Merge branch 'maint-0.3.1' into release-0.3.1

Entries are sorted, but not wrapped or pruned.

ChangeLog

@@ -1,3 +1,794 @@
+Changes in version 0.3.1.10 - 2018-03-03
+  Tor 0.3.1.10 backports a number of bugfixes, including important fixes for
+  security issues.
+
+  It includes an important security fix for a remote crash attack
+  against directory authorities, tracked as TROVE-2018-001.
+
+  This release also backports our new system for improved resistance to
+  denial-of-service attacks against relays.
+
+  This release also fixes several minor bugs and annoyances from
+  earlier releases.
+
+  All directory authorities should upgrade to one of the versions
+  released today.  Relays running 0.3.1.x may wish to update to one of
+  the versions released today, for the DoS mitigations.
+
+  Please note: according to our release calendar, Tor 0.3.1 will no
+  longer be supported after 1 July 2018.  If you will be running Tor
+  after that date, you should make sure to plan to upgrade to the latest
+  stable version, or downgrade to 0.2.9 (which will receive long-term
+  support).
+
+  o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
+    - Fix a protocol-list handling bug that could be used to remotely crash
+      directory authorities with a null-pointer exception. Fixes bug 25074;
+      bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
+      CVE-2018-0490.
+
+  o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
+    - Give relays some defenses against the recent network overload. We
+      start with three defenses (default parameters in parentheses).
+      First: if a single client address makes too many concurrent
+      connections (>100), hang up on further connections. Second: if a
+      single client address makes circuits too quickly (more than 3 per
+      second, with an allowed burst of 90) while also having too many
+      connections open (3), refuse new create cells for the next while
+      (1-2 hours). Third: if a client asks to establish a rendezvous
+      point to you directly, ignore the request. These defenses can be
+      manually controlled by new torrc options, but relays will also
+      take guidance from consensus parameters, so there's no need to
+      configure anything manually. Implements ticket 24902.
+
+  o Minor features (linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
+    - Update the sandbox rules so that they should now work correctly
+      with Glibc 2.26. Closes ticket 24315.
+
+  o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
+    - Fix an "off by 2" error in counting rendezvous failures on the
+      onion service side. While we thought we would stop the rendezvous
+      attempt after one failed circuit, we were actually making three
+      circuit attempts before giving up. Now switch to a default of 2,
+      and allow the consensus parameter "hs_service_max_rdv_failures" to
+      override. Fixes bug 24895; bugfix on 0.0.6.
+
+  o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
+    - Add Link protocol version 5 to the supported protocols list. Fixes
+      bug 25070; bugfix on 0.3.1.1-alpha.
+
+  o Major bugfixes (relay, backport from 0.3.3.1-alpha):
+    - Fix a set of false positives where relays would consider
+      connections to other relays as being client-only connections (and
+      thus e.g. deserving different link padding schemes) if those
+      relays fell out of the consensus briefly. Now we look only at the
+      initial handshake and whether the connection authenticated as a
+      relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
+
+  o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
+    - Make our OOM handler aware of the geoip client history cache so it
+      doesn't fill up the memory. This check is important for IPv6 and
+      our DoS mitigation subsystem. Closes ticket 25122.
+
+  o Minor feature (relay statistics, backport from 0.3.2.6-alpha):
+    - Change relay bandwidth reporting stats interval from 4 hours to 24
+      hours in order to reduce the efficiency of guard discovery
+      attacks. Fixes ticket 23856.
+
+  o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
+    - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
+      Previous versions of Tor would not have worked with OpenSSL 1.1.1,
+      since they neither disabled TLS 1.3 nor enabled any of the
+      ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
+      Closes ticket 24978.
+
+  o Minor features (fallback directory mirrors, backport from 0.3.2.9):
+    - The fallback directory list has been re-generated based on the
+      current status of the network. Tor uses fallback directories to
+      bootstrap when it doesn't yet have up-to-date directory
+      information. Closes ticket 24801.
+    - Make the default DirAuthorityFallbackRate 0.1, so that clients
+      prefer to bootstrap from fallback directory mirrors. This is a
+      follow-up to 24679, which removed weights from the default
+      fallbacks. Implements ticket 24681.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
+    - Use the actual observed address of an incoming relay connection,
+      not the canonical address of the relay from its descriptor, when
+      making decisions about how to handle the incoming connection.
+      Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
+
+  o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
+    - Directory authorities, when refusing a descriptor from a rejected
+      relay, now explicitly tell the relay (in its logs) to set a valid
+      ContactInfo address and contact the bad-relays@ mailing list.
+      Fixes bug 25170; bugfix on 0.2.9.1.
+
+  o Minor bugfixes (address selection, backport from 0.3.2.9):
+    - When the fascist_firewall_choose_address_ functions don't find a
+      reachable address, set the returned address to the null address
+      and port. This is a precautionary measure, because some callers do
+      not check the return value. Fixes bug 24736; bugfix
+      on 0.2.8.2-alpha.
+
+  o Major bugfixes (bootstrapping, backport from 0.3.2.5-alpha):
+    - Fetch descriptors aggressively whenever we lack enough to build
+      circuits, regardless of how many descriptors we are missing.
+      Previously, we would delay launching the fetch when we had fewer
+      than 15 missing descriptors, even if some of those descriptors
+      were blocking circuits from building. Fixes bug 23985; bugfix on
+      0.1.1.11-alpha. The effects of this bug became worse in
+      0.3.0.3-alpha, when we began treating missing descriptors from our
+      primary guards as a reason to delay circuits.
+    - Don't try fetching microdescriptors from relays that have failed
+      to deliver them in the past. Fixes bug 23817; bugfix
+      on 0.3.0.1-alpha.
+
+  o Minor bugfixes (compilation, backport from 0.3.2.7-rc):
+    - Fix a signed/unsigned comparison warning introduced by our fix to
+      TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
+
+  o Minor bugfixes (control port, linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
+    - Avoid a crash when attempting to use the seccomp2 sandbox together
+      with the OwningControllerProcess feature. Fixes bug 24198; bugfix
+      on 0.2.5.1-alpha.
+
+  o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
+    - Fix a possible crash on malformed consensus. If a consensus had
+      contained an unparseable protocol line, it could have made clients
+      and relays crash with a null-pointer exception. To exploit this
+      issue, however, an attacker would need to be able to subvert the
+      directory authority system. Fixes bug 25251; bugfix on
+      0.2.9.4-alpha. Also tracked as TROVE-2018-004.
+
+  o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha):
+    - Recover better from empty or corrupt files in the consensus cache
