diff --git a/Release-030-in b/Release-030-in deleted file mode 100644 index dacecb2ea..000000000 --- a/Release-030-in +++ /dev/null @@ -1,577 +0,0 @@ -Changes in version 0.3.0.6 - 2017-04-2? - Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series. - - XXXXX BLURB HERE. - - Below are the changes since 0.2.9.10. For a list of only the changes - since 0.3.0.5-rc, see the ChangeLog file. - - o Major features (directory authority, security): - - The default for AuthDirPinKeys is now 1: directory authorities - will reject relays where the RSA identity key matches a previously - seen value, but the Ed25519 key has changed. Closes ticket 18319. - - o Major features (guard selection algorithm): - - Tor's guard selection algorithm has been redesigned from the - ground up, to better support unreliable networks and restrictive - sets of entry nodes, and to better resist guard-capture attacks by - hostile local networks. Implements proposal 271; closes - ticket 19877. - - o Major features (next-generation hidden services): - - Relays can now handle v3 ESTABLISH_INTRO cells as specified by - prop224 aka "Next Generation Hidden Services". Service and clients - don't use this functionality yet. Closes ticket 19043. Based on - initial code by Alec Heifetz. - - Relays now support the HSDir version 3 protocol, so that they can - can store and serve v3 descriptors. This is part of the next- - generation onion service work detailled in proposal 224. Closes - ticket 17238. - - o Major features (protocol, ed25519 identity keys): - - Clients now support including Ed25519 identity keys in the EXTEND2 - cells they generate. By default, this is controlled by a consensus - parameter, currently disabled. You can turn this feature on for - testing by setting ExtendByEd25519ID in your configuration. This - might make your traffic appear different than the traffic - generated by other users, however. Implements part of ticket - 15056; part of proposal 220. - - Relays now understand requests to extend to other relays by their - Ed25519 identity keys. When an Ed25519 identity key is included in - an EXTEND2 cell, the relay will only extend the circuit if the - other relay can prove ownership of that identity. Implements part - of ticket 15056; part of proposal 220. - - Relays now use Ed25519 to prove their Ed25519 identities and to - one another, and to clients. This algorithm is faster and more - secure than the RSA-based handshake we've been doing until now. - Implements the second big part of proposal 220; Closes - ticket 15055. - - o Major features (security): - - Change the algorithm used to decide DNS TTLs on client and server - side, to better resist DNS-based correlation attacks like the - DefecTor attack of Greschbach, Pulls, Roberts, Winter, and - Feamster. Now relays only return one of two possible DNS TTL - values, and clients are willing to believe DNS TTL values up to 3 - hours long. Closes ticket 19769. - - o Major bugfixes (client, onion service, also in 0.2.9.9): - - Fix a client-side onion service reachability bug, where multiple - socks requests to an onion service (or a single slow request) - could cause us to mistakenly mark some of the service's - introduction points as failed, and we cache that failure so - eventually we run out and can't reach the service. Also resolves a - mysterious "Remote server sent bogus reason code 65021" log - warning. The bug was introduced in ticket 17218, where we tried to - remember the circuit end reason as a uint16_t, which mangled - negative values. Partially fixes bug 21056 and fixes bug 20307; - bugfix on 0.2.8.1-alpha. - - o Major bugfixes (crash, directory connections): - - Fix a rare crash when sending a begin cell on a circuit whose - linked directory connection had already been closed. Fixes bug - 21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett. - - o Major bugfixes (directory authority): - - During voting, when marking a relay as a probable sybil, do not - clear its BadExit flag: sybils can still be bad in other ways - too. (We still clear the other flags.) Fixes bug 21108; bugfix - on 0.2.0.13-alpha. - - o Major bugfixes (DNS): - - Fix a bug that prevented exit nodes from caching DNS records for - more than 60 seconds. Fixes bug 19025; bugfix on 0.2.4.7-alpha. - - o Major bugfixes (IPv6 Exits): - - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects - any IPv6 addresses. Instead, only reject a port over IPv6 if the - exit policy rejects that port on more than an IPv6 /16 of - addresses. This bug was made worse by 17027 in 0.2.8.1-alpha, - which rejected a relay's own IPv6 address by