Merge branch 'maint-0.2.5' into release-0.2.5

To build this changelog, I've gone through the entries in
release-0.2.5's changes subdirectory, and looked up the ChangeLog
entry for each.  I have not sorted them yet.

ChangeLog

@@ -1,3 +1,714 @@
+Changes in version 0.2.5.16 - 2017-12-01
+  Tor 0.2.5.13 backports important security and stability bugfixes from
+  later Tor releases. All Tor users should upgrade to this release, or
+  to another of the releases coming out today.
+
+  Note: the Tor 0.2.5 series will no longer be supported after 1 May
+  2018. If you need a release with long-term support, please upgrade to
+  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+  o Major bugfixes (security, backport from 0.3.2.6-alpha):
+    - Fix a denial of service bug where an attacker could use a
+      malformed directory object to cause a Tor instance to pause while
+      OpenSSL would try to read a passphrase from the terminal. (Tor
+      instances run without a terminal, which is the case for most Tor
+      packages, are not impacted.) Fixes bug 24246; bugfix on every
+      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+      Found by OSS-Fuzz as testcase 6360145429790720.
+    - When checking for replays in the INTRODUCE1 cell data for a
+      (legacy) onion service, correctly detect replays in the RSA-
+      encrypted part of the cell. We were previously checking for
+      replays on the entire cell, but those can be circumvented due to
+      the malleability of Tor's legacy hybrid encryption. This fix helps
+      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+      and CVE-2017-8819.
+
+  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+    - When running as a relay, make sure that we never build a path
+      through ourselves, even in the case where we have somehow lost the
+      version of our descriptor appearing in the consensus. Fixes part
+      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+      as TROVE-2017-012 and CVE-2017-8822.
+
+  o Minor features (bridge, backport from 0.3.1.9):
+    - Bridges now include notice in their descriptors that they are
+      bridges, and notice of their distribution status, based on their
+      publication settings. Implements ticket 18329. For more fine-
+      grained control of how a bridge is distributed, upgrade to 0.3.2.x
+      or later.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.15 - 2017-10-25
+  Tor 0.2.5.15 backports a collection of bugfixes from later Tor release
+  series. It also adds a new directory authority, Bastet.
+
+  Note: the Tor 0.2.5 series will no longer be supported after 1 May
+  2018. If you need a release with long-term support, please upgrade to
+  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+  o Directory authority changes:
+    - Add "Bastet" as a ninth directory authority to the default list.
+      Closes ticket 23910.
+    - The directory authority "Longclaw" has changed its IP address.
+      Closes ticket 23592.
+
+  o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+    - Avoid an assertion failure bug affecting our implementation of
+      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+      handling of "0xx" differs from what we had expected. Fixes bug
+      22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
+    - Fix a memset() off the end of an array when packing cells. This
+      bug should be harmless in practice, since the corrupted bytes are
+      still in the same structure, and are always padding bytes,
+      ignored, or immediately overwritten, depending on compiler
+      behavior. Nevertheless, because the memset()'s purpose is to make
+      sure that any other cell-handling bugs can't expose bytes to the
+      network, we need to fix it. Fixes bug 22737; bugfix on
+      0.2.4.11-alpha. Fixes CID 1401591.
+
+  o Build features (backport from 0.3.1.5-alpha):
+    - Tor's repository now includes a Travis Continuous Integration (CI)
+      configuration file (.travis.yml). This is meant to help new
+      developers and contributors who fork Tor to a Github repository be
+      better able to test their changes, and understand what we expect
+      to pass. To use this new build feature, you must fork Tor to your
+      Github account, then go into the "Integrations" menu in the
+      repository settings for your fork and enable Travis, then push
+      your changes. Closes ticket 22636.
+
+
+Changes in version 0.2.5.14 - 2017-06-08
+  Tor 0.2.5.14 backports a fix for a bug that would allow an attacker to
+  remotely crash a hidden service with an assertion failure. Anyone
+  running a hidden service should upgrade to this version, or to some
+  other version with fixes for TROVE-2017-005.  (Versions before 0.3.0
+  are not affected by TROVE-2017-004.)
+
+  o Major bugfixes (hidden service, relay, security):
+    - Fix a remotely triggerable assertion failure caused by receiving a
+      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+      on 0.2.2.1-alpha.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (correctness):
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+
+Changes in version 0.2.5.13 - 2017-03-03
+  Tor 0.2.5.13 backports a number of security fixes from later Tor
+  releases.  Anybody running Tor 0.2.5.13 or earlier should upgrade to
+  this release, if for some reason they cannot upgrade to a later
+  release series.
+
+  Note that support for Tor 0.2.5.x is ending next year: we will not issue
+  any fixes for the Tor 0.2.5.x series after 1 May 2018.  If you need
+  a Tor release series with longer-term support, we recommend Tor 0.2.9.x.
+
+  o Directory authority changes (backport from 0.2.8.5-rc):
+    - Urras is no longer a directory authority. Closes ticket 19271.
+
+  o Directory authority changes (backport from 0.2.9.2-alpha):
+    - The "Tonga" bridge authority has been retired; the new bridge
+      authority is "Bifroest". Closes tickets 19728 and 19690.
+
+  o Directory authority key updates (backport from 0.2.8.1-alpha):
+    - Update the V3 identity key for the dannenberg directory authority:
+      it was changed on 18 November 2015. Closes task 17906. Patch
+      by "teor".
+
+  o Major features (security fixes, backport from 0.2.9.4-alpha):
+    - Prevent a class of security bugs caused by treating the contents
+      of a buffer chunk as if they were a NUL-terminated string. At
+      least one such bug seems to be present in all currently used
+      versions of Tor, and would allow an attacker to remotely crash
+      most Tor instances, especially those compiled with extra compiler
+      hardening. With this defense in place, such bugs can't crash Tor,
+      though we should still fix them as they occur. Closes ticket
+      20384 (TROVE-2016-10-001).
+
+  o Major bugfixes (parsing, security, backport from 0.2.9.8):
+    - Fix a bug in parsing that could cause clients to read a single
+      byte past the end of an allocated region. This bug could be used
+      to cause hardened clients (built with --enable-expensive-hardening)
+      to crash if they tried to visit a hostile hidden service. Non-
+      hardened clients are only affected depending on the details of
+      their platform's memory allocator. Fixes bug 21018; bugfix on
+      0.2.0.8-alpha. Found by using libFuzzer. Also tracked as TROVE-
+      2016-12-002 and as CVE-2016-1254.
+
+  o Major bugfixes (security, client, DNS proxy, backport from 0.2.8.3-alpha):
+    - Stop a crash that could occur when a client running with DNSPort
+      received a query with multiple address types, and the first
