Merge branch 'maint-0.3.0' into release-0.3.0

This was generated by taking all the changelogs, sorting and
collating them, and removing everything that said "bugfix on 0.3.0".

ChangeLog

@@ -1,4 +1,713 @@
-Changes in version 0.3.0.4-??? - 2017-02-??
+Changes in version 0.3.0.13 - 2017-12-01
+  Tor 0.3.0.13 backports important security and stability bugfixes from
+  later Tor releases. All Tor users should upgrade to this release, or
+  to another of the releases coming out today.
+
+  Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
+  2018. If you need a release with long-term support, please stick with
+  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+  o Major bugfixes (security, backport from 0.3.2.6-alpha):
+    - Fix a denial of service bug where an attacker could use a
+      malformed directory object to cause a Tor instance to pause while
+      OpenSSL would try to read a passphrase from the terminal. (Tor
+      instances run without a terminal, which is the case for most Tor
+      packages, are not impacted.) Fixes bug 24246; bugfix on every
+      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+      Found by OSS-Fuzz as testcase 6360145429790720.
+    - Fix a denial of service issue where an attacker could crash a
+      directory authority using a malformed router descriptor. Fixes bug
+      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+      and CVE-2017-8820.
+    - When checking for replays in the INTRODUCE1 cell data for a
+      (legacy) onion service, correctly detect replays in the RSA-
+      encrypted part of the cell. We were previously checking for
+      replays on the entire cell, but those can be circumvented due to
+      the malleability of Tor's legacy hybrid encryption. This fix helps
+      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+      and CVE-2017-8819.
+
+  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
+    - Fix a use-after-free error that could crash v2 Tor onion services
+      when they failed to open circuits while expiring introduction
+      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+      also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+    - When running as a relay, make sure that we never build a path
+      through ourselves, even in the case where we have somehow lost the
+      version of our descriptor appearing in the consensus. Fixes part
+      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+      as TROVE-2017-012 and CVE-2017-8822.
+    - When running as a relay, make sure that we never choose ourselves
+      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
+      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
+
+  o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
+    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+      identifying and finding a workaround to this bug and to Moritz,
+      Arthur Edelstein, and Roger for helping to track it down and
+      analyze it.
+
+  o Minor features (security, windows, backport from 0.3.1.1-alpha):
+    - Enable a couple of pieces of Windows hardening: one
+      (HeapEnableTerminationOnCorruption) that has been on-by-default
+      since Windows 8, and unavailable before Windows 7; and one
+      (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
+      affect us, but shouldn't do any harm. Closes ticket 21953.
+
+  o Minor features (bridge, backport from 0.3.1.9):
+    - Bridges now include notice in their descriptors that they are
+      bridges, and notice of their distribution status, based on their
+      publication settings. Implements ticket 18329. For more fine-
+      grained control of how a bridge is distributed, upgrade to 0.3.2.x
+      or later.
+
+  o Minor features (directory authority, backport from 0.3.2.6-alpha):
+    - Add an IPv6 address for the "bastet" directory authority. Closes
+      ticket 24394.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
+    - Avoid unnecessary calls to directory_fetches_from_authorities() on
+      relays, to prevent spurious address resolutions and descriptor
+      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+      bugfix on in 0.2.8.1-alpha.
+
+  o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
+    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+      Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
+    - When a circuit is marked for close, do not attempt to package any
+      cells for channels on that circuit. Previously, we would detect
+      this condition lower in the call stack, when we noticed that the
+      circuit had no attached channel, and log an annoying message.
+      Fixes bug 8185; bugfix on 0.2.5.4-alpha.
+
+  o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
+    - Avoid a crash when transitioning from client mode to bridge mode.
+      Previously, we would launch the worker threads whenever our
+      "public server" mode changed, but not when our "server" mode
+      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+  o Minor bugfixes (testing, backport from 0.3.1.6-rc):
+    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
+      bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
+
+
+Changes in version 0.3.0.12 - 2017-10-25
+  Tor 0.3.0.12 backports a collection of bugfixes from later Tor release
+  series, including a bugfix for a crash issue that had affected relays
+  under memory pressure. It also adds a new directory authority, Bastet.
+
+  Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
+  2018. If you need a release with long-term support, please stick with
+  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.
+
+  o Directory authority changes:
+    - Add "Bastet" as a ninth directory authority to the default list.
+      Closes ticket 23910.
+    - The directory authority "Longclaw" has changed its IP address.
+      Closes ticket 23592.
+
+  o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
+    - Fix a timing-based assertion failure that could occur when the
+      circuit out-of-memory handler freed a connection's output buffer.
+      Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
+  o Minor features (directory authorities, backport from 0.3.2.2-alpha):
+    - Remove longclaw's IPv6 address, as it will soon change. Authority
+      IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
+      3/8 directory authorities with IPv6 addresses, but there are also
+      52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
+    - When a directory authority rejects a descriptor or extrainfo with
+      a given digest, mark that digest as undownloadable, so that we do
+      not attempt to download it again over and over. We previously
+      tried to avoid downloading such descriptors by other means, but we
+      didn't notice if we accidentally downloaded one anyway. This
+      behavior became problematic in 0.2.7.2-alpha, when authorities
+      began pinning Ed25519 keys. Fixes bug 22349; bugfix
+      on 0.2.1.19-alpha.
+
+  o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
+    - Avoid a possible double close of a circuit by the intro point on
+      error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
+      bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
+    - Clear the address when node_get_prim_orport() returns early.
+      Fixes bug 23874; bugfix on 0.2.8.2-alpha.
+
+  o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
+    - When running as a Windows service, set the ID of the main thread
+      correctly. Failure to do so made us fail to send log messages to
+      the controller in 0.2.1.16-rc, slowed down controller event
+      delivery in 0.2.7.3-rc and later, and crash with an assertion
+      failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
+      Patch and diagnosis from "Vort".
+
+
+Changes in version 0.3.0.11 - 2017-09-18
+  Tor 0.3.0.11 backports a collection of bugfixes from Tor the 0.3.1
+  series.
+
+  Most significantly, it includes a fix for TROVE-2017-008, a
+  security bug that affects hidden services running with the
+  SafeLogging option disabled. For more information, see
+  https://trac.torproject.org/projects/tor/ticket/23490
+
+  o Minor features (code style, backport from 0.3.1.7):
+    - Add "Falls through" comments to our codebase, in order to silence
+      GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+      Stieger. Closes ticket 22446.
+
+  o Minor features:
+    - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation, backport from 0.3.1.7):
+    - Avoid compiler warnings in the unit tests for calling tor_sscanf()
+      with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (controller, backport from 0.3.1.7):
+    - Do not crash when receiving a HSPOST command with an empty body.
+      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+    - Do not crash when receiving a POSTDESCRIPTOR command with an empty
+      body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (file limits, osx, backport from 0.3.1.5-alpha):
+    - When setting the maximum number of connections allowed by the OS,
+      always allow some extra file descriptors for other files. Fixes
+      bug 22797; bugfix on 0.2.0.10-alpha.
+
+  o Minor bugfixes (logging, relay, backport from 0.3.1.6-rc):
+    - Remove a forgotten debugging message when an introduction point
+      successfully establishes a hidden service prop224 circuit with
+      a client.
+    - Change three other log_warn() for an introduction point to
+      protocol warnings, because they can be failure from the network
+      and are not relevant to the operator. Fixes bug 23078; bugfix on
+      0.3.0.1-alpha and 0.3.0.2-alpha.
+
+
+Changes in version 0.3.0.10 - 2017-08-02
+   Tor 0.3.0.10 backports a collection of small-to-medium bugfixes
+   from the current Tor alpha series. OpenBSD users and TPROXY users
+   should upgrade; others are probably okay sticking with 0.3.0.9.
+
+  o Major features (build system, continuous integration, backport from 0.3.1.5-alpha):
+    - Tor's repository now includes a Travis Continuous Integration (CI)
+      configuration file (.travis.yml). This is meant to help new
+      developers and contributors who fork Tor to a Github repository be
+      better able to test their changes, and understand what we expect
+      to pass. To use this new build feature, you must fork Tor to your
+      Github account, then go into the "Integrations" menu in the
+      repository settings for your fork and enable Travis, then push
+      your changes. Closes ticket 22636.
+
+  o Major bugfixes (linux TPROXY support, backport from 0.3.1.1-alpha):
+    - Fix a typo that had prevented TPROXY-based transparent proxying
+      from working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
+      Patch from "d4fq0fQAgoJ".
+
+  o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
+    - Avoid an assertion failure bug affecting our implementation of
+      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+      handling of "0xfoo" differs from what we had expected. Fixes bug
+      22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+  o Minor features (backport from 0.3.1.5-alpha):
+    - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (bandwidth accounting, backport from 0.3.1.2-alpha):
+    - Roll over monthly accounting at the configured hour and minute,
+      rather than always at 00:00. Fixes bug 22245; bugfix on 0.0.9rc1.
+      Found by Andrey Karpov with PVS-Studio.
+
+  o Minor bugfixes (compilation warnings, backport from 0.3.1.5-alpha):
+    - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
+      bugfix on 0.2.8.1-alpha.
+    - Fix warnings when building with libscrypt and openssl scrypt
+      support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
+    - When building with certain versions of the mingw C header files,
+      avoid float-conversion warnings when calling the C functions
+      isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
+    - Backport a fix for an "unused variable" warning that appeared
+      in some versions of mingw. Fixes bug 22838; bugfix on
+      0.2.8.1-alpha.
+
+  o Minor bugfixes (coverity build support, backport from 0.3.1.5-alpha):
+    - Avoid Coverity build warnings related to our BUG() macro. By
+      default, Coverity treats BUG() as the Linux kernel does: an
+      instant abort(). We need to override that so our BUG() macro
+      doesn't prevent Coverity from analyzing functions that use it.
+      Fixes bug 23030; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (directory authority, backport from 0.3.1.1-alpha):
+    - When rejecting a router descriptor for running an obsolete version
+      of Tor without ntor support, warn about the obsolete tor version,
+      not the missing ntor key. Fixes bug 20270; bugfix on 0.2.9.3-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.5-alpha):
+    - Avoid a sandbox failure when trying to re-bind to a socket and
+      mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (unit tests, backport from 0.3.1.5-alpha)
+    - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
+      Fixes bug 22803; bugfix on 0.3.0.1-alpha.
+
+
+Changes in version 0.3.0.9 - 2017-06-29
+  Tor 0.3.0.9 fixes a path selection bug that would allow a client
+  to use a guard that was in the same network family as a chosen exit
+  relay. This is a security regression; all clients running earlier
+  versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9 or
+  0.3.1.4-alpha.
+
+  This release also backports several other bugfixes from the 0.3.1.x
+  series.
+
+  o Major bugfixes (path selection, security, backport from 0.3.1.4-alpha):
+    - When choosing which guard to use for a circuit, avoid the exit's
+      family along with the exit itself. Previously, the new guard
+      selection logic avoided the exit, but did not consider its family.
+      Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
+      006 and CVE-2017-0377.
+
+  o Major bugfixes (entry guards, backport from 0.3.1.1-alpha):
+    - Don't block bootstrapping when a primary bridge is offline and we
+      can't get its descriptor. Fixes bug 22325; fixes one case of bug
+      21969; bugfix on 0.3.0.3-alpha.
+
+  o Major bugfixes (entry guards, backport from 0.3.1.4-alpha):
+    - When starting with an old consensus, do not add new entry guards
+      unless the consensus is "reasonably live" (under 1 day old). Fixes
+      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (voting consistency, backport from 0.3.1.1-alpha):
+    - Reject version numbers with non-numeric prefixes (such as +, -, or
+      whitespace). Disallowing whitespace prevents differential version
+      parsing between POSIX-based and Windows platforms. Fixes bug 21507
+      and part of 21508; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.1.4-alpha):
+    - Permit the fchmod system call, to avoid crashing on startup when
+      starting with the seccomp2 sandbox and an unexpected set of
+      permissions on the data directory or its contents. Fixes bug
+      22516; bugfix on 0.2.5.4-alpha.
+
+  o Minor bugfixes (defensive programming, backport from 0.3.1.4-alpha):
+    - Fix a memset() off the end of an array when packing cells. This
+      bug should be harmless in practice, since the corrupted bytes are
+      still in the same structure, and are always padding bytes,
+      ignored, or immediately overwritten, depending on compiler
+      behavior. Nevertheless, because the memset()'s purpose is to make
+      sure that any other cell-handling bugs can't expose bytes to the
+      network, we need to fix it. Fixes bug 22737; bugfix on
+      0.2.4.11-alpha. Fixes CID 1401591.
+
+
+Changes in version 0.3.0.8 - 2017-06-08
+  Tor 0.3.0.8 fixes a pair of bugs that would allow an attacker to
+  remotely crash a hidden service with an assertion failure. Anyone
+  running a hidden service should upgrade to this version, or to some
+  other version with fixes for TROVE-2017-004 and TROVE-2017-005.
+
+  Tor 0.3.0.8 also includes fixes for several key management bugs
+  that sometimes made relays unreliable, as well as several other
+  bugfixes described below.
+
+  o Major bugfixes (hidden service, relay, security, backport
+    from 0.3.1.3-alpha):
+    - Fix a remotely triggerable assertion failure when a hidden service
+      handles a malformed BEGIN cell. Fixes bug 22493, tracked as
+      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
+    - Fix a remotely triggerable assertion failure caused by receiving a
+      BEGIN_DIR cell on a hidden service rendezvous circuit. Fixes bug
+      22494, tracked as TROVE-2017-005 and CVE-2017-0376; bugfix
+      on 0.2.2.1-alpha.
+
+  o Major bugfixes (relay, link handshake, backport from 0.3.1.3-alpha):
+    - When performing the v3 link handshake on a TLS connection, report
+      that we have the x509 certificate that we actually used on that