default. Fixes bug - 21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha. - - o Major bugfixes (parsing): - - Fix an integer underflow bug when comparing malformed Tor - versions. This bug could crash Tor when built with - --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor - 0.2.9.8, which were built with -ftrapv by default. In other cases - it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix - on 0.0.8pre1. Found by OSS-Fuzz. - - When parsing a malformed content-length field from an HTTP - message, do not read off the end of the buffer. This bug was a - potential remote denial-of-service attack against Tor clients and - relays. A workaround was released in October 2016, to prevent this - bug from crashing Tor. This is a fix for the underlying issue, - which should no longer matter (if you applied the earlier patch). - Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing - using AFL (http://lcamtuf.coredump.cx/afl/). - - o Major bugfixes (scheduler): - - Actually compare circuit policies in ewma_cmp_cmux(). This bug - caused the channel scheduler to behave more or less randomly, - rather than preferring channels with higher-priority circuits. - Fixes bug 20459; bugfix on 0.2.6.2-alpha. - - o Major bugfixes (security, also in 0.2.9.9): - - Downgrade the "-ftrapv" option from "always on" to "only on when - --enable-expensive-hardening is provided." This hardening option, - like others, can turn survivable bugs into crashes--and having it - on by default made a (relatively harmless) integer overflow bug - into a denial-of-service bug. Fixes bug 21278 (TROVE-2017-001); - bugfix on 0.2.9.1-alpha. - - o Minor feature (client): - - Enable IPv6 traffic on the SocksPort by default. To disable this, - a user will have to specify "NoIPv6Traffic". Closes ticket 21269. - - o Minor feature (fallback scripts): - - Add a check_existing mode to updateFallbackDirs.py, which checks - if fallbacks in the hard-coded list are working. Closes ticket - 20174. Patch by haxxpop. - - o Minor feature (protocol versioning): - - Add new protocol version for proposal 224. HSIntro now advertises - version "3-4" and HSDir version "1-2". Fixes ticket 20656. - - o Minor features (ciphersuite selection): - - Allow relays to accept a wider range of ciphersuites, including - chacha20-poly1305 and AES-CCM. Closes the other part of 15426. - - Clients now advertise a list of ciphersuites closer to the ones - preferred by Firefox. Closes part of ticket 15426. - - o Minor features (controller): - - Add "GETINFO sr/current" and "GETINFO sr/previous" keys, to expose - shared-random values to the controller. Closes ticket 19925. - - When HSFETCH arguments cannot be parsed, say "Invalid argument" - rather than "unrecognized." Closes ticket 20389; patch from - Ivan Markin. - - o Minor features (controller, configuration): - - Each of the *Port options, such as SocksPort, ORPort, ControlPort, - and so on, now comes with a __*Port variant that will not be saved - to the torrc file by the controller's SAVECONF command. This - change allows TorBrowser to set up a single-use domain socket for - each time it launches Tor. Closes ticket 20956. - - The GETCONF command can now query options that may only be - meaningful in context-sensitive lists. This allows the controller - to query the mixed SocksPort/__SocksPort style options introduced - in feature 20956. Implements ticket 21300. - - o Minor features (diagnostic, directory client): - - Warn when we find an unexpected inconsistency in directory - download status objects. Prevents some negative consequences of - bug 20593. - - o Minor features (directory authorities): - - Directory authorities now reject descriptors that claim to be - malformed versions of Tor. Helps prevent exploitation of - bug 21278. - - Reject version numbers with components that exceed INT32_MAX. - Otherwise 32-bit and 64-bit platforms would behave inconsistently. - Fixes bug 21450; bugfix on 0.0.8pre1. - - o Minor features (directory authority): - - Add a new authority-only AuthDirTestEd25519LinkKeys option (on by - default) to control whether authorities should try to probe relays - by their Ed25519 link keys. This option will go away in a few - releases--unless we encounter major trouble in our ed25519 link - protocol rollout, in which case it will serve as a safety option. - - o Minor features (directory cache): - - Relays and bridges will now refuse to serve the consensus they - have if they know it is too old for a client to use. Closes - ticket 20511. - - o Minor features (ed25519 link handshake): - - Advertise support for the ed25519 link handshake