+      address type was not supported. Found and fixed by Scott Dial.
+      Fixes bug 18710; bugfix on 0.2.5.4-alpha.
+
+  o Major bugfixes (security, correctness, backport from 0.2.7.4-rc):
+    - Fix an error that could cause us to read 4 bytes before the
+      beginning of an openssl string. This bug could be used to cause
+      Tor to crash on systems with unusual malloc implementations, or
+      systems with unusual hardening installed. Fixes bug 17404; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (security, pointers, backport from 0.2.8.2-alpha):
+    - Avoid a difficult-to-trigger heap corruption attack when extending
+      a smartlist to contain over 16GB of pointers. Fixes bug 18162;
+      bugfix on 0.1.1.11-alpha, which fixed a related bug incompletely.
+      Reported by Guido Vranken.
+
+  o Major bugfixes (dns proxy mode, crash, backport from 0.2.8.2-alpha):
+    - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+      bugfix on 0.2.0.1-alpha. Patch from "cypherpunks".
+
+  o Major bugfixes (guard selection, backport from 0.2.7.6):
+    - Actually look at the Guard flag when selecting a new directory
+      guard. When we implemented the directory guard design, we
+      accidentally started treating all relays as if they have the Guard
+      flag during guard selection, leading to weaker anonymity and worse
+      performance. Fixes bug 17772; bugfix on 0.2.4.8-alpha. Discovered
+      by Mohsen Imani.
+
+  o Major bugfixes (key management, backport from 0.2.8.3-alpha):
+    - If OpenSSL fails to generate an RSA key, do not retain a dangling
+      pointer to the previous (uninitialized) key value. The impact here
+      should be limited to a difficult-to-trigger crash, if OpenSSL is
+      running an engine that makes key generation failures possible, or
+      if OpenSSL runs out of memory. Fixes bug 19152; bugfix on
+      0.2.1.10-alpha. Found by Yuan Jochen Kang, Suman Jana, and
+      Baishakhi Ray.
+
+  o Major bugfixes (parsing, backported from 0.3.0.4-rc):
+    - Fix an integer underflow bug when comparing malformed Tor
+      versions. This bug could crash Tor when built with
+      --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
+      0.2.9.8, which were built with -ftrapv by default. In other cases
+      it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
+      on 0.0.8pre1. Found by OSS-Fuzz.
+
+  o Minor features (security, memory erasure, backport from 0.2.8.1-alpha):
+    - Make memwipe() do nothing when passed a NULL pointer or buffer of
+      zero size. Check size argument to memwipe() for underflow. Fixes
+      bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk",
+      patch by "teor".
+
+  o Minor features (bug-resistance, backport from 0.2.8.2-alpha):
+    - Make Tor survive errors involving connections without a
+      corresponding event object. Previously we'd fail with an
+      assertion; now we produce a log message. Related to bug 16248.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation, backport from 0.2.7.6):
+    - Fix a compilation warning with Clang 3.6: Do not check the
+      presence of an address which can never be NULL. Fixes bug 17781.
+
+  o Minor bugfixes (crypto error-handling, backport from 0.2.7.2-alpha):
+    - Check for failures from crypto_early_init, and refuse to continue.
+      A previous typo meant that we could keep going with an
+      uninitialized crypto library, and would have OpenSSL initialize
+      its own PRNG. Fixes bug 16360; bugfix on 0.2.5.2-alpha, introduced
+      when implementing ticket 4900. Patch by "teor".
+
+  o Minor bugfixes (hidden service, backport from 0.2.7.1-alpha):
+    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells on
+      a client authorized hidden service. Fixes bug 15823; bugfix
+      on 0.2.1.6-alpha.
+
+
+Changes in version 0.2.5.12 - 2015-04-06
+  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.5.11 - 2015-03-17
+  Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+  It backports several bugfixes from the 0.2.6 branch, including a
+  couple of medium-level security fixes for relays and exit nodes.
+  It also updates the list of directory authorities.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Minor features (controller):
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (compilation):
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+  Tor 0.2.4.26 includes an updated list of directory authorities.  It
+  also backports a couple of stability and security bugfixes from 0.2.5
+  and beyond.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.10 - 2014-10-24
+  Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
+
+  It adds several new security features, including improved
+  denial-of-service resistance for relays, new compiler hardening
+  options, and a system-call sandbox for hardened installations on Linux
+  (requires seccomp2). The controller protocol has several new features,
+  resolving IPv6 addresses should work better than before, and relays
+  should be a little more CPU-efficient. We've added support for more
+  OpenBSD and FreeBSD transparent proxy types. We've improved the build
+  system and testing infrastructure to allow unit testing of more parts
+  of the Tor codebase. Finally, we've addressed several nagging pluggable
+  transport usability issues, and included numerous other small bugfixes
+  and features mentioned below.
+
+  This release marks end-of-life for Tor 0.2.3.x; those Tor versions
+  have accumulated many known flaws; everyone should upgrade.
+
+  o Deprecated versions:
+    - Tor 0.2.3.x has reached end-of-life; it has received no patches or
+      attention for some while.
+
+
+Changes in version 0.2.5.9-rc - 2014-10-20
+  Tor 0.2.5.9-rc is the third release candidate for the Tor 0.2.5.x
+  series. It disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor). It also contains a few miscellaneous fixes.
+
+  o Major security fixes:
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+  o Minor bugfixes:
+    - Disable the sandbox name resolver cache when running tor-resolve:
+      tor-resolve doesn't use the sandbox code, and turning it on was
+      breaking attempts to do tor-resolve on a non-default server on
+      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
+
+  o Compilation fixes:
+    - Build and run correctly on systems like OpenBSD-current that have
+      patched OpenSSL to remove get_cipher_by_char and/or its
+      implementations. Fixes issue 13325.
+
+  o Downgraded warnings:
+    - Downgrade the severity of the 'unexpected sendme cell from client'
+      from 'warn' to 'protocol warning'. Closes ticket 8093.
+
+
+Changes in version 0.2.4.25 - 2014-10-20
+  Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor).
+
+  o Major security fixes (also in 0.2.5.9-rc):
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+
+Changes in version 0.2.5.8-rc - 2014-09-22
+  Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
+  series. It fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+
+Changes in version 0.2.4.24 - 2014-09-22
+  Tor 0.2.4.24 fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.7-rc - 2014-09-11
+  Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x
+  release series, and some long-standing bugs related to ORPort reachability
+  testing and failure to send CREATE cells. It is the first release
+  candidate for the Tor 0.2.5.x series.
+
+  o Major bugfixes (client, startup):
+    - Start making circuits as soon as DisabledNetwork is turned off.
+      When Tor started with DisabledNetwork set, it would correctly