+      connection, even if we have changed certificates since that
+      connection was first opened. Previously, we would claim to have
+      used our most recent x509 link certificate, which would sometimes
+      make the link handshake fail. Fixes one case of bug 22460; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (relays, key management, backport from 0.3.1.3-alpha):
+    - Regenerate link and authentication certificates whenever the key
+      that signs them changes; also, regenerate link certificates
+      whenever the signed key changes. Previously, these processes were
+      only weakly coupled, and we relays could (for minutes to hours)
+      wind up with an inconsistent set of keys and certificates, which
+      other relays would not accept. Fixes two cases of bug 22460;
+      bugfix on 0.3.0.1-alpha.
+    - When sending an Ed25519 signing->link certificate in a CERTS cell,
+      send the certificate that matches the x509 certificate that we
+      used on the TLS connection. Previously, there was a race condition
+      if the TLS context rotated after we began the TLS handshake but
+      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
+      on 0.3.0.1-alpha.
+
+  o Major bugfixes (hidden service v3, backport from 0.3.1.1-alpha):
+    - Stop rejecting v3 hidden service descriptors because their size
+      did not match an old padding rule. Fixes bug 22447; bugfix on
+      tor-0.3.0.1-alpha.
+
+  o Minor features (fallback directory list, backport from 0.3.1.3-alpha):
+    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
+      December 2016 (of which ~126 were still functional) with a list of
+      151 fallbacks (32 new, 119 unchanged, 58 removed) generated in May
+      2017. Resolves ticket 21564.
+
+  o Minor bugfixes (configuration, backport from 0.3.1.1-alpha):
+    - Do not crash when starting with LearnCircuitBuildTimeout 0. Fixes
+      bug 22252; bugfix on 0.2.9.3-alpha.
+
+  o Minor bugfixes (correctness, backport from 0.3.1.3-alpha):
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+  o Minor bugfixes (link handshake, backport from 0.3.1.3-alpha):
+    - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
+      months, and regenerate it when it is within one month of expiring.
+      Previously, we had generated this certificate at startup with a
+      ten-year lifetime, but that could lead to weird behavior when Tor
+      was started with a grossly inaccurate clock. Mitigates bug 22466;
+      mitigation on 0.3.0.1-alpha.
+
+  o Minor bugfixes (memory leak, directory authority, backport from
+    0.3.1.2-alpha):
+    - When directory authorities reject a router descriptor due to
+      keypinning, free the router descriptor rather than leaking the
+      memory. Fixes bug 22370; bugfix on 0.2.7.2-alpha.
+
+
+
+Changes in version 0.3.0.7 - 2017-05-15
+  Tor 0.3.0.7 fixes a medium-severity security bug in earlier versions
+  of Tor 0.3.0.x, where an attacker could cause a Tor relay process to
+  exit. Relays running earlier versions of Tor 0.3.0.x should upgrade;
+  clients are not affected.
+
+  o Major bugfixes (hidden service directory, security):
+    - Fix an assertion failure in the hidden service directory code,
+      which could be used by an attacker to remotely cause a Tor relay
+      process to exit. Relays running earlier versions of Tor 0.3.0.x
+      should upgrade. This security issue is tracked as TROVE-2017-002.
+      Fixes bug 22246; bugfix on 0.3.0.1-alpha.
+
+  o Minor features:
+    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (future-proofing):
+    - Tor no longer refuses to download microdescriptors or descriptors
+      if they are listed as "published in the future". This change will
+      eventually allow us to stop listing meaningful "published" dates
+      in microdescriptor consensuses, and thereby allow us to reduce the
+      resources required to download consensus diffs by over 50%.
+      Implements part of ticket 21642; implements part of proposal 275.
+
+  o Minor bugfixes (Linux seccomp2 sandbox):
+    - The getpid() system call is now permitted under the Linux seccomp2
+      sandbox, to avoid crashing with versions of OpenSSL (and other
+      libraries) that attempt to learn the process's PID by using the
+      syscall rather than the VDSO code. Fixes bug 21943; bugfix
+      on 0.2.5.1-alpha.
+
+
+Changes in version 0.3.0.6 - 2017-04-26
+  Tor 0.3.0.6 is the first stable release of the Tor 0.3.0 series.
+
+  With the 0.3.0 series, clients and relays now use Ed25519 keys to
+  authenticate their link connections to relays, rather than the old
+  RSA1024 keys that they used before. (Circuit crypto has been
+  Curve25519-authenticated since 0.2.4.8-alpha.) We have also replaced
+  the guard selection and replacement algorithm to behave more robustly
+  in the presence of unreliable networks, and to resist guard-
+  capture attacks.
+
+  This series also includes numerous other small features and bugfixes,
+  along with more groundwork for the upcoming hidden-services revamp.
+
+  Per our stable release policy, we plan to support the Tor 0.3.0
+  release series for at least the next nine months, or for three months
+  after the first stable release of the 0.3.1 series: whichever is
+  longer. If you need a release with long-term support, we recommend
+  that you stay with the 0.2.9 series.
+
+  Below are the changes since 0.3.0.5-rc. For a list of all changes
+  since 0.2.9, see the ReleaseNotes file.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (control port):
+    - The GETINFO extra-info/digest/<digest> command was broken because
+      of a wrong base16 decode return value check, introduced when
+      refactoring that API. Fixes bug 22034; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (crash prevention):
+    - Fix a (currently untriggerable, but potentially dangerous) crash
+      bug when base32-encoding inputs whose sizes are not a multiple of
+      5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
+
+
+Changes in version 0.3.0.5-rc - 2017-04-05
+  Tor 0.3.0.5-rc fixes a few remaining bugs, large and small, in the
+  0.3.0 release series.
+
+  This is the second release candidate in the Tor 0.3.0 series, and has
+  much fewer changes than the first. If we find no new bugs or
+  regressions here, the first stable 0.3.0 release will be nearly
+  identical to it.
+
+  o Major bugfixes (crash, directory connections):
+    - Fix a rare crash when sending a begin cell on a circuit whose
+      linked directory connection had already been closed. Fixes bug
+      21576; bugfix on 0.2.9.3-alpha. Reported by Alec Muffett.
+
+  o Major bugfixes (guard selection):
+    - Fix a guard selection bug where Tor would refuse to bootstrap in
+      some cases if the user swapped a bridge for another bridge in
+      their configuration file. Fixes bug 21771; bugfix on 0.3.0.1-alpha.
+      Reported by "torvlnt33r".
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfix (compilation):
+    - Fix a warning when compiling hs_service.c. Previously, it had no
+      exported symbols when compiled for libor.a, resulting in a
+      compilation warning from clang. Fixes bug 21825; bugfix
+      on 0.3.0.1-alpha.
+
+  o Minor bugfixes (hidden services):
+    - Make hidden services check for failed intro point connections,
+      even when they have exceeded their intro point creation limit.
+      Fixes bug 21596; bugfix on 0.2.7.2-alpha. Reported by Alec Muffett.
+    - Make hidden services with 8 to 10 introduction points check for
+      failed circuits immediately after startup. Previously, they would
+      wait for 5 minutes before performing their first checks. Fixes bug
+      21594; bugfix on 0.2.3.9-alpha. Reported by Alec Muffett.
+
+  o Minor bugfixes (memory leaks):
+    - Fix a memory leak when using GETCONF on a port option. Fixes bug
+      21682; bugfix on 0.3.0.3-alpha.
+
+  o Minor bugfixes (relay):
+    - Avoid a double-marked-circuit warning that could happen when we
+      receive DESTROY cells under heavy load. Fixes bug 20059; bugfix
+      on 0.1.0.1-rc.
+
+  o Minor bugfixes (tests):
+    - Run the entry_guard_parse_from_state_full() test with the time set
+      to a specific date. (The guard state that this test was parsing
+      contained guards that had expired since the test was first
+      written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha.
+