using the - subprotocol-versions mechanism, so that clients can tell which - relays can identity themselves by Ed25519 ID. Closes ticket 20552. - - o Minor features (entry guards): - - Add UseEntryGuards to TEST_OPTIONS_DEFAULT_VALUES in order to not - break regression tests. - - Require UseEntryGuards when UseBridges is set, in order to make - sure bridges aren't bypassed. Resolves ticket 20502. - - o Minor features (fallback directories): - - Allow 3 fallback relays per operator, which is safe now that we - are choosing 200 fallback relays. Closes ticket 20912. - - Annotate updateFallbackDirs.py with the bandwidth and consensus - weight for each candidate fallback. Closes ticket 20878. - - Display the relay fingerprint when downloading consensuses from - fallbacks. Closes ticket 20908. - - Exclude relays affected by bug 20499 from the fallback list. - Exclude relays from the fallback list if they are running versions - known to be affected by bug 20499, or if in our tests they deliver - a stale consensus (i.e. one that expired more than 24 hours ago). - Closes ticket 20539. - - Make it easier to change the output sort order of fallbacks. - Closes ticket 20822. - - Reduce the minimum fallback bandwidth to 1 MByte/s. Part of - ticket 18828. - - Require fallback directories to have the same address and port for - 7 days (now that we have enough relays with this stability). - Relays whose OnionOO stability timer is reset on restart by bug - 18050 should upgrade to Tor 0.2.8.7 or later, which has a fix for - this issue. Closes ticket 20880; maintains short-term fix - in 0.2.8.2-alpha. - - Require fallbacks to have flags for 90% of the time (weighted - decaying average), rather than 95%. This allows at least 73% of - clients to bootstrap in the first 5 seconds without contacting an - authority. Part of ticket 18828. - - Select 200 fallback directories for each release. Closes - ticket 20881. - - o Minor features (fingerprinting resistence, authentication): - - Extend the length of RSA keys used for TLS link authentication to - 2048 bits. (These weren't used for forward secrecy; for forward - secrecy, we used P256.) Closes ticket 13752. - - o Minor features (geoip): - - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2 - Country database. - - o Minor features (geoip, also in 0.2.9.9): - - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2 - Country database. - - o Minor features (infrastructure): - - Implement smartlist_add_strdup() function. Replaces the use of - smartlist_add(sl, tor_strdup(str)). Closes ticket 20048. - - o Minor features (linting): - - Enhance the changes file linter to warn on Tor versions that are - prefixed with "tor-". Closes ticket 21096. - - o Minor features (logging): - - In several places, describe unset ed25519 keys as "", - rather than the scary "AAAAAAAA...AAA". Closes ticket 21037. - - o Minor features (portability, compilation): - - Autoconf now checks to determine if OpenSSL structures are opaque, - instead of explicitly checking for OpenSSL version numbers. Part - of ticket 21359. - - Support building with recent LibreSSL code that uses opaque - structures. Closes ticket 21359. - - o Minor features (relay): - - We now allow separation of exit and relay traffic to different - source IP addresses, using the OutboundBindAddressExit and - OutboundBindAddressOR options respectively. Closes ticket 17975. - Written by Michael Sonntag. - - o Minor features (reliability, crash): - - Try better to detect problems in buffers where they might grow (or - think they have grown) over 2 GB in size. Diagnostic for - bug 21369. - - o Minor features (testing): - - During 'make test-network-all', if tor logs any warnings, ask - chutney to output them. Requires a recent version of chutney with - the 21572 patch. Implements 21570. - - o Minor bugfix (control protocol): - - The reply to a "GETINFO config/names" request via the control - protocol now spells the type "Dependent" correctly. This is a - breaking change in the control protocol. (The field seems to be - ignored by the most common known controllers.) Fixes bug 18146; - bugfix on 0.1.1.4-alpha. - - The GETINFO extra-info/digest/ command was broken because - of a wrong base16 decode return value check, introduced when - refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha. - - o Minor bugfix (logging): - - Don't recommend the use of Tor2web in non-anonymous mode. - Recommending Tor2web is a bad idea because the client loses all - anonymity. Tor2web should only be used in specific cases by users - who *know* and understand the issues. Fixes bug 21294; bugfix - on 0.2.9.3-alpha. - - o Minor bugfixes (bug resilience): - - Fix an unreachable size_t overflow in base64_decode(). Fixes bug - 19222; bugfix on 0.2.0.9-alpha. Found by Guido Vranken; fixed by - Hans Jerry Illikainen. - - o Minor bugfixes (build): - - Replace obsolete Autoconf macros with their modern equivalent and - prevent similar issues in the future. Fixes bug 20990; bugfix - on 0.1.0.1-rc. - - o Minor bugfixes (certificate expiration time): - - Avoid using link certificates that don't become valid till some - time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha - - o Minor bugfixes (client): - - Always recover from failures in extend_info_from_node(), in an - attempt to prevent any recurrence of bug 21242. Fixes bug 21372; - bugfix on 0.2.3.1-alpha. - - When clients that use bridges start up with a cached consensus on - disk, they were ignoring it and downloading a new one. Now they - use the cached one. Fixes bug 20269; bugfix on 0.2.3.12-alpha. - - o Minor bugfixes (code correctness): - - Repair a couple of (unreachable or harmless) cases of the risky - comparison-by-subtraction pattern that caused bug 21278. - - o Minor bugfixes (config): - - Don't assert on startup when trying to get the options list and - LearnCircuitBuildTimeout is set to 0: we are currently parsing the - options so of course they aren't ready yet. Fixes bug 21062; - bugfix on 0.2.9.3-alpha. - - o Minor bugfixes (configuration): - - Accept non-space whitespace characters after the severity level in - the `Log` option. Fixes bug 19965; bugfix on 0.2.1.1-alpha. - - Support "TByte" and "TBytes" units in options given in bytes. - "TB", "terabyte(s)", "TBit(s)" and "terabit(s)" were already - supported. Fixes bug 20622; bugfix on 0.2.0.14-alpha. - - o Minor bugfixes (configure, autoconf): - - Rename the configure option --enable-expensive-hardening to - --enable-fragile-hardening. Expensive hardening makes the tor - daemon abort when some kinds of issues are detected. Thus, it - makes tor more at risk of remote crashes but safer against RCE or - heartbleed bug category. We now try to explain this issue in a - message from the configure script. Fixes bug 21290; bugfix - on 0.2.5.4-alpha. - - o Minor bugfixes (consensus weight): - - Add new consensus method that initializes bw weights to 1 instead - of 0. This prevents a zero weight from making it all the way to - the end (happens in small testing networks) and causing an error. - Fixes bug 14881; bugfix on 0.2.2.17-alpha. - - o Minor bugfixes (crash prevention): - - Fix an (currently untriggerable, but potentially dangerous) crash - bug when base32-encoding inputs whose sizes are not a multiple of - 5. Fixes bug 21894; bugfix on 0.2.9.1-alpha. - - o Minor bugfixes (dead code): - - Remove a redundant check for PidFile changes at runtime in - options_transition_allowed(): this check is already performed - regardless of whether the sandbox is active. Fixes bug 21123; - bugfix on 0.2.5.4-alpha. - - o Minor bugfixes (descriptors): - - Correctly recognise downloaded full descriptors as valid, even - when using microdescriptors as circuits. This affects clients with - FetchUselessDescriptors set, and may affect directory authorities. - Fixes bug 20839; bugfix on 0.2.3.2-alpha. - - o Minor bugfixes (directory mirrors): - - Allow relays to use directory mirrors without a DirPort: these - relays need to be contacted over their ORPorts using a begindir - connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha. - - Clarify the message logged when a remote relay is unexpectedly - missing an ORPort or DirPort: users were confusing this with a - local port. Fixes another case of bug 20711; bugfix - on 0.2.8.2-alpha. - - o Minor bugfixes (directory system): - - Bridges and relays now use microdescriptors (like clients do) - rather than old-style router descriptors. Now bridges will blend - in with clients in terms of the circuits they build. Fixes bug - 6769; bugfix on 0.2.3.2-alpha. - - Download all consensus flavors, descriptors, and authority - certificates when FetchUselessDescriptors is set, regardless of - whether tor is a directory cache or not. Fixes bug 20667; bugfix - on all recent tor versions. - - o Minor bugfixes (documentation): - - Update the tor manual page to document every option that can not - be changed while tor is running. Fixes bug 21122. - - o Minor bugfixes (ed25519 certificates): - - Correctly interpret ed25519 certificates that would expire some - time after 19 Jan 2038. Fixes bug 20027; bugfix on 0.2.7.2-alpha. - - o Minor bugfixes (fallback directories): - - Avoid checking fallback