+      conclude that it shouldn't build circuits, but it would mistakenly
+      cache this conclusion, and continue believing it even when
+      DisableNetwork is set to 0. Fixes the bug introduced by the fix
+      for bug 11200; bugfix on 0.2.5.4-alpha.
+    - Resume expanding abbreviations for command-line options. The fix
+      for bug 4647 accidentally removed our hack from bug 586 that
+      rewrote HashedControlPassword to __HashedControlSessionPassword
+      when it appears on the commandline (which allowed the user to set
+      her own HashedControlPassword in the torrc file while the
+      controller generates a fresh session password for each run). Fixes
+      bug 12948; bugfix on 0.2.5.1-alpha.
+    - Warn about attempts to run hidden services and relays in the same
+      process: that's probably not a good idea. Closes ticket 12908.
+
+  o Major bugfixes (relay):
+    - Avoid queuing or sending destroy cells for circuit ID zero when we
+      fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
+      Found and fixed by "cypherpunks".
+    - Fix ORPort reachability detection on relays running behind a
+      proxy, by correctly updating the "local" mark on the controlling
+      channel when changing the address of an or_connection_t after the
+      handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
+
+  o Minor features (bridge):
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (logging):
+    - Reduce the log severity of the "Pluggable transport proxy does not
+      provide any needed transports and will not be launched." message,
+      since Tor Browser includes several ClientTransportPlugin lines in
+      its torrc-defaults file, leading every Tor Browser user who looks
+      at her logs to see these notices and wonder if they're dangerous.
+      Resolves bug 13124; bugfix on 0.2.5.3-alpha.
+    - Downgrade "Unexpected onionskin length after decryption" warning
+      to a protocol-warn, since there's nothing relay operators can do
+      about a client that sends them a malformed create cell. Resolves
+      bug 12996; bugfix on 0.0.6rc1.
+    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
+      cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
+    - When logging information about an EXTEND2 or EXTENDED2 cell, log
+      their names correctly. Fixes part of bug 12700; bugfix
+      on 0.2.4.8-alpha.
+    - When logging information about a relay cell whose command we don't
+      recognize, log its command as an integer. Fixes part of bug 12700;
+      bugfix on 0.2.1.10-alpha.
+    - Escape all strings from the directory connection before logging
+      them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
+
+  o Minor bugfixes (controller):
+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes
+      bug 12864; bugfix on 0.2.5.1-alpha.
+    - Actually send TRANSPORT_LAUNCHED and HS_DESC events to
+      controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
+      by "teor".
+
+  o Minor bugfixes (compilation):
+    - Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
+      bugfix on 0.2.5.5-alpha.
+    - Make the nmake make files work again. Fixes bug 13081. Bugfix on
+      0.2.5.1-alpha. Patch from "NewEraCracker".
+    - In routerlist_assert_ok(), don't take the address of a
+      routerinfo's cache_info member unless that routerinfo is non-NULL.
+      Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
+    - Fix a large number of false positive warnings from the clang
+      analyzer static analysis tool. This should make real warnings
+      easier for clang analyzer to find. Patch from "teor". Closes
+      ticket 13036.
+
+  o Distribution (systemd):
+    - Verify configuration file via ExecStartPre in the systemd unit
+      file. Patch from intrigeri; resolves ticket 12730.
+    - Explicitly disable RunAsDaemon in the systemd unit file. Our
+      current systemd unit uses "Type = simple", so systemd does not
+      expect tor to fork. If the user has "RunAsDaemon 1" in their
+      torrc, then things won't work as expected. This is e.g. the case
+      on Debian (and derivatives), since there we pass "--defaults-torrc
+      /usr/share/tor/tor-service-defaults-torrc" (that contains
+      "RunAsDaemon 1") by default. Patch by intrigeri; resolves
+      ticket 12731.
+
+  o Documentation:
+    - Adjust the URLs in the README to refer to the new locations of
+      several documents on the website. Fixes bug 12830. Patch from
+      Matt Pagan.
+    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
+      ticket 12878.
+
+
+Changes in version 0.2.5.6-alpha - 2014-07-28
+  Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
+  risk from guard rotation, and fixes a variety of other issues to get
+  us closer to a release candidate.
+
+  o Major features (also in 0.2.4.23):
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes (also in 0.2.4.23):
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Major bugfixes:
+    - Perform circuit cleanup operations even when circuit
+      construction operations are disabled (because the network is
+      disabled, or because there isn't enough directory information).
+      Previously, when we were not building predictive circuits, we
+      were not closing expired circuits either. Fixes bug 8387; bugfix on
+      0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
+      became more strict about when we have "enough directory information
+      to build circuits".
+
+  o Minor features:
+    - Authorities now assign the Guard flag to the fastest 25% of the
+      network (it used to be the fastest 50%). Also raise the consensus
+      weight that guarantees the Guard flag from 250 to 2000. For the
+      current network, this results in about 1100 guards, down from 2500.
+      This step paves the way for moving the number of entry guards
+      down to 1 (proposal 236) while still providing reasonable expected
+      performance for most users. Implements ticket 12690.
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+    - Slightly enhance the diagnostic message for bug 12184.
+
+  o Minor bugfixes (also in 0.2.4.23):
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes:
+    - Fix compilation when building with bufferevents enabled. (This
+      configuration is still not expected to work, however.)
+      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
+      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
+      Gunasekaran.
+    - Compile correctly with builds and forks of OpenSSL (such as
+      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
+      0.2.1.1-alpha. Patch from "dhill".
+
+
+Changes in version 0.2.4.23 - 2014-07-28
+  Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
+  guard rotation, and also backports several important fixes from the
+  Tor 0.2.5 alpha release series.
+
+  o Major features:
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes:
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Minor bugfixes:
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+    - Avoid an illegal read from stack when initializing the TLS
+      module using a version of OpenSSL without all of the ciphers
+      used by the v2 link handshake. Fixes bug 12227; bugfix on
+      0.2.4.8-alpha.  Found by "starlight".
+
+  o Minor features:
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+
+
 Changes in version 0.2.5.5-alpha - 2014-06-18
   Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
   0.2.5.x release series, including a couple of DoS issues, some