+      directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
+    - When a consensus diff calculation is only partially successful,
+      only record the successful parts as having succeeded. Partial
+      success can happen if (for example) one compression method fails
+      but the others succeed. Previously we misrecorded all the
+      calculations as having succeeded, which would later cause a
+      nonfatal assertion failure. Fixes bug 24086; bugfix
+      on 0.3.1.1-alpha.
+
+  o Minor bugfixes (entry guards, backport from 0.3.2.3-alpha):
+    - Tor now updates its guard state when it reads a consensus
+      regardless of whether it's missing descriptors. That makes tor use
+      its primary guards to fetch descriptors in some edge cases where
+      it would previously have used fallback directories. Fixes bug
+      23862; bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
+    - Don't treat inability to store a cached consensus object as a bug:
+      it can happen normally when we are out of disk space. Fixes bug
+      24859; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (memory usage, backport from 0.3.2.8-rc):
+    - When queuing DESTROY cells on a channel, only queue the circuit-id
+      and reason fields: not the entire 514-byte cell. This fix should
+      help mitigate any bugs or attacks that fill up these queues, and
+      free more RAM for other uses. Fixes bug 24666; bugfix
+      on 0.2.5.1-alpha.
+
+  o Minor bugfixes (network layer, backport from 0.3.2.5-alpha):
+    - When closing a connection via close_connection_immediately(), we
+      mark it as "not blocked on bandwidth", to prevent later calls from
+      trying to unblock it, and give it permission to read. This fixes a
+      backtrace warning that can happen on relays under various
+      circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (path selection, backport from 0.3.2.4-alpha):
+    - When selecting relays by bandwidth, avoid a rounding error that
+      could sometimes cause load to be imbalanced incorrectly.
+      Previously, we would always round upwards; now, we round towards
+      the nearest integer. This had the biggest effect when a relay's
+      weight adjustments should have given it weight 0, but it got
+      weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
+    - When calculating the fraction of nodes that have descriptors, and
+      all nodes in the network have zero bandwidths, count the number of
+      nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
+    - Actually log the total bandwidth in compute_weighted_bandwidths().
+      Fixes bug 24170; bugfix on 0.2.4.3-alpha.
+
+  o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
+    - Improve the performance of our consensus-diff application code
+      when Tor is built with the --enable-fragile-hardening option set.
+      Fixes bug 24826; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
+    - Don't exit the Tor process if setrlimit() fails to change the file
+      limit (which can happen sometimes on some versions of OSX). Fixes
+      bug 21074; bugfix on 0.0.9pre5.
+
+  o Minor bugfixes (portability, msvc, backport from 0.3.2.9):
+    - Fix a bug in the bit-counting parts of our timing-wheel code on
+      MSVC. (Note that MSVC is still not a supported build platform, due
+      to cyptographic timing channel risks.) Fixes bug 24633; bugfix
+      on 0.2.9.1-alpha.
+
+  o Minor bugfixes (relay, partial backport):
+    - Make the internal channel_is_client() function look at what sort
+      of connection handshake the other side used, rather than whether
+      the other side ever sent a create_fast cell to us. Backports part
+      of the fixes from bugs 22805 and 24898.
+
+  o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
+    - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
+      0.2.9.4-alpha.
+    - Forbid UINT32_MAX as a protocol version.  Fixes part of bug 25249;
+      bugfix on 0.2.9.4-alpha.
+
+  o Code simplification and refactoring (backport from 0.3.3.3-alpha):
+    - Update the "rust dependencies" submodule to be a project-level
+      repository, rather than a user repository. Closes ticket 25323.
+
+
+Changes in version 0.3.1.9 - 2017-12-01:
+  Tor 0.3.1.9 backports important security and stability fixes from the
+  0.3.2 development series. All Tor users should upgrade to this
+  release, or to another of the releases coming out today.
+
+  o Major bugfixes (security, backport from 0.3.2.6-alpha):
+    - Fix a denial of service bug where an attacker could use a
+      malformed directory object to cause a Tor instance to pause while
+      OpenSSL would try to read a passphrase from the terminal. (Tor
+      instances run without a terminal, which is the case for most Tor
+      packages, are not impacted.) Fixes bug 24246; bugfix on every
+      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
+      Found by OSS-Fuzz as testcase 6360145429790720.
+    - Fix a denial of service issue where an attacker could crash a
+      directory authority using a malformed router descriptor. Fixes bug
+      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
+      and CVE-2017-8820.
+    - When checking for replays in the INTRODUCE1 cell data for a
+      (legacy) onion service, correctly detect replays in the RSA-
+      encrypted part of the cell. We were previously checking for
+      replays on the entire cell, but those can be circumvented due to
+      the malleability of Tor's legacy hybrid encryption. This fix helps
+      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
+      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
+      and CVE-2017-8819.
+
+  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
+    - Fix a use-after-free error that could crash v2 Tor onion services
+      when they failed to open circuits while expiring introduction
+      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
+      also tracked as TROVE-2017-013 and CVE-2017-8823.
+
+  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
+    - When running as a relay, make sure that we never build a path
+      through ourselves, even in the case where we have somehow lost the
+      version of our descriptor appearing in the consensus. Fixes part
+      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
+      as TROVE-2017-012 and CVE-2017-8822.
+    - When running as a relay, make sure that we never choose ourselves
+      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
+      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.
+
+  o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
+    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
+      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
+      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
+      identifying and finding a workaround to this bug and to Moritz,
+      Arthur Edelstein, and Roger for helping to track it down and
+      analyze it.
+
+  o Minor features (bridge):
+    - Bridges now include notice in their descriptors that they are
+      bridges, and notice of their distribution status, based on their
+      publication settings. Implements ticket 18329. For more fine-
+      grained control of how a bridge is distributed, upgrade to 0.3.2.x
+      or later.
+
+  o Minor features (directory authority, backport from 0.3.2.6-alpha):
+    - Add an IPv6 address for the "bastet" directory authority. Closes
+      ticket 24394.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
+    - Avoid unnecessary calls to directory_fetches_from_authorities() on
+      relays, to prevent spurious address resolutions and descriptor
+      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
+      bugfix on in 0.2.8.1-alpha.
+
+  o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
+    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
