
+
+  o Major bugfixes:
+    - Provide correct replacements for the timeradd() and timersub()
+      functions for platforms that lack them (for example, windows). The
+      timersub() function is used when expiring circuits, timeradd() is
+      currently unused. Patch written by Vektor, who also reported the
+      bug. Thanks! Bugfix on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
+
+  o Minor bugfixes:
+    - When running with an older Linux kernel that erroneously responds
+      to strange nmap behavior by having accept() return successfully
+      with a zero-length socket, just close the connection. Previously,
+      we would try harder to learn the remote address: but there was
+      no such remote address to learn, and our method for trying to
+      learn it was incorrect. Fixes bugs 1240, 4745, and 4747. Bugfix
+      on 0.1.0.3-rc. Reported and diagnosed by "r1eo".
+    - Correctly spell "connect" in a log message when creating a
+      controlsocket fails. Fixes bug 4803; bugfix on 0.2.2.26-beta and
+      0.2.3.2-alpha.
+
+  o Minor features:
+    - Directory servers now reject versions of Tor older than 0.2.1.30,
+      and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
+      (inclusive). These versions accounted for only a small fraction of
+      the Tor network, and have numerous known security issues. Resolves
+      issue 4788.
+    - Update to the January 3 2012 Maxmind GeoLite Country database.
+
+  - Feature removal:
+    - When sending or relaying a RELAY_EARLY cell, we used to convert
+      it to a RELAY cell if the connection was using the v1 link
+      protocol. This was a workaround for older versions of Tor, which
+      didn't handle RELAY_EARLY cells properly. Now that all supported
+      versions can handle RELAY_EARLY cells, and now that we're enforcing
+      the "no RELAY_EXTEND commands except in RELAY_EARLY cells" rule,
+      we're removing this workaround. Addresses bug 4786.
+
+  o Code simplifications and refactoring:
+    - During configure, detect when we're building with clang version
+      3.0 or lower and disable the -Wnormalized=id and -Woverride-init
+      CFLAGS. clang doesn't support them yet.
+
+
 Changes in version 0.2.2.35 - 2011-12-16
   Tor 0.2.2.35 fixes a critical heap-overflow security issue in Tor's
   buffers code. Absolutely everybody should upgrade.

changes/bug1240

@@ -1,8 +0,0 @@
-  o Minor bugfixes:
-    - When running with an older Linux kernel that erroneously responds
-      to strange nmap behavior by having accept() return successfully
-      with a zero-length socket, just close the connection. Previously,
-      we would try harder to learn the remote address: but there was no
-      such remote address to learn, and our method for trying to learn
-      it was incorrect. Fixes bugs #1240, #4745, and #4747. Bugfix on
-      0.1.0.3-rc. Reported and diagnosed by "r1eo".

changes/bug4786

@@ -1,9 +0,0 @@
-  - Feature removal:
-    - When sending or relaying a RELAY_EARLY cell, we used to convert
-      it to a RELAY cell if the connection was using the v1 link
-      protocol. This was a workaround for older versions of Tor, which
-      didn't handle RELAY_EARLY cells properly. Now that all supported
-      versions can handle RELAY_EARLY cells, and now that we're
-      enforcing the "no RELAY_EXTEND commands except in RELAY_EARLY
-      cells" rule, we're removing this workaround. Addresses bug 4786.
-

changes/bug4788

@@ -1,6 +0,0 @@
-  o Minor features (directory server):
-    - Directory servers now reject versions of Tor older than 0.2.1.30,
-      and Tor versions between 0.2.2.1-alpha and 0.2.2.20-alpha
-      (inclusive). These versions accounted for only a small fraction of
-      the Tor network, and have numerous known security issues. Resolves
-      issue #4788.

changes/bug4803

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Correctly spell "connect" in a log message when creating a controlsocket
-      fails. Fixes bug 4803; bugfix on 0.2.2.26-beta/0.2.3.2-alpha.
-

changes/bug4822

@@ -1,13 +0,0 @@
-  o Major security workaround:
-    - When building or running with any version of OpenSSL earlier
-      than 0.9.8s or 1.0.0f, disable SSLv3 support. These versions had
-      a bug (CVE-2011-4576) in which their block cipher padding
-      included uninitialized data, potentially leaking sensitive
-      information to any peer with whom they made a SSLv3
-      connection. Tor does not use SSL v3 by default, but a hostile
-      client or server could force an SSLv3 connection in order to
-      gain information that they shouldn't have been able to get. The
-      best solution here is to upgrade to OpenSSL 0.9.8s or 1.0.0f (or
-      later). But when building or running with a non-upgraded
-      OpenSSL, we should instead make sure that the bug can't happen
-      by disabling SSLv3 entirely.

changes/clang_30_options

@@ -1,5 +0,0 @@
-  o Code simplifications and refactoring:
-    - During configure, detect when we're building with clang version 3.0 or
-      lower and disable the -Wnormalized=id and -Woverride-init CFLAGS.
-      clang doesn't support them yet.
-

changes/geoip-january2012

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update to the January 3 2012 Maxmind GeoLite Country database.
-

changes/timersub_bug

@@ -1,7 +0,0 @@
-  o Major bugfixes:
-    - Provide correct replacements for the timeradd() and timersub() functions
-      for platforms that lack them (for example, windows). The timersub()
-      function is used when expiring circuits, timeradd() is currently unused.
-      Patch written by Vektor, who also reported the bug. Thanks! Bugfix
-      on 0.2.2.24-alpha/0.2.3.1-alpha, fixes bug 4778.
-