changes/13295

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Disable sandbox name resolver cache when running tor-resolve:
-      tor-resolve doesn't use the sandbox code, and turning it on was
-      breaking attempts to do tor-resolve on a non-default server on
-      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.

changes/19271

@@ -1,2 +0,0 @@
-  o Directory authority changes:
-    - Urras is no longer a directory authority. Closes ticket 19271.

changes/bifroest

@@ -1,3 +0,0 @@
-  o Directory authority changes (also in 0.2.8.7):
-    - The "Tonga" bridge authority has been retired; the new bridge
-      authority is "Bifroest". Closes tickets 19728 and 19690.

changes/bufferevent_compilation

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Fix compilation when building with bufferevents enabled. (This
-      configuration is still not expected to work, however.)
-      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
-      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
-      Gunasekaran.

changes/bug1038-3

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-    - Warn and drop the circuit if we receive an inbound 'relay early'
-      cell. Those used to be normal to receive on hidden service circuits
-      due to bug 1038, but the buggy Tor versions are long gone from
-      the network so we can afford to resume watching for them. Resolves
-      the rest of bug 1038; bugfix on 0.2.1.19.

changes/bug11200-caching

@@ -1,7 +0,0 @@
-  o Major bugfixes:
-    - When Tor starts with DisabledNetwork set, it would correctly
-      conclude that it shouldn't try making circuits, but it would
-      mistakenly cache this conclusion and continue believing it even
-      when DisableNetwork is set to 0. Fixes the bug introduced by the
-      fix for bug 11200; bugfix on 0.2.5.4-alpha.
-

changes/bug12160

@@ -1,4 +0,0 @@
- o Bugfixes
-   - Correctly update the local mark on the controlling channel when changing
-     the address of an or_connection_t after the handshake.  Fixes bug #12160;
-     bugfix on 0.2.4.4-alpha.