+      Fixes bug 22895; bugfix on 0.2.7.2-alpha.
+
+  o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
+    - When a circuit is marked for close, do not attempt to package any
+      cells for channels on that circuit. Previously, we would detect
+      this condition lower in the call stack, when we noticed that the
+      circuit had no attached channel, and log an annoying message.
+      Fixes bug 8185; bugfix on 0.2.5.4-alpha.
+
+  o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
+    - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
+      so it matches dir-spec.txt. Fixes bug 24262; bugfix
+      on 0.3.1.1-alpha.
+
+  o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
+    - Avoid a crash when transitioning from client mode to bridge mode.
+      Previously, we would launch the worker threads whenever our
+      "public server" mode changed, but not when our "server" mode
+      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.
+
+
+Changes in version 0.3.1.8 - 2017-10-25
+  Tor 0.3.1.8 is the second stable release in the 0.3.1 series.
+  It includes several bugfixes, including a bugfix for a crash issue
+  that had affected relays under memory pressure. It also adds
+  a new directory authority, Bastet.
+
+  o Directory authority changes:
+    - Add "Bastet" as a ninth directory authority to the default list.
+      Closes ticket 23910.
+    - The directory authority "Longclaw" has changed its IP address.
+      Closes ticket 23592.
+
+  o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
+    - Fix a timing-based assertion failure that could occur when the
+      circuit out-of-memory handler freed a connection's output buffer.
+      Fixes bug 23690; bugfix on 0.2.6.1-alpha.
+
+  o Minor features (directory authorities, backport from 0.3.2.2-alpha):
+    - Remove longclaw's IPv6 address, as it will soon change. Authority
+      IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
+      3/8 directory authorities with IPv6 addresses, but there are also
+      52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation, backport from 0.3.2.2-alpha):
+    - Fix a compilation warning when building with zstd support on
+      32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
+      and fixed by Andreas Stieger.
+
+  o Minor bugfixes (compression, backport from 0.3.2.2-alpha):
+    - Handle a pathological case when decompressing Zstandard data when
+      the output buffer size is zero. Fixes bug 23551; bugfix
+      on 0.3.1.1-alpha.
+
+  o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
+    - Remove the length limit on HTTP status lines that authorities can
+      send in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.
+
+  o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
+    - Avoid a possible double close of a circuit by the intro point on
+      error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
+      bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
+    - Clear the address when node_get_prim_orport() returns early.
+      Fixes bug 23874; bugfix on 0.2.8.2-alpha.
+
+  o Minor bugfixes (unit tests, backport from 0.3.2.2-alpha):
+    - Fix additional channelpadding unit test failures by using mocked
+      time instead of actual time for all tests. Fixes bug 23608; bugfix
+      on 0.3.1.1-alpha.
+
+
+Changes in version 0.3.1.7 - 2017-09-18
+  Tor 0.3.1.7 is the first stable release in the 0.3.1 series.
+
+  With the 0.3.1 series, Tor now serves and downloads directory
+  information in more compact formats, to save on bandwidth overhead. It
+  also contains a new padding system to resist netflow-based traffic
+  analysis, and experimental support for building parts of Tor in Rust
+  (though no parts of Tor are in Rust yet). There are also numerous
+  small features, bugfixes on earlier release series, and groundwork for
+  the hidden services revamp of 0.3.2.
+
+  This release also includes a fix for TROVE-2017-008, a security bug
+  that affects hidden services running with the SafeLogging option
+  disabled. For more information, see
+  https://trac.torproject.org/projects/tor/ticket/23490
+
+  Per our stable release policy, we plan to support each stable release
+  series for at least the next nine months, or for three months after
+  the first stable release of the next series: whichever is longer. If
+  you need a release with long-term support, we recommend that you stay
+  with the 0.2.9 series.
+
+  Below is a list of the changes since 0.3.1.6-rc. For a list of all
+  changes since 0.3.0, see the ReleaseNotes file.
+
+  o Major bugfixes (security, hidden services, loggging):
+    - Fix a bug where we could log uninitialized stack when a certain
+      hidden service error occurred while SafeLogging was disabled.
+      Fixes bug #23490; bugfix on 0.2.7.2-alpha. This is also tracked as
+      TROVE-2017-008 and CVE-2017-0380.
+
+  o Minor features (defensive programming):
+    - Create a pair of consensus parameters, nf_pad_tor2web and
+      nf_pad_single_onion, to disable netflow padding in the consensus
+      for non-anonymous connections in case the overhead is high. Closes
+      ticket 17857.
+
+  o Minor features (diagnostic):
+    - Add a stack trace to the bug warnings that can be logged when
+      trying to send an outgoing relay cell with n_chan == 0. Diagnostic
+      attempt for bug 23105.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the September 6 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compilation):
+    - Avoid compiler warnings in the unit tests for calling tor_sscanf()
+      with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
+
+  o Minor bugfixes (controller):
+    - Do not crash when receiving a HSPOST command with an empty body.
+      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.
+    - Do not crash when receiving a POSTDESCRIPTOR command with an empty
+      body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
+
+  o Minor bugfixes (relay):
+    - Inform the geoip and rephist modules about all requests, even on
+      relays that are only fetching microdescriptors. Fixes a bug
+      related to 21585; bugfix on 0.3.0.1-alpha.
+
+  o Minor bugfixes (unit tests):
+    - Fix a channelpadding unit test failure on slow systems by using
+      mocked time instead of actual time. Fixes bug 23077; bugfix
+      on 0.3.1.1-alpha.
+
+
+Changes in version 0.3.1.6-rc - 2017-09-05
+  Tor 0.3.1.6-rc fixes a few small bugs and annoyances in the 0.3.1
+  release series, including a bug that produced weird behavior on
+  Windows directory caches.
+
+  This is the first release candidate in the Tor 0.3.1 series. If we
+  find no new bugs or regressions here, the first stable 0.3.1 release
+  will be nearly identical to it.
+
+  o Major bugfixes (windows, directory cache):
+    - On Windows, do not try to delete cached consensus documents and
+      diffs before they are unmapped from memory--Windows won't allow
+      that. Instead, allow the consensus cache directory to grow larger,
+      to hold files that might need to stay around longer. Fixes bug
+      22752; bugfix on 0.3.1.1-alpha.
+
+  o Minor features (directory authority):
+    - Improve the message that authorities report to relays that present
+      RSA/Ed25519 keypairs that conflict with previously pinned keys.
+      Closes ticket 22348.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 3 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (testing):
+    - Add more tests for compression backend initialization. Closes
+      ticket 22286.
+
+  o Minor bugfixes (directory cache):
+    - Fix a memory leak when recovering space in the consensus cache.
+      Fixes bug 23139; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (hidden service):
+    - Increase the number of circuits that a service is allowed to
+      open over a specific period of time. The value was lower than it