+  o Documentation:
+    - Update the description of the directory server options in the
+      manual page, to clarify that a relay no longer needs to set
+      DirPort in order to be a directory cache. Closes ticket 21720.
+
+
+Changes in version 0.3.0.4-rc - 2017-03-01
+  Tor 0.3.0.4-rc fixes some remaining bugs, large and small, in the
+  0.3.0 release series, and introduces a few reliability features to
+  keep them from coming back.
+
+  This is the first release candidate in the Tor 0.3.0 series. If we
+  find no new bugs or regressions here, the first stable 0.3.0 release
+  will be nearly identical to it.
+
+  o Major bugfixes (bridges):
+    - When the same bridge is configured multiple times with the same
+      identity, but at different address:port combinations, treat those
+      bridge instances as separate guards. This fix restores the ability
+      of clients to configure the same bridge with multiple pluggable
+      transports. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
+
+  o Major bugfixes (hidden service directory v3):
+    - Stop crashing on a failed v3 hidden service descriptor lookup
+      failure. Fixes bug 21471; bugfixes on tor-0.3.0.1-alpha.
+
+  o Major bugfixes (parsing):
+    - When parsing a malformed content-length field from an HTTP
+      message, do not read off the end of the buffer. This bug was a
+      potential remote denial-of-service attack against Tor clients and
+      relays. A workaround was released in October 2016, to prevent this
+      bug from crashing Tor. This is a fix for the underlying issue,
+      which should no longer matter (if you applied the earlier patch).
+      Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
+      using AFL (http://lcamtuf.coredump.cx/afl/).
+    - Fix an integer underflow bug when comparing malformed Tor
+      versions. This bug could crash Tor when built with
+      --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
+      0.2.9.8, which were built with -ftrapv by default. In other cases
+      it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
+      on 0.0.8pre1. Found by OSS-Fuzz.
+
+  o Minor feature (protocol versioning):
+    - Add new protocol version for proposal 224. HSIntro now advertises
+      version "3-4" and HSDir version "1-2". Fixes ticket 20656.
+
+  o Minor features (directory authorities):
+    - Directory authorities now reject descriptors that claim to be
+      malformed versions of Tor. Helps prevent exploitation of
+      bug 21278.
+    - Reject version numbers with components that exceed INT32_MAX.
+      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
+      Fixes bug 21450; bugfix on 0.0.8pre1.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (reliability, crash):
+    - Try better to detect problems in buffers where they might grow (or
+      think they have grown) over 2 GB in size. Diagnostic for
+      bug 21369.
+
+  o Minor features (testing):
+    - During 'make test-network-all', if tor logs any warnings, ask
+      chutney to output them. Requires a recent version of chutney with
+      the 21572 patch. Implements 21570.
+
+  o Minor bugfixes (certificate expiration time):
+    - Avoid using link certificates that don't become valid till some
+      time in the future. Fixes bug 21420; bugfix on 0.2.4.11-alpha
+
+  o Minor bugfixes (code correctness):
+    - Repair a couple of (unreachable or harmless) cases of the risky
+      comparison-by-subtraction pattern that caused bug 21278.
+    - Remove a redundant check for the UseEntryGuards option from the
+      options_transition_affects_guards() function. Fixes bug 21492;
+      bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (directory mirrors):
+    - Allow relays to use directory mirrors without a DirPort: these
+      relays need to be contacted over their ORPorts using a begindir
+      connection. Fixes one case of bug 20711; bugfix on 0.2.8.2-alpha.
+    - Clarify the message logged when a remote relay is unexpectedly
+      missing an ORPort or DirPort: users were confusing this with a
+      local port. Fixes another case of bug 20711; bugfix
+      on 0.2.8.2-alpha.
+
+  o Minor bugfixes (guards):
+    - Don't warn about a missing guard state on timeout-measurement
+      circuits: they aren't supposed to be using guards. Fixes an
+      instance of bug 21007; bugfix on 0.3.0.1-alpha.
+    - Silence a BUG() warning when attempting to use a guard whose
+      descriptor we don't know, and make this scenario less likely to
+      happen. Fixes bug 21415; bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (hidden service):
+    - Pass correct buffer length when encoding legacy ESTABLISH_INTRO
+      cells. Previously, we were using sizeof() on a pointer, instead of
+      the real destination buffer. Fortunately, that value was only used
+      to double-check that there was enough room--which was already
+      enforced elsewhere. Fixes bug 21553; bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (testing):
+    - Fix Raspbian build issues related to missing socket errno in
+      test_util.c. Fixes bug 21116; bugfix on tor-0.2.8.2. Patch
+      by "hein".
+    - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
+      actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
+    - Use bash in src/test/test-network.sh. This ensures we reliably
+      call chutney's newer tools/test-network.sh when available. Fixes
+      bug 21562; bugfix on 0.2.9.1-alpha.
+
+  o Documentation:
+    - Small fixes to the fuzzing documentation. Closes ticket 21472.
+
+
+Changes in version 0.2.9.10 - 2017-03-01
+  Tor 0.2.9.10 backports a security fix from later Tor release.  It also
+  includes fixes for some major issues affecting directory authorities,
+  LibreSSL compatibility, and IPv6 correctness.
+
+  The Tor 0.2.9.x release series is now marked as a long-term-support
+  series.  We intend to backport security fixes to 0.2.9.x until at
+  least January of 2020.
+
+  o Major bugfixes (directory authority, 0.3.0.3-alpha):
+    - During voting, when marking a relay as a probable sybil, do not
+      clear its BadExit flag: sybils can still be bad in other ways
+      too. (We still clear the other flags.) Fixes bug 21108; bugfix
+      on 0.2.0.13-alpha.
+
+  o Major bugfixes (IPv6 Exits, backport from 0.3.0.3-alpha):
+    - Stop rejecting all IPv6 traffic on Exits whose exit policy rejects
+      any IPv6 addresses. Instead, only reject a port over IPv6 if the
+      exit policy rejects that port on more than an IPv6 /16 of
+      addresses. This bug was made worse by 17027 in 0.2.8.1-alpha,
+      which rejected a relay's own IPv6 address by default. Fixes bug
+      21357; bugfix on commit 004f3f4e53 in 0.2.4.7-alpha.
+
+  o Major bugfixes (parsing, also in 0.3.0.4-rc):
+    - Fix an integer underflow bug when comparing malformed Tor
+      versions. This bug could crash Tor when built with
+      --enable-expensive-hardening, or on Tor 0.2.9.1-alpha through Tor
+      0.2.9.8, which were built with -ftrapv by default. In other cases
+      it was harmless. Part of TROVE-2017-001. Fixes bug 21278; bugfix
+      on 0.0.8pre1. Found by OSS-Fuzz.
+
+  o Minor features (directory authorities, also in 0.3.0.4-rc):
+    - Directory authorities now reject descriptors that claim to be
+      malformed versions of Tor. Helps prevent exploitation of
+      bug 21278.
+    - Reject version numbers with components that exceed INT32_MAX.
+      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
+      Fixes bug 21450; bugfix on 0.0.8pre1.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (portability, compilation, backport from 0.3.0.3-alpha):
+    - Autoconf now checks to determine if OpenSSL structures are opaque,
+      instead of explicitly checking for OpenSSL version numbers. Part
+      of ticket 21359.
+    - Support building with recent LibreSSL code that uses opaque
+      structures. Closes ticket 21359.
+
+  o Minor bugfixes (code correctness, also in 0.3.0.4-rc):
+    - Repair a couple of (unreachable or harmless) cases of the risky
+      comparison-by-subtraction pattern that caused bug 21278.
+
+  o Minor bugfixes (tor-resolve, backport from 0.3.0.3-alpha):
+    - The tor-resolve command line tool now rejects hostnames over 255
+      characters in length. Previously, it would silently truncate them,
+      which could lead to bugs. Fixes bug 21280; bugfix on 0.0.9pre5.
+      Patch by "junglefowl".
 