changes/bug12602

@@ -1,5 +0,0 @@
-  o Minor bugfixes (portability):
-    - Compile correctly with builds and forks of OpenSSL (such as
-      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
-      0.2.1.1-alpha. Patch from "dhill".
-

changes/bug12700

@@ -1,10 +0,0 @@
-  o Minor bugfixes:
-    - When logging information about an EXTEND2 or EXTENDED2 cell, log
-      their names correctly. Fixes part of bug 12700; bugfix on
-      0.2.4.8-alpha.
-
-  o Minor bugfixes:
-    - When logging information about a relay cell whose command we
-      don't recognize, log its command as an integer. Fixes part of
-      bug 12700; bugfix on 0.2.1.10-alpha.
-

changes/bug12718

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Correct a confusing error message when trying to extend a circuit
-      via the control protocol but we don't know a descriptor or
-      microdescriptor for one of the specified relays. Fixes bug 12718;
-      bugfix on 0.2.3.1-alpha.

changes/bug12730-systemd-verify-config

@@ -1,3 +0,0 @@
-  o Distribution:
-    - Verify configuration file via ExecStartPre in the systemd unit file.
-      Patch from intrigeri; resolves ticket 12730.

changes/bug12731-systemd-no-run-as-daemon

@@ -1,9 +0,0 @@
-  o Distribution:
-    - Explicitly disable RunAsDaemon in the systemd unit file.
-      Our current systemd unit uses "Type = simple", so systemd does
-      not expect tor to fork. If the user has "RunAsDaemon 1" in their
-      torrc, then things won't work as expected. This is e.g. the case
-      on Debian (and derivatives), since there we pass
-      "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
-      (that contains "RunAsDaemon 1") by default.
-      Patch by intrigeri; resolves ticket 12731.

changes/bug12830

@@ -1,4 +0,0 @@
-  o Documentation:
-    - Adjust the URLs in the README to refer to the new locations of
-      several documents on the website. Patch from Matt Pagan. Fixes
-      bug 12830.

changes/bug12848

@@ -1,4 +0,0 @@
-  o Major bugfixes (relay):
-    - Avoid queuing or sending destroy cells for circuit ID zero when
-      we fail to send a CREATE cell. Fixes bug 12848; bugfix on
-      0.0.8pre1. Found and fixed by "cypherpunks".

changes/bug12864

@@ -1,7 +0,0 @@
-  o Minor bugfixes:
-    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
-      12864; bugfix on 0.2.5.1-alpha.
-
-  o Minor features:
-    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
-      cookie file for the ExtORPort g+r by default.

changes/bug12878

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves 
-      ticket 12878.

changes/bug12908

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Warn about attempts to run hidden services and relays in the
-      same process: that's probably not a good idea. Closes ticket
-      12908.

changes/bug12948

@@ -1,8 +0,0 @@
-  o Major bugfixes:
-    - Resume expanding abbreviations for command-line options. The fix
-      for bug 4647 accidentally removed our hack from bug 586 that rewrote
-      HashedControlPassword to __HashedControlSessionPassword when it
-      appears on the commandline (which allowed the user to set her
-      own HashedControlPassword in the torrc file while the controller
-      generates a fresh session password for each run). Fixes bug 12948;
-      bugfix on 0.2.5.1-alpha.

changes/bug12996

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Downgrade "Unexpected onionskin length after decryption" warning
-      to a protocol-warn, since there's nothing relay operators can do
-      about a client that sends them a malformed create cell. Resolves
-      bug 12996; bugfix on 0.0.6rc1.

changes/bug12997

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell
-      on a cannibalized or non-OR circuit. Resolves ticket 12997.

changes/bug13071

@@ -1,3 +0,0 @@
-  o Minor bugfixes (relay):
-    - Escape all strings from the directory connection before logging them.
-      Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".

changes/bug13081

@@ -1,3 +0,0 @@
-  o Compilation fixes:
-    - Make the nmake make files work again. Fixes bug 13081. Bugfix on 0.2.5.1-alpha. Patch
-      from "NewEraCracker".

changes/bug13085

@@ -1,3 +0,0 @@
-  o Minor bugfixes (controller):
-    - Actually send TRANSPORT_LAUNCHED and HS_DESC events to controllers.
-      Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch by "teor".

changes/bug13096

@@ -1,4 +0,0 @@
-  o Minor bugfixes (conformance):
-    - In routerlist_assert_ok(), don't take the address of a routerinfo's
-      cache_info member unless that routerinfo is non-NULL. Fixes bug
-      13096; bugfix on 0.1.1.9-alpha. Patch by "teor".