+      should be (8 vs 12) in the normal case of 3 introduction points.
+      Fixes bug 22159; bugfix on 0.3.0.5-rc.
+    - Fix a BUG warning during HSv3 descriptor decoding that could be
+      cause by a specially crafted descriptor. Fixes bug 23233; bugfix
+      on 0.3.0.1-alpha. Bug found by "haxxpop".
+    - Rate-limit the log messages if we exceed the maximum number of
+      allowed intro circuits. Fixes bug 22159; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (logging, relay):
+    - Remove a forgotten debugging message when an introduction point
+      successfully establishes a hidden service prop224 circuit with
+      a client.
+    - Change three other log_warn() for an introduction point to
+      protocol warnings, because they can be failure from the network
+      and are not relevant to the operator. Fixes bug 23078; bugfix on
+      0.3.0.1-alpha and 0.3.0.2-alpha.
+
+  o Minor bugfixes (relay):
+    - When a relay is not running as a directory cache, it will no
+      longer generate compressed consensuses and consensus diff
+      information. Previously, this was a waste of disk and CPU. Fixes
+      bug 23275; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (robustness, error handling):
+    - Improve our handling of the cases where OpenSSL encounters a
+      memory error while encoding keys and certificates. We haven't
+      observed these errors in the wild, but if they do happen, we now
+      detect and respond better. Fixes bug 19418; bugfix on all versions
+      of Tor. Reported by Guido Vranken.
+
+  o Minor bugfixes (stability):
+    - Avoid crashing on a double-free when unable to load or process an
+      included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha. Found
+      with the clang static analyzer.
+
+  o Minor bugfixes (testing):
+    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
+      bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.
+    - Port the hs_ntor handshake test to work correctly with recent
+      versions of the pysha3 module. Fixes bug 23071; bugfix
+      on 0.3.1.1-alpha.
+
+  o Minor bugfixes (Windows service):
+    - When running as a Windows service, set the ID of the main thread
+      correctly. Failure to do so made us fail to send log messages to
+      the controller in 0.2.1.16-rc, slowed down controller event
+      delivery in 0.2.7.3-rc and later, and crash with an assertion
+      failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
+      Patch and diagnosis from "Vort".
+
+
+Changes in version 0.3.1.5-alpha - 2017-08-01
+  Tor 0.3.1.5-alpha improves the performance of consensus diff
+  calculation, fixes a crash bug on older versions of OpenBSD, and fixes
+  several other bugs. If no serious bugs are found in this version, the
+  next version will be a release candidate.
+
+  This release also marks the end of support for the Tor 0.2.4.x,
+  0.2.6.x, and 0.2.7.x release series. Those releases will receive no
+  further bug or security fixes. Anyone still running or distributing
+  one of those versions should upgrade.
+
+  o Major features (build system, continuous integration):
+    - Tor's repository now includes a Travis Continuous Integration (CI)
+      configuration file (.travis.yml). This is meant to help new
+      developers and contributors who fork Tor to a Github repository be
+      better able to test their changes, and understand what we expect
+      to pass. To use this new build feature, you must fork Tor to your
+      Github account, then go into the "Integrations" menu in the
+      repository settings for your fork and enable Travis, then push
+      your changes. Closes ticket 22636.
+
+  o Major bugfixes (openbsd, denial-of-service):
+    - Avoid an assertion failure bug affecting our implementation of
+      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
+      handling of "0xfoo" differs from what we had expected. Fixes bug
+      22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.
+
+  o Major bugfixes (relay, performance):
+    - Perform circuit handshake operations at a higher priority than we
+      use for consensus diff creation and compression. This should
+      prevent circuits from starving when a relay or bridge receives a
+      new consensus, especially on lower-powered machines. Fixes bug
+      22883; bugfix on 0.3.1.1-alpha.
+
+  o Minor features (bridge authority):
+    - Add "fingerprint" lines to the networkstatus-bridges file produced
+      by bridge authorities. Closes ticket 22207.
+
+  o Minor features (directory cache, consensus diff):
+    - Add a new MaxConsensusAgeForDiffs option to allow directory cache
+      operators with low-resource environments to adjust the number of
+      consensuses they'll store and generate diffs from. Most cache
+      operators should leave it unchanged. Helps to work around
+      bug 22883.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the July 4 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor features (relay, performance):
+    - Always start relays with at least two worker threads, to prevent
+      priority inversion on slow tasks. Part of the fix for bug 22883.
+    - Allow background work to be queued with different priorities, so
+      that a big pile of slow low-priority jobs will not starve out
+      higher priority jobs. This lays the groundwork for a fix for
+      bug 22883.
+
+  o Minor bugfixes (build system, rust):
+    - Fix a problem where Rust toolchains were not being found when
+      building without --enable-cargo-online-mode, due to setting the
+      $HOME environment variable instead of $CARGO_HOME. Fixes bug
+      22830; bugfix on 0.3.1.1-alpha. Fix by Chelsea Komlo.
+
+  o Minor bugfixes (compatibility, zstd):
+    - Write zstd epilogues correctly when the epilogue requires
+      reallocation of the output buffer, even with zstd 1.3.0.
+      (Previously, we worked on 1.2.0 and failed with 1.3.0). Fixes bug
+      22927; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (compilation warnings):
+    - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug
+      22915; bugfix on 0.2.8.1-alpha.
+    - Fix warnings when building with libscrypt and openssl scrypt
+      support on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.
+    - Compile correctly when both openssl 1.1.0 and libscrypt are
+      detected. Previously this would cause an error. Fixes bug 22892;
+      bugfix on 0.3.1.1-alpha.
+    - When building with certain versions of the mingw C header files,
+      avoid float-conversion warnings when calling the C functions
+      isfinite(), isnan(), and signbit(). Fixes bug 22801; bugfix
+      on 0.2.8.1-alpha.
+
+  o Minor bugfixes (coverity build support):
+    - Avoid Coverity build warnings related to our BUG() macro. By
+      default, Coverity treats BUG() as the Linux kernel does: an
+      instant abort(). We need to override that so our BUG() macro
+      doesn't prevent Coverity from analyzing functions that use it.
+      Fixes bug 23030; bugfix on 0.2.9.1-alpha.
+
+  o Minor bugfixes (directory authority):
+    - When a directory authority rejects a descriptor or extrainfo with
+      a given digest, mark that digest as undownloadable, so that we do
+      not attempt to download it again over and over. We previously
+      tried to avoid downloading such descriptors by other means, but we
+      didn't notice if we accidentally downloaded one anyway. This
+      behavior became problematic in 0.2.7.2-alpha, when authorities
+      began pinning Ed25519 keys. Fixes bug 22349; bugfix
+      on 0.2.1.19-alpha.
+
+  o Minor bugfixes (error reporting, windows):
+    - When formatting Windows error messages, use the English format to
+      avoid codepage issues. Fixes bug 22520; bugfix on 0.1.2.8-alpha.
+      Patch from "Vort".
+
+  o Minor bugfixes (file limits, osx):