 
 Changes in version 0.3.0.3-alpha - 2017-02-03

changes/bastet_v6

@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Add an IPv6 address for the "bastet" directory authority.
-      Closes ticket 24394.
-

changes/bug15582

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Avoid compiler warnings in the unit tests for running tor_sscanf()
-      with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
-

changes/bug18100

@@ -1,5 +0,0 @@
-  o Major bugfixes (linux TPROXY support):
-    - Fix a typo that had prevented TPROXY-based transparent proxying from
-      working under Linux. Fixes bug 18100; bugfix on 0.2.6.3-alpha.
-      Patch from "d4fq0fQAgoJ".
-

changes/bug18329-minimal

@@ -1,6 +0,0 @@
-  o Minor features (bridge):
-    - Bridges now include notice in their descriptors that they are bridges,
-      and notice of their distribution status, based on their publication
-      settings.  Implements ticket 18329.  For more fine-grained control of
-      how a bridge is distributed, upgrade to 0.3.2.x or later.
-

changes/bug20059

@@ -1,3 +0,0 @@
-  o Minor bugfixes (relay):
-    - Avoid a double-marked-circuit warning that can happen when we receive
-      DESTROY cells under heavy load. Fixes bug 20059; bugfix on 0.1.0.1-rc.

changes/bug20247

@@ -1,4 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox):
-    - Avoid a sandbox failure when trying to re-bind to a socket and mark
-      it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
-

changes/bug20270

@@ -1,6 +0,0 @@
-  o Minor bugfixes (directory authority):
-    - When rejecting a router descriptor because the relay is running an
-      obsolete version of Tor without ntor support, warn about the obsolete
-      tor version, not the missing ntor key. Fixes bug 20270;
-      bugfix on 0.2.9.3-alpha.
-

changes/bug20509

@@ -1,5 +0,0 @@
-  o Minor features:
-    - Directory authorities now reject relays running versions
-      0.2.9.1-alpha through 0.2.9.4-alpha, because those relays
-      suffer from bug 20499 and don't keep their consensus cache
-      up-to-date. Resolves ticket 20509.

changes/bug20711

@@ -1,7 +0,0 @@
-  o Minor bugfixes (directory mirrors):
-    - Allow relays to use directory mirrors without a DirPort: these relays
-      need to be contacted over their ORPorts using a begindir connection.
-      Fixes bug 20711; bugfix on 0.2.8.2-alpha.
-    - Clarify the message logged when a remote relay is unexpectedly missing
-      an ORPort or DirPort: users were confusing this with a local port.
-      Fixes bug 20711; bugfix on 0.2.8.2-alpha.

changes/bug20894

@@ -1,9 +0,0 @@
-  o Major bugfixes (HTTP, parsing):
-    - When parsing a malformed content-length field from an HTTP message,
-      do not read off the end of the buffer. This bug was a potential
-      remote denial-of-service attack against Tor clients and relays.
-      A workaround was released in October 2016, which prevents this
-      bug from crashing Tor. This is a fix for the underlying issue,
-      which should no longer matter (if you applied the earlier patch).
-      Fixes bug 20894; bugfix on 0.2.0.16-alpha. Bug found by fuzzing
-      using AFL (http://lcamtuf.coredump.cx/afl/).

changes/bug21007_case2

@@ -1,4 +0,0 @@
-  o Minor bugfixes (guards):
-    - Don't warn about a missing guard state on timeout-measurement
-      circuits: they aren't supposed to be using guards. Fixes an
-      instance of bug 21007; bugfix on 0.3.0.1-alpha.

changes/bug21027

@@ -1,8 +0,0 @@
-  o Major bugfixes (bridges):
-
-    - When the same bridge is configured multiple times at different
-      address:port combinations (but with the same identity), treat
-      those bridge instances as separate guards. This allows clients to
-      configure the same bridge with multiple pluggable transports, once
-      again. Fixes bug 21027; bugfix on 0.3.0.1-alpha.
-

changes/bug21116

@@ -1,3 +0,0 @@
-  o Minor bugfixes (test):
-    - Fix Raspbian build missing socket errno in test util. Fixes bug 21116.;
-      bugfix on tor-0.2.8.2. Patch by "hein".

changes/bug21278_extras

@@ -1,3 +0,0 @@
-  o Minor bugfixes (code correctness):
-    - Repair a couple of (unreachable or harmless) cases of the risky
-      comparison-by-subtraction pattern that caused bug 21278.

changes/bug21278_prevention

@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Directory authorities now reject descriptors that claim to be
-      malformed versions of Tor. Helps prevent exploitation of bug 21278.
-      

changes/bug21369_check

@@ -1,3 +0,0 @@
-  o Minor features (reliability, crash):
-    - Try better to detect problems in buffers where they might grow (or
-      think they have grown) over 2 GB in size. Diagnostic for bug 21369.

changes/bug21394

@@ -1,9 +0,0 @@
-  o Major bugfixes (Exit nodes):
-    - Fix an issue causing high-bandwidth exit nodes to fail a majority
-      or all of their DNS requests, making them basically unsuitable for
-      regular usage in Tor circuits. The problem is related to
-      libevent's DNS handling, but we can work around it in Tor. Fixes
-      bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
-      eventdns. Credit goes to Dhalgren for identifying and finding a
-      workaround to this bug and to gamambel, arthuredelstein and
-      arma in helping to track it down and analyze it.

changes/bug21415

@@ -1,4 +0,0 @@
-  o Minor bugfix (entry guards):
-    - Silence a BUG() warning when attempting to use a guard whose descriptor
-      we don't know and make this scenario more unlikely to happen. Fixes bug
-      21415; bugfix on 0.3.0.1-alpha.

changes/bug21420

@@ -1,3 +0,0 @@
-  o Minor bugfixes (certificate expiration time):
-    - Avoid using link certificates that don't become valid till
-      some time in the future.  Fixes bug 21420; bugfix on 0.2.4.11-alpha

changes/bug21447

@@ -1,4 +0,0 @@
-  o Minor bugfixes (testing):
-    - Rename "make fuzz" to "make test-fuzz-corpora", since it doesn't
-      actually fuzz anything. Fixes bug 21447; bugfix on 0.3.0.3-alpha.
-

changes/bug21450

@@ -1,4 +0,0 @@
-  o Minor bugfixes (voting consistency):
-    - Reject version numbers with components that exceed INT32_MAX.
-      Otherwise 32-bit and 64-bit platforms would behave inconsistently.
-      Fixes bug 21450; bugfix on 0.0.8pre1.

changes/bug21471

@@ -1,5 +0,0 @@
-  o Major bugfixes (hidden service directory v3):
-    - When a descriptor lookup was done and it was not found in the directory
-      cache, it would crash on a NULL pointer instead of returning the 404
-      code back to the client like it was suppose to. Fixes bug 21471.;
-      bugfixes on tor-0.3.0.1-alpha.

changes/bug21472

@@ -1,3 +0,0 @@
-  o Documentation:
-    - Small fixes to the fuzzing documentation. Closes ticket
-      21472.