changes/bug13100

@@ -1,3 +0,0 @@
-  o Directory authority changes:
-    - Change IP address for gabelmoo (v3 directory authority).
-

changes/bug13124

@@ -1,8 +0,0 @@
-  o Minor bugfixes:
-    - Reduce the log severity of the "Pluggable transport proxy does
-      not provide any needed transports and will not be launched."
-      message, since Tor Browser includes several ClientTransportPlugin
-      lines in its torrc-defaults file, leading every Tor Browser user
-      who looks at her logs to see these notices and wonder if they're
-      dangerous. Resolves bug 13124; bugfix on 0.2.5.3-alpha.
-

changes/bug13151-client

@@ -1,13 +0,0 @@
-  o Major bugfixes:
-    - Clients now send the correct address for their chosen rendezvous
-      point when trying to access a hidden service. They used to send
-      the wrong address, which would still work some of the time because
-      they also sent the identity digest of the rendezvous point, and if
-      the hidden service happened to try connecting to the rendezvous
-      point from a relay that already had a connection open to it,
-      the relay would reuse that connection. Now connections to hidden
-      services should be more robust and faster. Also, this bug meant
-      that clients were leaking to the hidden service whether they were
-      on a little-endian (common) or big-endian (rare) system, which for
-      some users might have reduced their anonymity. Fixes bug 13151;
-      bugfix on 0.2.1.5-alpha.

changes/bug13296

@@ -1,5 +0,0 @@
-  o Directory authority changes:
-    - Remove turtles as a directory authority.
-    - Add longclaw as a new (v3) directory authority. This implements
-      ticket 13296. This keeps the directory authority count at 9.
-

changes/bug13325

@@ -1,4 +0,0 @@
-  o Compilation fixes:
-    - Build and run correctly on systems like OpenBSD-current that
-      have patched OpenSSL to remove get_cipher_by_char and/or its
-      implementations. Fixes issue 13325.

changes/bug13471

@@ -1,5 +0,0 @@
-  o Major bugfixes (openssl bug workaround):
-    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
-      1.0.1j, built with the 'no-ssl3' configuration option. Fixes
-      bug 13471. This is a workaround for an OpenSSL bug.
-

changes/bug13988

@@ -1,3 +0,0 @@
-  o Minor bugfixes (statistics):
-    - Increase period over which bandwidth observations are aggregated
-      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.

changes/bug14013

@@ -1,6 +0,0 @@
-  o Major bugfixes:
-    - When reading a hexadecimal, base-32, or base-64 encoded value
-      from a string, always overwrite the complete output buffer. This
-      prevents some bugs where we would look at (but fortunately, not
-      reveal) uninitialized memory on the stack. Fixes bug 14013;
-      bugfix on all versions of Tor.

changes/bug14125

@@ -1,5 +0,0 @@
-  o Minor bugfixes (dirauth):
-    - Enlarge the buffer to read bw-auth generated files to avoid an
-      issue when parsing the file in dirserv_read_measured_bandwidths().
-      Bugfix on 0.2.2.1-alpha, fixes #14125.
-

changes/bug14129

@@ -1,7 +0,0 @@
-  o Major bugfixes (exit node stability):
-
-    - Fix an assertion failure that could occur under high DNS load.  Fixes
-      bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr"; diagnosed and fixed
-      by "cypherpunks".
-
-

changes/bug14142-parse-virtual-addr

@@ -1,7 +0,0 @@
-  o Minor bugfixes (client):
-    - Check for a missing option value in parse_virtual_addr_network
-      before asserting on the NULL in tor_addr_parse_mask_ports.
-      This avoids crashing on torrc lines like
-      Vi[rtualAddrNetworkIPv[4|6]] when no value follows the option.
-      Bugfix on 0.2.3 (de4cc126cbb5 on 24 November 2012), fixes #14142.
-      Patch by "teor".

changes/bug14195

@@ -1,3 +0,0 @@
-  o Minor bugfixes (client):
-    - Fix a memory leak when using AutomapHostsOnResolve.
-      Fixes bug 14195; bugfix on 0.1.0.1-rc.

changes/bug14220

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Build without warnings with the stock OpenSSL srtp.h header,
-      which has a duplicate declaration of SSL_get_selected_srtp_profile().
-      Fixes bug 14220; this is OpenSSL's bug, not ours.

changes/bug14261

@@ -1,5 +0,0 @@
-  O Minor bugfixes (directory authority):
-    - Allow directory authorities to fetch more data from one
-      another if they find themselves missing lots of votes.
-      Previously, they had been bumping against the 10 MB queued
-      data limit. Fixes bug 14261. Bugfix on 0.1.2.5-alpha.

changes/bug15083

@@ -1,10 +0,0 @@
-  o Major bugfixes (relay, stability, possible security):
-    - Fix a bug that could lead to a relay crashing with an assertion
-      failure if a buffer of exactly the wrong layout was passed
-      to buf_pullup() at exactly the wrong time. Fixes bug 15083;
-      bugfix on 0.2.0.10-alpha. Patch from 'cypherpunks'.
-
-    - Do not assert if the 'data' pointer on a buffer is advanced to the very
-      end of the buffer; log a BUG message instead.  Only assert if it is
-      past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
-

changes/bug15088

@@ -1,4 +0,0 @@
-  o Minor bugfixes (Linux seccomp2 sandbox):
-    - Upon receiving sighup, do not crash during attempts to call
-      wait4. Fixes bug 15088; bugfix on 0.2.5.1-alpha. Patch from
-      "sanic".