+    - When setting the maximum number of connections allowed by the OS,
+      always allow some extra file descriptors for other files. Fixes
+      bug 22797; bugfix on 0.2.0.10-alpha.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Avoid a sandbox failure when trying to re-bind to a socket and
+      mark it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (memory leaks):
+    - Fix a small memory leak when validating a configuration that uses
+      two or more AF_UNIX sockets for the same port type. Fixes bug
+      23053; bugfix on 0.2.6.3-alpha. This is CID 1415725.
+
+  o Minor bugfixes (unit tests):
+    - test_consdiff_base64cmp would fail on OS X because while OS X
+      follows the standard of (less than zero/zero/greater than zero),
+      it doesn't follow the convention of (-1/0/+1). Make the test
+      comply with the standard. Fixes bug 22870; bugfix on 0.3.1.1-alpha.
+    - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
+      Fixes bug 22803; bugfix on 0.3.0.1-alpha.
+
+
+Changes in version 0.3.1.4-alpha - 2017-06-29
+  Tor 0.3.1.4-alpha fixes a path selection bug that would allow a client
+  to use a guard that was in the same network family as a chosen exit
+  relay. This is a security regression; all clients running earlier
+  versions of 0.3.0.x or 0.3.1.x should upgrade to 0.3.0.9
+  or 0.3.1.4-alpha.
+
+  This release also fixes several other bugs introduced in 0.3.0.x
+  and 0.3.1.x, including others that can affect bandwidth usage
+  and correctness.
+
+  o New dependencies:
+    - To build with zstd and lzma support, Tor now requires the
+      pkg-config tool at build time. (This requirement was new in
+      0.3.1.1-alpha, but was not noted at the time. Noting it here to
+      close ticket 22623.)
+
+  o Major bugfixes (path selection, security):
+    - When choosing which guard to use for a circuit, avoid the exit's
+      family along with the exit itself. Previously, the new guard
+      selection logic avoided the exit, but did not consider its family.
+      Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked as TROVE-2017-
+      006 and CVE-2017-0377.
+
+  o Major bugfixes (compression, zstd):
+    - Correctly detect a full buffer when decompressing a large zstd-
+      compressed input. Previously, we would sometimes treat a full
+      buffer as an error. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
+
+  o Major bugfixes (directory protocol):
+    - Ensure that we send "304 Not modified" as HTTP status code when a
+      client is attempting to fetch a consensus or consensus diff, and
+      the best one we can send them is one they already have. Fixes bug
+      22702; bugfix on 0.3.1.1-alpha.
+
+  o Major bugfixes (entry guards):
+    - When starting with an old consensus, do not add new entry guards
+      unless the consensus is "reasonably live" (under 1 day old). Fixes
+      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
+
+  o Minor features (bug mitigation, diagnostics, logging):
+    - Avoid an assertion failure, and log a better error message, when
+      unable to remove a file from the consensus cache on Windows.
+      Attempts to mitigate and diagnose bug 22752.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the June 8 2017 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (compression):
+    - When compressing or decompressing a buffer, check for a failure to
+      create a compression object. Fixes bug 22626; bugfix
+      on 0.3.1.1-alpha.
+    - When decompressing a buffer, check for extra data after the end of
+      the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
+    - When decompressing an object received over an anonymous directory
+      connection, if we have already decompressed it using an acceptable
+      compression method, do not reject it for looking like an
+      unacceptable compression method. Fixes part of bug 22670; bugfix
+      on 0.3.1.1-alpha.
+    - When serving directory votes compressed with zlib, do not claim to
+      have compressed them with zstd. Fixes bug 22669; bugfix
+      on 0.3.1.1-alpha.
+    - When spooling compressed data to an output buffer, don't try to
+      spool more data when there is no more data to spool and we are not
+      trying to flush the input. Previously, we would sometimes launch
+      compression requests with nothing to do, which interferes with our
+      22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
+
+  o Minor bugfixes (defensive programming):
+    - Detect and break out of infinite loops in our compression code. We
+      don't think that any such loops exist now, but it's best to be
+      safe. Closes ticket 22672.
+    - Fix a memset() off the end of an array when packing cells. This
+      bug should be harmless in practice, since the corrupted bytes are
+      still in the same structure, and are always padding bytes,
+      ignored, or immediately overwritten, depending on compiler
+      behavior. Nevertheless, because the memset()'s purpose is to make
+      sure that any other cell-handling bugs can't expose bytes to the
+      network, we need to fix it. Fixes bug 22737; bugfix on
+      0.2.4.11-alpha. Fixes CID 1401591.
+
+  o Minor bugfixes (linux seccomp2 sandbox):
+    - Permit the fchmod system call, to avoid crashing on startup when
+      starting with the seccomp2 sandbox and an unexpected set of
+      permissions on the data directory or its contents. Fixes bug
+      22516; bugfix on 0.2.5.4-alpha.
+    - Fix a crash in the LZMA module, when the sandbox was enabled, and
+      liblzma would allocate more than 16 MB of memory. We solve this by
+      bumping the mprotect() limit in the sandbox module from 16 MB to
+      20 MB. Fixes bug 22751; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (logging):
+    - When decompressing, do not warn if we fail to decompress using a
+      compression method that we merely guessed. Fixes part of bug
+      22670; bugfix on 0.1.1.14-alpha.
+    - When decompressing, treat mismatch between content-encoding and
+      actual compression type as a protocol warning. Fixes part of bug
+      22670; bugfix on 0.1.1.9-alpha.
+    - Downgrade "assigned_to_cpuworker failed" message to info-level
+      severity. In every case that can reach it, either a better warning
+      has already been logged, or no warning is warranted. Fixes bug
+      22356; bugfix on 0.2.6.3-alpha.
+    - Demote a warn that was caused by libevent delays to info if
+      netflow padding is less than 4.5 seconds late, or to notice
+      if it is more (4.5 seconds is the amount of time that a netflow
+      record might be emitted after, if we chose the maximum timeout).
+      Fixes bug 22212; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (process behavior):
+    - When exiting because of an error, always exit with a nonzero exit
+      status. Previously, we would fail to report an error in our exit
+      status in cases related to __OwningControllerProcess failure,
+      lockfile contention, and Ed25519 key initialization. Fixes bug
+      22720; bugfix on versions 0.2.1.6-alpha, 0.2.2.28-beta, and
+      0.2.7.2-alpha respectively. Reported by "f55jwk4f"; patch
+      from "huyvq".
+
+  o Documentation:
+    - Add a manpage description for the key-pinning-journal file. Closes
+      ticket 22347.
+    - Correctly note that bandwidth accounting values are stored in the
+      state file, and the bw_accounting file is now obsolete. Closes
+      ticket 16082.
+    - Document more of the files in the Tor data directory, including
+      cached-extrainfo, secret_onion_key{,_ntor}.old, hidserv-stats,
+      approved-routers, sr-random, and diff-cache. Found while fixing
+      ticket 22347.
+
+
 Changes in version 0.3.1.3-alpha - 2017-06-08
   Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
   remotely crash a hidden service with an assertion failure. Anyone