candidates' DirPorts if they are down in - OnionOO. When a relay operator has multiple relays, this - prioritizes relays that are up over relays that are down. Fixes - bug 20926; bugfix on 0.2.8.3-alpha. - - Stop failing when OUTPUT_COMMENTS is True in updateFallbackDirs.py. - Fixes bug 20877; bugfix on 0.2.8.3-alpha. - - Stop failing when a relay has no uptime data in - updateFallbackDirs.py. Fixes bug 20945; bugfix on 0.2.8.1-alpha. - - o Minor bugfixes (hidden service): - - Clean up the code for expiring intro points with no associated - circuits. It was causing, rarely, a service with some expiring - introduction points to not open enough additional introduction - points. Fixes part of bug 21302; bugfix on 0.2.7.2-alpha. - - Resolve two possible underflows which could lead to creating and - closing a lot of introduction point circuits in a non-stop loop. - Fixes bug 21302; bugfix on 0.2.7.2-alpha. - - Stop setting the torrc option HiddenServiceStatistics to "0" just - because we're not a bridge or relay. Instead, we preserve whatever - value the user set (or didn't set). Fixes bug 21150; bugfix - on 0.2.6.2-alpha. - - o Minor bugfixes (hidden services): - - Make hidden services check for failed intro point connections, - even when they have exceeded their intro point creation limit. - Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett. - - Make hidden services with 8 to 10 introduction points check for - failed circuits immediately after startup. Previously, they would - wait for 5 minutes before performing their first checks. Fixes bug - 21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett. - - Stop ignoring misconfigured hidden services. Instead, refuse to - start tor until the misconfigurations have been corrected. Fixes - bug 20559; bugfix on multiple commits in 0.2.7.1-alpha - and earlier. - - o Minor bugfixes (IPv6): - - Make IPv6-using clients try harder to find an IPv6 directory - server. Fixes bug 20999; bugfix on 0.2.8.2-alpha. - - When IPv6 addresses have not been downloaded yet (microdesc - consensus documents don't list relay IPv6 addresses), use hard- - coded addresses for authorities, fallbacks, and configured - bridges. Now IPv6-only clients can use microdescriptors. Fixes bug - 20996; bugfix on b167e82 from 19608 in 0.2.8.5-alpha. - - o Minor bugfixes (memory leak at exit): - - Fix a small harmless memory leak at exit of the previously unused - RSA->Ed identity cross-certificate. Fixes bug 17779; bugfix - on 0.2.7.2-alpha. - - o Minor bugfixes (onion services): - - Allow the number of introduction points to be as low as 0, rather - than as low as 3. Fixes bug 21033; bugfix on 0.2.7.2-alpha. - - o Minor bugfixes (portability): - - Use "OpenBSD" compiler macro instead of "OPENBSD" or "__OpenBSD__". - It is supported by OpenBSD itself, and also by most OpenBSD - variants (such as Bitrig). Fixes bug 20980; bugfix - on 0.1.2.1-alpha. - - o Minor bugfixes (portability, also in 0.2.9.9): - - Avoid crashing when Tor is built using headers that contain - CLOCK_MONOTONIC_COARSE, but then tries to run on an older kernel - without CLOCK_MONOTONIC_COARSE. Fixes bug 21035; bugfix - on 0.2.9.1-alpha. - - Fix Libevent detection on platforms without Libevent 1 headers - installed. Fixes bug 21051; bugfix on 0.2.9.1-alpha. - - o Minor bugfixes (relay): - - Avoid a double-marked-circuit warning that could happen when we - receive DESTROY cells under heavy load. Fixes bug 20059; bugfix - on 0.1.0.1-rc. - - Honor DataDirectoryGroupReadable when tor is a relay. Previously, - initializing the keys would reset the DataDirectory to 0700 - instead of 0750 even if DataDirectoryGroupReadable was set to 1. - Fixes bug 19953; bugfix on 0.0.2pre16. Patch by "redfish". - - o Minor bugfixes (testing): - - Fix Raspbian build issues related to missing socket errno in - test_util.c. Fixes bug 21116; bugfix on 0.2.8.2. Patch by "hein". - - Remove undefined behavior from the backtrace generator by removing - its signal handler. Fixes bug 21026; bugfix on 0.2.5.2-alpha. - - Use bash in src/test/test-network.sh. This ensures we reliably - call chutney's newer tools/test-network.sh when available. Fixes - bug 21562; bugfix on 0.2.9.1-alpha. - - o Minor bugfixes (tor-resolve): - - The tor-resolve command line tool now rejects hostnames over 255 - characters in length. Previously, it would silently truncate them, - which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5. - Patch by "junglefowl". - - o Minor bugfixes (unit tests): - - Allow the unit tests to pass even when DNS lookups of bogus - addresses do not fail as expected. Fixes bug 20862 and 