changes/bug21492

@@ -1,5 +0,0 @@
-  o Minor bugfixes (correctness):
-    - Remove a redundant check for the UseEntryGuards option from the
-      options_transition_affects_guards() function. Fixes bug 21492;
-      bugfix on 0.3.0.1-alpha.
-

changes/bug21507

@@ -1,5 +0,0 @@
-  o Minor bugfixes (voting consistency):
-    - Reject version numbers with non-numeric prefixes (such as +, -, and
-      whitespace). Disallowing whitespace prevents differential version
-      parsing between POSIX-based and Windows platforms.
-      Fixes bug 21507 and part of 21508; bugfix on 0.0.8pre1.

changes/bug21553

@@ -1,7 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - When encoding a legacy ESTABLISH_INTRO cell, we were using the sizeof()
-      on a pointer instead of real size of the destination buffer leading to
-      an overflow passing an enormous value to the signing digest function.
-      Fortunately, that value was only used to make sure the destination
-      buffer length was big enough for the key size and in this case it was.
-      Fixes bug 21553; bugfix on tor-0.3.0.1-alpha.

changes/bug21562

@@ -1,4 +0,0 @@
-  o Minor bugfixes (testing):
-    - Use bash in src/test/test-network.sh. This ensures we reliably call
-      chutney's newer tools/test-network.sh when available.
-      Fixes bug 21562; bugfix on tor-0.2.9.1-alpha.

changes/bug21576

@@ -1,4 +0,0 @@
-  o Major bugfixes (crash, directory connections):
-    - Fix a rare crash when sending a begin cell on a circuit whose linked
-      directory connection has already been closed. Fixes bug 21576;
-      bugfix on Tor 0.2.9.3-alpha. Reported by alecmuffett.

changes/bug21581

@@ -1,5 +0,0 @@
-  o Minor bugfixes (testing):
-    - Restore support for test-network.sh on BSD and other systems without
-      bash. (But use bash if it's available.) This is a workaround until we
-      remove bash-specific code in 19699.
-      Fixes bug 21581; bugfix on 21562, not in any released version of tor.

changes/bug21594

@@ -1,5 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - Make hidden services with 8 to 10 introduction points check for failed
-      circuits immediately after startup. Previously, they would wait for 5
-      minutes before performing their first checks. Fixes bug 21594; bugfix on
-      commit 190aac0eab9 in Tor 0.2.3.9-alpha. Reported by alecmuffett.

changes/bug21596

@@ -1,5 +0,0 @@
-  o Minor bugfixes (hidden services):
-    - Make hidden services check for failed intro point connections, even when
-      they have exceeded their intro point creation limit. Fixes bug 21596;
-      bugfix on commit d67bf8b2f23 in Tor 0.2.7.2-alpha. Reported by
-      alecmuffett.

changes/bug21682

@@ -1,3 +0,0 @@
-  o Minor bugfixes (memory leaks):
-    - Fix a memory leak when using GETCONF on a port option.
-      Fixes bug 21682; bugfix on 0.3.0.3-alpha.

changes/bug21720

@@ -1,5 +0,0 @@
-  o Documentation:
-    - Update the description of the directory server options in the manual
-      page, to clarify that DirPort is no longer necessary to be a directory
-      cache.  Closes ticket 21720.
-

changes/bug21771

@@ -1,5 +0,0 @@
-  o Minor bugfixes (guard selection):
-    - Fix a guard selection bug where Tor would refuse to bootstrap in some
-      cases if the user swapped a bridge for another bridge in their
-      configuration file.
-      Fixes bug 21771; bugfix on 0.3.0.1-alpha. Reported by "torvlnt33r".

changes/bug21799

@@ -1,6 +0,0 @@
-  o Minor bugfixes (tests):
-    - Run the entry_guard_parse_from_state_full test with the time set
-      to a specific date.  (The guard state that this test was parsing
-      contained guards that had expired since the test was first
-      written.) Fixes bug 21799; bugfix on 0.3.0.1-alpha.
-

changes/bug21825

@@ -1,6 +0,0 @@
-  o Minor bugfix (compilation):
-    - Functions in hs_service.c was only compiled for unit test making the
-      created object (.o) contain no symbols in src/or/libor.a resulting in a
-      compilation warning from clang. We now expose those functions for the
-      unit tests. This will be changed in 0.3.2 release. Fixes bug 21825.;
-      bugfix on tor-0.3.0.1-alpha.

changes/bug21894_029

@@ -1,5 +0,0 @@
-  o Minor bugfixes (crash prevention):
-    - Fix an (currently untriggerable, but potentially dangerous) crash
-      bug when base32-encoding inputs whose sizes are not a multiple of
-      5. Fixes bug 21894; bugfix on 0.2.9.1-alpha.
-

changes/bug21943

@@ -1,6 +0,0 @@
-  o Minor bugfixes (Linux seccomp2 sandbox):
-    - The getpid() system call is now permitted under the Linux seccomp2
-      sandbox, to avoid crashing with versions of OpenSSL (and other
-      libraries) that attempt to learn the process's PID by using the
-      syscall rather than the VDSO code. Fixes bug 21943; bugfix on
-      0.2.5.1-alpha.

changes/bug21969

@@ -1,3 +0,0 @@
-  o Major bugfixes (entry guards):
-    - Don't block bootstrapping when a primary bridge is offline and we can't
-      get its descriptor. Fixes bug 21969; bugfix on 0.3.0.3-alpha.

changes/bug22034

@@ -1,4 +0,0 @@
-  o Minor bugfixes (control port, regression):
-    - The GETINFO extra-info/digest/<digest> command was broken because of a
-      wrong base16 decode return value check. In was introduced in a refactor
-      of that API. Fixex bug #22034; bugfix on tor-0.2.9.1-alpha.

changes/bug22245

@@ -1,5 +0,0 @@
-  o Minor bugfixes (bandwidth accounting):
-    - Roll over monthly accounting at the configured hour and minute,
-      rather than always at 00:00.
-      Fixes bug 22245; bugfix on 0.0.9rc1.
-      Found by Andrey Karpov with PVS-Studio.

changes/bug22246

@@ -1,6 +0,0 @@
-  o Major bugfixes (hidden service directory, security):
-    - Fix an assertion failure in the hidden service directory code, which
-      could be used by an attacker to remotely cause a Tor relay process to
-      exit. Relays running earlier versions of Tor 0.3.0.x should upgrade.
-      This security issue is tracked as tracked as
-      TROVE-2017-002. Fixes bug 22246; bugfix on 0.3.0.1-alpha.

changes/bug22252

@@ -1,3 +0,0 @@
-  o Minor bugfixes (configuration):
-    - Do not crash when starting with LearnCircuitBuildTimeout 0.
-      Fixes bug 22252; bugfix on 0.2.9.3-alpha.

changes/bug22349

@@ -1,9 +0,0 @@
-  o Minor bugfixes (directory authority):
-    - When a directory authority rejects a descriptor or extrainfo with
-      a given digest, mark that digest as undownloadable, so that we
-      do not attempt to download it again over and over. We previously
-      tried to avoid downloading such descriptors by other means, but
-      we didn't notice if we accidentally downloaded one anyway. This
-      behavior became problematic in 0.2.7.2-alpha, when authorities
-      began pinning Ed25519 keys. Fixes ticket
-      22349; bugfix on 0.2.1.19-alpha.