changes/bastet_v6

@@ -1,4 +0,0 @@
-  o Minor features (directory authority):
-    - Add an IPv6 address for the "bastet" directory authority.
-      Closes ticket 24394.
-

changes/bug15582

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Avoid compiler warnings in the unit tests for running tor_sscanf()
-      with wide string outputs. Fixes bug 15582; bugfix on 0.2.6.2-alpha.
-

changes/bug16082

@@ -1,4 +0,0 @@
-  o Documentation:
-    - Correctly note that bandwidth accounting values are stored in the
-      state file, and the bw_accounting file is now obsolete. Closes
-      ticket 16082.

changes/bug17857

@@ -1,6 +0,0 @@
-  o Minor features (defensive programming):
-    - Create a pair of consensus parameters nf_pad_tor2web and
-      nf_pad_single_onion that allow us to disable netflow padding in the
-      consensus for non-anonymous connections, in case the overhead is high.
-      Closes #17857.
-

changes/bug18329-minimal

@@ -1,6 +0,0 @@
-  o Minor features (bridge):
-    - Bridges now include notice in their descriptors that they are bridges,
-      and notice of their distribution status, based on their publication
-      settings.  Implements ticket 18329.  For more fine-grained control of
-      how a bridge is distributed, upgrade to 0.3.2.x or later.
-

changes/bug19418

@@ -1,7 +0,0 @@
-  o Minor bugfixes (robustness, error handling):
-    - Improve our handling of the cases where OpenSSL encounters a
-      memory error while encoding keys and certificates. We haven't
-      observed these happening in the wild, but if they do happen,
-      we now detect and respond better. Fixes bug 19418; bugfix
-      on all versions of Tor. Reported by Guido Vranken.
-

changes/bug20247

@@ -1,4 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox):
-    - Avoid a sandbox failure when trying to re-bind to a socket and mark
-      it as IPv6-only. Fixes bug 20247; bugfix on 0.2.5.1-alpha.
-

changes/bug21074_downgrade

@@ -1,4 +0,0 @@
-  o Minor bugfixes (portability):
-    - Don't exit the Tor process if setrlimit() fails to change the file
-      limit (which can happen sometimes on some versions of OSX). Fixes
-      bug 21074; bugfix on 0.0.9pre5.

changes/bug21394

@@ -1,9 +0,0 @@
-  o Major bugfixes (Exit nodes):
-    - Fix an issue causing high-bandwidth exit nodes to fail a majority
-      or all of their DNS requests, making them basically unsuitable for
-      regular usage in Tor circuits. The problem is related to
-      libevent's DNS handling, but we can work around it in Tor. Fixes
-      bugs 21394 and 18580; bugfix on 0.1.2.2-alpha which introduced
-      eventdns. Credit goes to Dhalgren for identifying and finding a
-      workaround to this bug and to gamambel, arthuredelstein and
-      arma in helping to track it down and analyze it.

changes/bug22159

@@ -1,7 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - A service is allowed to open a maximum number of circuits for a specific
-      period of time. That value was lower than it should be (8 vs 12) in the
-      normal case of 3 introduction points. Fixes bug 22159.; bugfix on
-      tor-0.3.0.5-rc.
-    - Rate limit the log if we ever go above the maximum number of allowed
-      intro circuits. Fixes bug 22159.; bugfix on tor-0.3.1.1-alpha.

changes/bug22212

@@ -1,5 +0,0 @@
-  o Minor bugfixes (netflow padding logging):
-    - Demote a warn that was caused by libevent delays to info if
-      the padding is less than 4.5 seconds late, or notice if it is more
-      (4.5 seconds is the amount of time that a netflow record might
-       be emitted after, if we chose the maximum timeout). Fixes bug #22212.

changes/bug22286

@@ -1,3 +0,0 @@
-  o Minor features (tests):
-    - Add a couple more tests for compression backend initialization.
-      Closes ticket 22286.

changes/bug22347

@@ -1,2 +0,0 @@
-  o Documentation:
-    - Add a manpage description for the key-pinning-journal file.

changes/bug22349

@@ -1,9 +0,0 @@
-  o Minor bugfixes (directory authority):
-    - When a directory authority rejects a descriptor or extrainfo with
-      a given digest, mark that digest as undownloadable, so that we
-      do not attempt to download it again over and over. We previously
-      tried to avoid downloading such descriptors by other means, but
-      we didn't notice if we accidentally downloaded one anyway. This
-      behavior became problematic in 0.2.7.2-alpha, when authorities
-      began pinning Ed25519 keys. Fixes ticket
-      22349; bugfix on 0.2.1.19-alpha.

changes/bug22356

@@ -1,5 +0,0 @@
-  o Minor bugfixes (logging, relay):
-    - Downgrade "assigned_to_cpuworker failed" message to INFO-level
-      severity. In every case that can reach it, either a better warning
-      has already been logged, or no warning is warranted. Fixes bug 22356;
-      bugfix on 0.2.6.3-alpha.

changes/bug22400_01

@@ -1,4 +0,0 @@
-  o Major bugfixes (entry guards):
-    - When starting with an old consensus, do not add new entry guards
-      unless the consensus is "reasonably live" (under 1 day old). Fixes
-      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.

changes/bug22446

@@ -1,4 +0,0 @@
-  o Minor features (code style, backport from 0.3.1.3-alpha):
-    - Add "Falls through" comments to our codebase, in order to silence
-      GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
-      Stieger. Closes ticket 22446.

changes/bug22502_part1

@@ -1,12 +0,0 @@
-  o Major bugfixes (compression, zstd):
-    - Correctly detect a full buffer when decompessing a large
-      zstd-compressed input. Fixes bug 22628; bugfix on 0.3.1.1-alpha.
-
-  o Minor bugfixes (compression):
-    - When compressing or decompressing a buffer, check for a failure to
-      create a compression object. Fixes bug 22626; bugfix on
-      0.3.1.1-alpha.
-
-    - When decompressing a buffer, check for extra data after the end of
-      the compressed data. Fixes bug 22629; bugfix on 0.3.1.1-alpha.
-

changes/bug22516

@@ -1,5 +0,0 @@
-  o Minor bugfixes (linux seccomp2 sandbox):
-    - Permit the fchmod system call, to avoid crashing on startup when
-      starting with the seccomp2 sandbox and an unexpected set of permissions
-      on the data directory or its contents. Fixes bug 22516; bugfix on
-      0.2.5.4-alpha.

changes/bug22520

@@ -1,5 +0,0 @@
-  o Minor bugfixes (error reporting, windows):
-    - When formatting Windows error messages, use the English format
-      to avoid codepage issues. Fixes bug 22520; bugfix on
-      0.1.2.8-alpha. Patch from "Vort".
-

changes/bug22636

@@ -1,8 +0,0 @@
- o Build features:
-   - Tor's repository now includes a Travis Continuous Integration (CI)
-     configuration file (.travis.yml). This is meant to help new developers and
-     contributors who fork Tor to a Github repository be better able to test
-     their changes, and understand what we expect to pass. To use this new build
-     feature, you must fork Tor to your Github account, then go into the
-     "Integrations" menu in the repository settings for your fork and enable
-     Travis, then push your changes.