20863; - bugfix on unit tests introduced in 0.2.8.1-alpha - through 0.2.9.4-alpha. - - o Minor bugfixes (util): - - When finishing writing a file to disk, if we were about to replace - the file with the temporary file created before and we fail to - replace it, remove the temporary file so it doesn't stay on disk. - Fixes bug 20646; bugfix on 0.2.0.7-alpha. Patch by fk. - - o Minor bugfixes (Windows services): - - Be sure to initialize the monotonic time subsystem before using - it, even when running as an NT service. Fixes bug 21356; bugfix - on 0.2.9.1-alpha. - - o Minor bugfixes (Windows): - - Check for getpagesize before using it to mmap files. This fixes - compilation in some MinGW environments. Fixes bug 20530; bugfix on - 0.1.2.1-alpha. Reported by "ice". - - o Code simplification and refactoring: - - Abolish all global guard context in entrynodes.c; replace with new - guard_selection_t structure as preparation for proposal 271. - Closes ticket 19858. - - Extract magic numbers in circuituse.c into defined variables. - - Introduce rend_service_is_ephemeral() that tells if given onion - service is ephemeral. Replace unclear NULL-checkings for service - directory with this function. Closes ticket 20526. - - Refactor circuit_is_available_for_use to remove unnecessary check. - - Refactor circuit_predict_and_launch_new for readability and - testability. Closes ticket 18873. - - Refactor code to manipulate global_origin_circuit_list into - separate functions. Closes ticket 20921. - - Refactor large if statement in purpose_needs_anonymity to use - switch statement instead. Closes part of ticket 20077. - - Refactor the hashing API to return negative values for errors, as - is done as throughout the codebase. Closes ticket 20717. - - Remove data structures that were used to index or_connection - objects by their RSA identity digests. These structures are fully - redundant with the similar structures used in the - channel abstraction. - - Remove duplicate code in the channel_write_*cell() functions. - Closes ticket 13827; patch from Pingl. - - Remove redundant behavior of is_sensitive_dir_purpose, refactor to - use only purpose_needs_anonymity. Closes part of ticket 20077. - - The code to generate and parse EXTEND and EXTEND2 cells has been - replaced with code automatically generated by the - "trunnel" utility. - - o Documentation (formatting): - - Clean up formatting of tor.1 man page and HTML doc, where 
-      blocks were incorrectly appearing. Closes ticket 20885.
-
-  o Documentation (man page):
-    - Clarify many options in tor.1 and add some min/max values for
-      HiddenService options. Closes ticket 21058.
-
-  o Documentation:
-    - Change '1' to 'weight_scale' in consensus bw weights calculation
-      comments, as that is reality. Closes ticket 20273. Patch
-      from pastly.
-    - Clarify that when ClientRejectInternalAddresses is enabled (which
-      is the default), multicast DNS hostnames for machines on the local
-      network (of the form *.local) are also rejected. Closes
-      ticket 17070.
-    - Correct the value for AuthDirGuardBWGuarantee in the manpage, from
-      250 KBytes to 2 MBytes. Fixes bug 20435; bugfix on 0.2.5.6-alpha.
-    - Include the "TBits" unit in Tor's man page. Fixes part of bug
-      20622; bugfix on 0.2.5.1-alpha.
-    - Small fixes to the fuzzing documentation. Closes ticket 21472.
-    - Stop the man page from incorrectly stating that HiddenServiceDir
-      must already exist. Fixes 20486.
-    - Update the description of the directory server options in the
-      manual page, to clarify that a relay no longer needs to set
-      DirPort in order to be a directory cache. Closes ticket 21720.
-
-  o Removed features:
-    - The AuthDirMaxServersPerAuthAddr option no longer exists: The same
-      limit for relays running on a single IP applies to authority IP
-      addresses as well as to non-authority IP addresses. Closes
-      ticket 20960.
-    - The UseDirectoryGuards torrc option no longer exists: all users
-      that use entry guards will also use directory guards. Related to
-      proposal 271; implements part of ticket 20831.
-
-  o Testing:
-    - Add tests for networkstatus_compute_bw_weights_v10.
-    - Add unit tests circuit_predict_and_launch_new.
-    - Extract dummy_origin_circuit_new so it can be used by other
-      test functions.
-    - New unit tests for tor_htonll(). Closes ticket 19563. Patch
-      from "overcaffeinated".
-    - Perform the coding style checks when running the tests and fail
-      when coding style violations are found. Closes ticket 5500.
-
-