changes/bug15205

@@ -1,5 +0,0 @@
-  o Major bugfixes (crash, OSX, security):
-    - Fix a remote denial-of-service opportunity caused by a bug
-      in OSX's _strlcat_chk() function. Fixes bug 15205; bug first
-      appeared in OSX 10.9. 
-      

changes/bug15515

@@ -1,4 +0,0 @@
-  o Minor features (DoS-resistance):
-    - Make it harder for attackers to overwhelm hidden services with
-      introductions, by blocking multiple introduction requests on the
-      same circuit. Resolves ticket #15515.

changes/bug15600

@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden service):
-    - Fix an issue that would allow a malicious client to trigger
-      an assertion failure and halt a hidden service. Fixes
-      bug 15600; bugfix on 0.2.1.6-alpha. Reported by "skruffy".
-

changes/bug15601

@@ -1,4 +0,0 @@
-  o Major bugfixes (security, hidden service):
-    - Fix a bug that could cause a client to crash with an assertion
-      failure when parsing a malformed hidden service descriptor.
-      Fixes bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnCha".

changes/bug15823

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - Fix an out-of-bounds read when parsing invalid INTRODUCE2 cells
-      on a client authorized hidden service. Fixes bug 15823; bugfix
-      on 0.2.1.6-alpha.

changes/bug16248

@@ -1,8 +0,0 @@
-  o Major bugfixes (dns proxy mode, crash):
-    - Avoid crashing when running as a DNS proxy. Closes bug 16248; bugfix on
-      0.2.0.1-alpha. Patch from 'cypherpunks'.
-
-  o Minor features (bug-resistance):
-    - Make Tor survive errors involving connections without a corresponding
-      event object. Previously we'd fail with an assertion; now we produce a
-      log message. Related to bug 16248.

changes/bug16360-failed-crypto-early-init

@@ -1,7 +0,0 @@
-  o Minor bugfixes (crypto error-handling):
-    - If crypto_early_init fails, a typo in a return value from tor_init
-      means that tor_main continues running, rather than returning
-      an error value.
-      Fixes bug 16360; bugfix on d3fb846d8c98 in 0.2.5.2-alpha,
-      introduced when implementing #4900.
-      Patch by "teor".

changes/bug17404

@@ -1,6 +0,0 @@
-  o Major bugfixes (security, correctness):
-    - Fix a programming error that could cause us to read 4 bytes before
-      the beginning of an openssl string. This could be used to provoke
-      a crash on systems with an unusual malloc implementation, or
-      systems with unsual hardening installed. Fixes bug 17404; bugfix
-      on 0.2.3.6-alpha.

changes/bug17772

@@ -1,7 +0,0 @@
-  o Major bugfixes (guard selection):
-    - Actually look at the Guard flag when selecting a new directory
-      guard. When we implemented the directory guard design, we
-      accidentally started treating all relays as if they have the Guard
-      flag during guard selection, leading to weaker anonymity and worse
-      performance. Fixes bug 17222; bugfix on 0.2.4.8-alpha. Discovered
-      by Mohsen Imani.

changes/bug17781

@@ -1,3 +0,0 @@
-  o Compilation fixes:
-    - Fix a compilation warning with Clang 3.6: Do not check the
-      presence of an address which can never be NULL. Fixes bug 17781.

changes/bug17906

@@ -1,4 +0,0 @@
-  o Minor features (authorities):
-    - Update the V3 identity key for dannenberg, it was changed on
-      18 November 2015.
-      Closes task #17906. Patch by "teor".

changes/bug18089

@@ -1,6 +0,0 @@
-  o Minor fixes (security):
-    - Make memwipe() do nothing when passed a NULL pointer
-      or zero size. Check size argument to memwipe() for underflow.
-      Closes bug #18089. Reported by "gk", patch by "teor".
-      Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
-      commit 49dd5ef3 on 7 Nov 2012.

changes/bug18162

@@ -1,7 +0,0 @@
-  o Major bugfixes (security, pointers):
-
-    - Avoid a difficult-to-trigger heap corruption attack when extending
-      a smartlist to contain over 16GB of pointers. Fixes bug #18162;
-      bugfix on Tor 0.1.1.11-alpha, which fixed a related bug
-      incompletely. Reported by Guido Vranken.
-

changes/bug18329-minimal

@@ -1,6 +0,0 @@
-  o Minor features (bridge):
-    - Bridges now include notice in their descriptors that they are bridges,
-      and notice of their distribution status, based on their publication
-      settings.  Implements ticket 18329.  For more fine-grained control of
-      how a bridge is distributed, upgrade to 0.3.2.x or later.
-

changes/bug18710

@@ -1,6 +0,0 @@
-  o Major bugfixes (DNS proxy):
-    - Stop a crash that could occur when a client running with DNSPort
-      received a query with multiple address types, where the first
-      address type was not supported. Found and fixed by Scott Dial.
-      Fixes bug 18710; bugfix on 0.2.5.4-alpha.
-

changes/bug20384

@@ -1,10 +0,0 @@
-  o Major features (security fixes):
-    - Prevent a class of security bugs caused by treating the contents
-      of a buffer chunk as if they were a NUL-terminated string. At
-      least one such bug seems to be present in all currently used
-      versions of Tor, and would allow an attacker to remotely crash
-      most Tor instances, especially those compiled with extra compiler
-      hardening. With this defense in place, such bugs can't crash Tor,
-      though we should still fix them as they occur. Closes ticket
-      20384 (TROVE-2016-10-001).
-

changes/bug21018

@@ -1,11 +0,0 @@
-  o Major bugfixes (parsing, security):
-
-    - Fix a bug in parsing that could cause clients to read a single
-      byte past the end of an allocated region. This bug could be
-      used to cause hardened clients (built with
-      --enable-expensive-hardening) to crash if they tried to visit
-      a hostile hidden service.  Non-hardened clients are only
-      affected depending on the details of their platform's memory
-      allocator. Fixes bug 21018; bugfix on 0.2.0.8-alpha. Found by
-      using libFuzzer. Also tracked as TROVE-2016-12-002 and as
-      CVE-2016-1254.