changes/bug22644

@@ -1,5 +0,0 @@
-  o Minor bugfixes (controller):
-    - Do not crash when receiving a POSTDESCRIPTOR command with an
-      empty body. Fixes part of bug 22644; bugfix on 0.2.0.1-alpha.
-    - Do not crash when receiving a HSPOST command with an empty body.
-      Fixes part of bug 22644; bugfix on 0.2.7.1-alpha.

changes/bug22669

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compression):
-    - When serving directory votes compressed with zlib,
-      do not claim to have compressed them with zstd. Fixes bug 22669;
-      bugfix on 0.3.1.1-alpha.

changes/bug22670

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging, compression):
-    - When decompressing, do not warn if we fail to decompress using a
-      compression method that we merely guessed. Fixes part of
-      bug 22670; bugfix on 0.1.1.14-alpha.

changes/bug22670_02

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging, compression):
-   - When decompressing, treat mismatch between content-encoding and
-      actual compression type as a protocol warning. Fixes part of bug
-      22670; bugfix on 0.1.1.9-alpha.

changes/bug22670_03

@@ -1,6 +0,0 @@
-  o Minor bugfixes (compression):
-    - When decompressing an object received over an anonymous directory
-      connection, if we have already successfully decompressed it using an
-      acceptable compression method, do not reject it for looking like an
-      unacceptable compression method. Fixes part of bug 22670; bugfix on
-      0.3.1.1-alpha.

changes/bug22672

@@ -1,5 +0,0 @@
-  o Minor features (compression, defensive programming):
-    - Detect and break out of infinite loops in our compression code.
-      We don't think that any such loops exist now, but it's best to be
-      safe. Closes ticket 22672.
-

changes/bug22702

@@ -1,5 +0,0 @@
-  o Major bugfixes (directory protocol):
-    - Ensure that we sent "304 Not modified" as HTTP status code when a
-      client is attempting to fetch a consensus or consensus diff that
-      matches the latest consensus we have available. Fixes bug 22702;
-      bugfix on 0.3.1.1-alpha.

changes/bug22719

@@ -1,7 +0,0 @@
-  o Minor bugfixes (compression):
-    - When spooling compressed data to an output buffer, don't try to
-      spool more data when there is no more data to spool and we are
-      not trying to flush the input. Previously, we would sometimes
-      launch compression requests with nothing to do, which interferes
-      with our 22672 checks. Fixes bug 22719; bugfix on 0.2.0.16-alpha.
-

changes/bug22720

@@ -1,9 +0,0 @@
-  o Minor bugfixes (process behavior):
-    - When exiting because of an error, always exit with a nonzero
-      exit status. Previously, we would fail to report an error in
-      our exit status in cases related to lockfile contention,
-      __OwningControllerProcess failure, and Ed25519 key
-      initialization.  Fixes bug 22720; bugfix on versions
-      0.2.1.6-alpha, 0.2.2.28-beta, and 0.2.7.2-alpha
-      respectively. Reported by "f55jwk4f"; patch from "huyvq".
-

changes/bug22737

@@ -1,12 +0,0 @@
-  o Minor bugfixes (defensive programming, undefined behavior):
-
-    - Fix a memset() off the end of an array when packing cells.  This
-      bug should be harmless in practice, since the corrupted bytes
-      are still in the same structure, and are always padding bytes,
-      ignored, or immediately overwritten, depending on compiler
-      behavior. Nevertheless, because the memset()'s purpose is to
-      make sure that any other cell-handling bugs can't expose bytes
-      to the network, we need to fix it. Fixes bug 22737; bugfix on
-      0.2.4.11-alpha. Fixes CID 1401591.
-
-

changes/bug22751

@@ -1,5 +0,0 @@
-  o Major bugfixes (compression):
-    - Fix crash in LZMA module, when the Sandbox is enabled, where
-      liblzma would allocate more than 16 MB of memory.  We solve this
-      by bumping the mprotect() limit in the Sandbox module from 16 MB
-      to 20 MB.  Fixes bug 22751; bugfix on 0.3.1.1-alpha.

changes/bug22752_simple

@@ -1,6 +0,0 @@
-  o Major bugfixes (windows, directory cache):
-    - On windows, do not try to delete cached consensus documents and
-      diffs, until they unmapped from memory. Allow the diff storage
-      directory to grow larger in order to handle files that might
-      need to stay around longer.  Fixes bug 22752; bugfix on
-      0.3.1.1-alpha.

changes/bug22753

@@ -1,7 +0,0 @@
-  o Major bugfixes (path selection, security):
-    - When choosing which guard to use for a circuit, avoid the
-      exit's family along with the exit itself. Previously, the new
-      guard selection logic avoided the exit, but did not consider
-      its family.  Fixes bug 22753; bugfix on 0.3.0.1-alpha. Tracked
-      as TROVE-2016-006 and CVE-2017-0377.
-

changes/bug22789

@@ -1,7 +0,0 @@
-  o Major bugfixes (openbsd, denial-of-service):
-    - Avoid an assertion failure bug affecting our implementation of
-      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
-      handling of "0xfoo" differs from what we had expected.
-      Fixes bug 22789; bugfix on 0.2.3.8-alpha. Also tracked as
-      TROVE-2017-007.
-

changes/bug22797

@@ -1,4 +0,0 @@
-  o Minor bugfixes (file limits):
-    - When setting the maximum number of connections allowed by the OS,
-      always allow some extra file descriptors for other files.
-      Fixes bug 22797; bugfix on 0.2.0.10-alpha.

changes/bug22801

@@ -1,5 +0,0 @@
-  o Minor bugfixes (compilation):
-    - When building with certain versions the mingw C header files, avoid
-      float-conversion warnings when calling the C functions isfinite(),
-      isnan(), and signbit(). Fixes bug 22801; bugfix on 0.2.8.1-alpha.
-

changes/bug22803

@@ -1,3 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - Fix a memory leak in the link-handshake/certs_ok_ed25519 test.
-      Fixes bug 22803; bugfix on 0.3.0.1-alpha.

changes/bug22830

@@ -1,5 +0,0 @@
- o Minor bugfixes:
-   - Fix a problem with Rust toolchains not being found when building
-     without --enable-cargo-online-mode, due to setting the $HOME
-     environment variable instead of $CARGO_HOME.  Fixes bug 22830;
-     fix by Chelsea Komlo.  Bugfix on 0.3.1.1-alpha.