changes/bug22370

@@ -1,4 +0,0 @@
-  o Minor bugfixes (memory handling):
-    - When directory authorities reject a router descriptor due to keypinning,
-      free the router descriptor rather than leaking the memory.
-      Fixes bug 22370; bugfix on 0.2.7.2-alpha.

changes/bug22400_01

@@ -1,4 +0,0 @@
-  o Major bugfixes (entry guards):
-    - When starting with an old consensus, do not add new entry guards
-      unless the consensus is "reasonably live" (under 1 day old). Fixes
-      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.

changes/bug22446

@@ -1,4 +0,0 @@
-  o Minor features (code style, backport from 0.3.1.3-alpha):
-    - Add "Falls through" comments to our codebase, in order to silence
-      GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
-      Stieger. Closes ticket 22446.

changes/bug22447

@@ -1,3 +0,0 @@
-  o Major bugfixes (hidden service v3):
-    - HSDir failed to validate the encrypted size of a v3 descriptor and thus
-      rejecting it. Fixes bug 22447; bugfix on tor-0.3.0.1-alpha.

changes/bug22460_case1

@@ -1,16 +0,0 @@
-  o Major bugfixes (relays, key management):
-    - Regenerate link and authentication certificates whenever the key that
-      signs them changes; also, regenerate link certificates whenever the
-      signed key changes. Previously, these processes were only weakly
-      coupled, and we relays could (for minutes to hours) wind up with an
-      inconsistent set of keys and certificates, which other relays
-      would not accept. Fixes two cases of bug 22460; bugfix on
-      0.3.0.1-alpha.
-    - When sending an Ed25519 signing->link certificate in a CERTS cell,
-      send the certificate that matches the x509 certificate that we used
-      on the TLS connection. Previously, there was a race condition if
-      the TLS context rotated after we began the TLS handshake but
-      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
-      on 0.3.0.1-alpha.
-
-

changes/bug22460_case2

@@ -1,8 +0,0 @@
-  o Major bugfixes (relay, link handshake):
-
-    - When performing the v3 link handshake on a TLS connection, report that
-      we have the x509 certificate that we actually used on that connection,
-      even if we have changed certificates since that connection was first
-      opened. Previously, we would claim to have used our most recent x509
-      link certificate, which would sometimes make the link handshake fail.
-      Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.

changes/bug22466_regenerate

@@ -1,8 +0,0 @@
-  o Minor bugfixes (link handshake):
-    - Lower the lifetime of the RSA->Ed25519 cross-certificate to
-      six months, and regenerate it when it is within one month of expiring.
-      Previously, we had generated this certificate at startup with
-      a ten-year lifetime, but that could lead to weird behavior when
-      Tor was started with a grossly inaccurate clock. Mitigates
-      bug 22466; mitigation on 0.3.0.1-alpha.
-

changes/bug22490

@@ -1,3 +0,0 @@
-  o Minor bugfixes (correctness):
-    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
-      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.

changes/bug22516

@@ -1,5 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox):
-    - Permit the fchmod system call, to avoid crashing on startup when
-      starting with the seccomp2 sandbox and an unexpected set of permissions
-      on the data directory or its contents. Fixes bug 22516; bugfix on
-      0.2.5.4-alpha.

changes/bug22636

@@ -1,8 +0,0 @@
- o Build features:
-   - Tor's repository now includes a Travis Continuous Integration (CI)
-     configuration file (.travis.yml). This is meant to help new developers and
-     contributors who fork Tor to a Github repository be better able to test
-     their changes, and understand what we expect to pass. To use this new build
-     feature, you must fork Tor to your Github account, then go into the
-     "Integrations" menu in the repository settings for your fork and enable
-     Travis, then push your changes.

changes/bug22644

@@ -1,5 +0,0 @@
-  o Minor bugfixes (controller):
-    - Do not crash when receiving a POSTDESCRIPTOR command with an
-      empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
-    - Do not crash when receiving a HSPOST command with an empty body.
-      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.

changes/bug22737

@@ -1,12 +0,0 @@
-  o Minor bugfixes (defensive programming, undefined behavior):
-
-    - Fix a memset() off the end of an array when packing cells.  This
-      bug should be harmless in practice, since the corrupted bytes
-      are still in the same structure, and are always padding bytes,
-      ignored, or immediately overwritten, depending on compiler
-      behavior. Nevertheless, because the memset()'s purpose is to
-      make sure that any other cell-handling bugs can't expose bytes
-      to the network, we need to fix it. Fixes bug 22737; bugfix on
-      0.2.4.11-alpha. Fixes CID 1401591.
-
-

changes/bug22753

@@ -1,7 +0,0 @@
-  o Major bugfixes (path selection, security):
-    - When choosing which guard to use for a circuit, avoid the
-      exit's family along with the exit itself. Previously, the new
-      guard selection logic avoided the exit, but did not consider
-      its family.  Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
-      as TROVE-2016-006 and CVE-2017-0377.
-

changes/bug22789

@@ -1,7 +0,0 @@
-  o Major bugfixes (openbsd, denial-of-service):
-    - Avoid an assertion failure bug affecting our implementation of
-      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
-      handling of "0xfoo" differs from what we had expected.
-      Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as
-      TROVE-2017-007.
-

changes/bug22797

@@ -1,4 +0,0 @@
-  o Minor bugfixes (file limits):
-    - When setting the maximum number of connections allowed by the OS,
-      always allow some extra file descriptors for other files.
-      Fixes bug 22797; bugfix on 0.2.0.10-alpha.

changes/bug22801

@@ -1,5 +0,0 @@
-  o Minor bugfixes (compilation):
-    - When building with certain versions the mingw C header files, avoid
-      float-conversion warnings when calling the C functions isfinite(),
-      isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
-

changes/bug22803

@@ -1,3 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
-      Fixes bug 22803; bugfix on 0.3.0.1-alpha.

changes/bug22838_028

@@ -1,5 +0,0 @@
-  o Minor bugfixes (compilation, mingw, backport from 0.3.1.1-alpha):
-    - Backport a fix for an "unused variable" warning that appeared
-      in some versions of mingw. Fixes bug 22838; bugfix on
-      0.2.8.1-alpha.
-

changes/bug22915

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation warnings):
-    - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
-      bugfix on 0.2.8.1-alpha.

changes/bug22916_027

@@ -1,3 +0,0 @@
-  o Minor bugfixes (Compilation):
-    - Fix warnings when building with libscrypt and openssl scrypt support
-      on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.

changes/bug23030_029

@@ -1,7 +0,0 @@
-  o Minor bugfixes (coverity builds):
-    - Avoid Coverity build warnings related to our BUG() macro. By
-      default, Coverity treats BUG() as the Linux kernel does: an
-      instant abort(). We need to override that so our BUG() macro
-      doesn't prevent Coverity from analyzing functions that use it.
-      Fixes bug 23030; bugfix on 0.2.9.1-alpha.
-

changes/bug23078

@@ -1,7 +0,0 @@
-  o Minor bugfixes (logging, relay):
-    - Remove a log_warn() that has been forgotten when an introduction point
-      successfully established a hidden service prop224 circuit with a client.
-    - Three other log_warn() for an introduction point have been changed to
-      protocol warning because they can be failure from the network and are
-      not relevant to the operator. Fixes bug 23078; bugfix on
-      tor-0.3.0.1-alpha and tor-0.3.0.2-alpha.