changes/bug22490

@@ -1,3 +0,0 @@
-  o Minor bugfixes (correctness):
-    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
-      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

changes/bug22636

@@ -1,8 +0,0 @@
- o Build features:
-   - Tor's repository now includes a Travis Continuous Integration (CI)
-     configuration file (.travis.yml). This is meant to help new developers and
-     contributors who fork Tor to a Github repository be better able to test
-     their changes, and understand what we expect to pass. To use this new build
-     feature, you must fork Tor to your Github account, then go into the
-     "Integrations" menu in the repository settings for your fork and enable
-     Travis, then push your changes.

changes/bug22737

@@ -1,12 +0,0 @@
-  o Minor bugfixes (defensive programming, undefined behavior):
-
-    - Fix a memset() off the end of an array when packing cells.  This
-      bug should be harmless in practice, since the corrupted bytes
-      are still in the same structure, and are always padding bytes,
-      ignored, or immediately overwritten, depending on compiler
-      behavior. Nevertheless, because the memset()'s purpose is to
-      make sure that any other cell-handling bugs can't expose bytes
-      to the network, we need to fix it. Fixes bug 22737; bugfix on
-      0.2.4.11-alpha. Fixes CID 1401591.
-
-

changes/bug22789

@@ -1,7 +0,0 @@
-  o Major bugfixes (openbsd, denial-of-service):
-    - Avoid an assertion failure bug affecting our implementation of
-      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
-      handling of "0xfoo" differs from what we had expected.
-      Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as
-      TROVE-2017-007.
-

changes/bug8093

@@ -1,3 +0,0 @@
-  o Downgraded warnings:
-    - Downgrade the severity of the 'unexpected sendme cell from client' from
-      'warn' to 'protocol warning'. Closes ticket 8093.

changes/bug8387

@@ -1,11 +0,0 @@
-  o Major bugfixes (client):
-
-    - Perform circuit cleanup operations even when circuit
-      construction operations are disabled (because the network is
-      disabled, or because there isn't enough directory information).
-      Previously, when we were not building predictive circuits, we
-      were not closing expired circuits either.
-
-      Fixes bug 8387; bugfix on 0.1.1.11-alpha. This bug became visible
-      in 0.2.4.10-alpha when we became more strict about when we have
-      "enough directory information to build circuits".

changes/curve25519-donna32-bug

@@ -1,12 +0,0 @@
-  o Major bugfixes:
-
-    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
-      implementation that caused incorrect results on 32-bit
-      implementations when certain malformed inputs were used along with
-      a small class of private ntor keys. This bug does not currently
-      appear to allow an attacker to learn private keys or impersonate a
-      Tor server, but it could provide a means to distinguish 32-bit Tor
-      implementations from 64-bit Tor implementations. Fixes bug 12694;
-      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
-      Adam Langley.
-

changes/disable_sslv3

@@ -1,4 +0,0 @@
-  o Major security fixes:
-    - Disable support for SSLv3. All versions of OpenSSL in use with
-      Tor today support TLS 1.0 or later, so we can safely turn off
-      support for this old (and insecure) protocol. Fixes bug 13426.

changes/further-12184-diagnostic

@@ -1,2 +0,0 @@
-  o Minor features (diagnostic):
-    - Slightly enhance the diagnostic message for bug 12184.

changes/geoip-2017-11-06

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-april2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the April 8 2015 Maxmind GeoLite2 Country database.
-

changes/geoip-april2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the April 5 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-april2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-august2014

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the August 7 2014 Maxmind GeoLite2 Country database.
-

changes/geoip-august2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the August 2 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-august2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-december2015

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the December 1 2015 Maxmind GeoLite2
-      Country database.
-

changes/geoip-december2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the December 7 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-february2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-february2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-january2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the January 7 2015 Maxmind GeoLite2 Country database.
-

changes/geoip-january2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-january2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the January 4 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-july2014

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the July 10 2014 Maxmind GeoLite2 Country database.
-

changes/geoip-july2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the July 8 2015 Maxmind GeoLite2 Country database.
-

changes/geoip-july2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the July 6 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-july2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-jun2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the June 7 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-june2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the June 3 2015 Maxmind GeoLite2 Country database.
-

changes/geoip-june2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-march2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
-

changes/geoip-march2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the March 3 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-march2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-may2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the May 4 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-may2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-november2014

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip to the November 15 2014 Maxmind GeoLite2 Country database.
-

changes/geoip-november2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the November 3 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-october2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the October 9 2015 Maxmind GeoLite2 Country database.
-

changes/geoip-october2016

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the October 4 2016 Maxmind GeoLite2
-      Country database.
-

changes/geoip-october2017

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-september2015

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the September 3 2015 Maxmind GeoLite2 Country database.
-