changes/bug23081

@@ -1,8 +0,0 @@
-  o Minor bugfixes (Windows service):
-    - When running as a Windows service, set the ID of the main thread
-      correctly. Failure to do so made us fail to send log messages
-      to the controller in 0.2.1.16-rc, slowed down controller
-      event delivery in 0.2.7.3-rc and later, and crash with an assertion
-      failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
-      Patch and diagnosis from "Vort".
-

changes/bug23291

@@ -1,3 +0,0 @@
-  o Minor bugfixes (testing):
-    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on
-      0.2.7.2-alpha. Found and patched by Ties Stuij.

changes/bug23470

@@ -1,6 +0,0 @@
-  o Minor bugfix (relay address resolution):
-    - Avoid unnecessary calls to directory_fetches_from_authorities()
-      on relays. This avoids spurious address resolutions and
-      descriptor rebuilds. This is a mitigation for 21789. The original
-      bug was introduced in commit 35bbf2e as part of prop210.
-      Fixes 23470 in 0.2.8.1-alpha.

changes/bug23610

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden service, relay):
-    - Avoid a possible double close of a circuit by the intro point on error
-      of sending the INTRO_ESTABLISHED cell. Fixes ticket 23610; bugfix on
-      0.3.0.1-alpha.

changes/bug23690

@@ -1,5 +0,0 @@
-  o Major bugfixes (relay, crash, assertion failure):
-    - Fix a timing-based assertion failure that could occur when the
-      circuit out-of-memory handler freed a connection's output buffer.
-      Fixes bug 23690; bugfix on 0.2.6.1-alpha.
-

changes/bug23693

@@ -1,6 +0,0 @@
-  o Minor bugfixes (relay, crash):
-    - Avoid a crash when transitioning from client mode to bridge mode.
-      Previously, we would launch the worker threads whenever our "public
-      server" mode changed, but not when our "server" mode changed.
-      Fixes bug 23693; bugfix on 0.2.6.3-alpha.
-

changes/bug23874

@@ -1,3 +0,0 @@
-  o Minor bugfixes (memory safety):
-    - Clear the address when node_get_prim_orport() returns early.
-      Fixes bug 23874; bugfix on 0.2.8.2-alpha.

changes/bug24313

@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden service v2):
-    - Fix a use-after-free error that could crash v2 Tor hidden services
-      when it failed to open circuits while expiring introductions
-      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha.  This
-      issue is also tracked as TROVE-2017-013 and CVE-2017-8823.

changes/bug8185_025

@@ -1,6 +0,0 @@
-  o Minor bugfixes (logging, relay shutdown, annoyance):
-    - When a circuit is marked for close, do not attempt to package any cells
-      for channels on that circuit. Previously, we would detect this
-      condition lower in the call stack, when we noticed that the circuit had
-      no attached channel, and log an annoying message. Fixes bug 8185;
-      bugfix on 0.2.5.4-alpha.

changes/feature21570

@@ -1,5 +0,0 @@
-  o Minor features (testing):
-    - During 'make test-network-all', if tor logs any warnings, ask chutney
-      to output them. Requires a recent version of chutney with the 21572
-      patch.
-      Implements 21570.

changes/geoip-2017-11-06

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-april2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the April 4 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-august2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-february2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the February 8 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-july2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-june2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-march2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the March 7 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-may2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the May 2 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-october2017

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-september2017

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
-      Country database.
-

changes/longclaw-ipv6

@@ -1,6 +0,0 @@
-  o Minor features (directory authorities):
-    - Remove longclaw's IPv6 address, as it will soon change.
-      Authority IPv6 addresses were originally added in 0.2.8.1-alpha.
-      This leaves 3/8 directory authorities with IPv6 addresses, but there
-      are also 52 fallback directory mirrors with IPv6 addresses.
-      Resolves 19760.

changes/longclaw_23592

@@ -1,3 +0,0 @@
-  o Directory authority changes:
-    - The directory authority "Longclaw" has changed its IP address.
-      Closes ticket 23592.

changes/prop275-minimal

@@ -1,9 +0,0 @@
-  o Minor features (future-proofing):
-
-    - Tor no longer refuses to download microdescriptors or descriptors if
-      they are listed as "published in the future".  This change will
-      eventually allow us to stop listing meaningful "published" dates
-      in microdescriptor consensuses, and thereby allow us to reduce the
-      resources required to download consensus diffs by over 50%.
-      Implements part of ticket 21642; implements part of proposal 275.
-

changes/ticket20656

@@ -1,3 +0,0 @@
-  o Minor feature (protover):
-    - Add new protocol version for proposal 224. HSIntro now advertises
-      version "3-4" and HSDir version "1-2". Fixes ticket 20656.

changes/ticket21564

@@ -1,6 +0,0 @@
-  o Minor features (fallback directory list):
-    - Replace the 177 fallbacks originally introduced in Tor 0.2.9.8 in
-      December 2016 (of which ~126 were still functional), with a list of
-      151 fallbacks (32 new, 119 existing, 58 removed) generated in
-      May 2017.
-      Resolves ticket 21564.

changes/ticket21953

@@ -1,6 +0,0 @@
-  o Minor features:
-    - Enable a couple of pieces of Windows hardening: one
-      (HeapEnableTerminationOnCorruption) that has been on-by-default since
-      Windows 8, and unavailable before Windows 7, and one
-      (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
-      affect us, but shouldn't do any harm. Closes ticket 21953.

changes/ticket22895

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
-      Fixes bug 22895; bugfix on 0.2.7.2-alpha.

changes/ticket23910

@@ -1,3 +0,0 @@
-  o Directory authority changes:
-    - Add bastet as a ninth directory authority to the default list. Closes
-      ticket 23910.

changes/trove-2017-001.2

@@ -1,8 +0,0 @@
-  o Major bugfixes (parsing):
-    - Fix an integer underflow bug when comparing malformed Tor versions.
-      This bug is harmless, except when Tor has been built with
-      --enable-expensive-hardening, which would turn it into a crash;
-      or on Tor 0.2.9.1-alpha through Tor 0.2.9.8, which were built with
-      -ftrapv by default.
-      Part of TROVE-2017-001. Fixes bug 21278; bugfix on
-      0.0.8pre1. Found by OSS-Fuzz.

changes/trove-2017-004

@@ -1,6 +0,0 @@
-  o Major bugfixes (hidden service, relay, security):
-    - Fix an assertion failure when a hidden service handles a
-      malformed BEGIN cell. This bug resulted in the service crashing
-      triggered by a tor_assert(). Fixes bug 22493, tracked as
-      TROVE-2017-004 and as CVE-2017-0375; bugfix on 0.3.0.1-alpha.
-      Found by armadev.

changes/trove-2017-005

@@ -1,7 +0,0 @@
-  o Major bugfixes (hidden service, relay, security):
-    - Fix an assertion failure caused by receiving a BEGIN_DIR cell on
-      a hidden service rendezvous circuit. Fixes bug 22494, tracked as
-      TROVE-2017-005 and CVE-2017-0376; bugfix on 0.2.2.1-alpha. Found
-      by armadev.
-
-

changes/trove-2017-008

@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden services, loggging):
-    - Fix a bug where we could log uninitialized stack when a certain
-      hidden service error occurred while SafeLogging was disabled.
-      Fixes bug #23490; bugfix on 0.2.7.2-alpha.
-      This is also tracked as TROVE-2017-008 and CVE-2017-0380.