changes/bug22883-config

@@ -1,7 +0,0 @@
-  o Minor features (directory cache, consensus diff):
-    - Add a new MaxConsensusAgeForDiffs option to allow directory cache
-      operators with low-resource environments to adjust the number of
-      consensuses they'll store and generate diffs from. Most cache operators
-      should leave it unchanged. Helps to work around bug 22883.
-
-

changes/bug22883-priority

@@ -1,8 +0,0 @@
-  o Major bugfixes (relay, performance):
-
-    - Perform circuit handshake operations at a higher priority than we use
-      for consensus diff creation and compression. This should prevent
-      circuits from starving when a relay or bridge receive a new consensus,
-      especially on lower-powered machines. Fixes bug 22883; bugfix on
-      0.3.1.1-alpha.
-

changes/bug22892

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Compile correctly when both openssl 1.1.0 and libscrypt are detected.
-      Previously this would cause an error. Fixes bug 22892; bugfix on 
-      0.3.1.1-alpha.

changes/bug22915

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation warnings):
-    - Suppress -Wdouble-promotion warnings with clang 4.0. Fixes bug 22915;
-      bugfix on 0.2.8.1-alpha.

changes/bug22916_027

@@ -1,3 +0,0 @@
-  o Minor bugfixes (Compilation):
-    - Fix warnings when building with libscrypt and openssl scrypt support
-      on Clang. Fixes bug 22916; bugfix on 0.2.7.2-alpha.

changes/bug22927

@@ -1,6 +0,0 @@
-  o Minor bugfixes (compatibility, zstd):
-    - Write zstd epilogues correctly when the epilogue requires reallocation
-      of the output buffer, even with zstd 1.3.0. (Previously,
-      we worked on 1.2.0 and failed with 1.3.0).  Fixes bug 22927; bugfix on
-      0.3.1.1-alpha.
-

changes/bug23030_029

@@ -1,7 +0,0 @@
-  o Minor bugfixes (coverity builds):
-    - Avoid Coverity build warnings related to our BUG() macro. By
-      default, Coverity treats BUG() as the Linux kernel does: an
-      instant abort(). We need to override that so our BUG() macro
-      doesn't prevent Coverity from analyzing functions that use it.
-      Fixes bug 23030; bugfix on 0.2.9.1-alpha.
-

changes/bug23053

@@ -1,5 +0,0 @@
-  o Minor bugfixes (memory leak):
-    - Fix a small memory leak when validating a configuration that
-      uses two or more AF_UNIX sockets for the same port type.
-      Fixes bug 23053; bugfix on 0.2.6.3-alpha. This is CID
-      1415725.

changes/bug23071

@@ -1,5 +0,0 @@
-  o Minor bugfixes (tests):
-    - Port the hs_ntor handshake test to work correctly with recent
-      versions of the pysha3 module. Fixes bug 23071; bugfix on
-      0.3.1.1-alpha.
-

changes/bug23077

@@ -1,4 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - Fix a channelpadding unit test failure on extremely slow systems
-      by using mocked time instead of actual time. Fixes bug 23077; bugfix on
-      0.3.1.1-alpha. 

changes/bug23078

@@ -1,7 +0,0 @@
-  o Minor bugfixes (logging, relay):
-    - Remove a log_warn() that has been forgotten when an introduction point
-      successfully established a hidden service prop224 circuit with a client.
-    - Three other log_warn() for an introduction point have been changed to
-      protocol warning because they can be failure from the network and are
-      not relevant to the operator. Fixes bug 23078; bugfix on
-      tor-0.3.0.1-alpha and tor-0.3.0.2-alpha.

changes/bug23081

@@ -1,8 +0,0 @@
-  o Minor bugfixes (Windows service):
-    - When running as a Windows service, set the ID of the main thread
-      correctly. Failure to do so made us fail to send log messages
-      to the controller in 0.2.1.16-rc, slowed down controller
-      event delivery in 0.2.7.3-rc and later, and crash with an assertion
-      failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
-      Patch and diagnosis from "Vort".
-

changes/bug23105-diagnostic

@@ -1,4 +0,0 @@
-  o Minor features (diagnostic):
-    - Add a stack trace to the bug warnings that can be logged when
-      trying to send an outgoing relay cell with n_chan == 0.
-      Diagnostic attempt for bug 23105.

changes/bug23139

@@ -1,3 +0,0 @@
-  o Minor bugfixes (directory cache):
-    - Fix a memory leak in the code that recovers space in the consensus
-      directory cache. Fixes bug 23139; bugfix on 0.3.1.1-alpha.

changes/bug23155

@@ -1,4 +0,0 @@
-  o Minor bugfixes (stability):
-    - Avoid crashing on double-free when unable to load or process
-      an included file. Fixes bug 23155; bugfix on 0.3.1.1-alpha.
-      Found with the clang static analyzer.

changes/bug23233

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - Fix a BUG alert during HSv3 descriptor decoding that could trigger with a
-      specially crafted descriptor. Fixes bug #23233; bugfix on 0.3.0.1-alpha.
-      Bug found by "haxxpop".

changes/bug23275

@@ -1,5 +0,0 @@
-  o Minor bugfixes (relay):
-    - When a relay is not running as a directory cache, it will no longer
-      generate compressed consensuses and consensus diff information.
-      Previously, this was a waste of disk and CPU.  Fixes bug 23275;
-      bugfix on 0.3.1.1-alpha.

changes/bug23291

@@ -1,3 +0,0 @@
-  o Minor bugfixes (testing):
-    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291; bugfix on
-      0.2.7.2-alpha. Found and patched by Ties Stuij.

changes/bug23318

@@ -1,11 +0,0 @@
-  o Minor bugfixes (path selection):
-    - When selecting relays by bandwidth, avoid a rounding error that
-      could sometimes cause load to be imbalanced incorrectly. Previously,
-      we would always round upwards; now, we round towards the nearest
-      integer.  This had the biggest effect when a relay's weight adjustments
-      should have given it weight 0, but it got weight 1 instead.
-      Fixes bug 23318; bugfix on 0.2.4.3-alpha.
-    - When calculating the fraction of nodes that have descriptors, and all
-      all nodes in the network have zero bandwidths, count the number of nodes
-      instead.
-      Fixes bug 23318; bugfix on 0.2.4.10-alpha.

changes/bug23470

@@ -1,6 +0,0 @@
-  o Minor bugfix (relay address resolution):
-    - Avoid unnecessary calls to directory_fetches_from_authorities()
-      on relays. This avoids spurious address resolutions and
-      descriptor rebuilds. This is a mitigation for 21789. The original
-      bug was introduced in commit 35bbf2e as part of prop210.
-      Fixes 23470 in 0.2.8.1-alpha.

changes/bug23533

@@ -1,4 +0,0 @@
-  o Minor bugfixes (relay):
-    - Inform the geoip and rephist modules about all requests, even
-      on relays that are only fetching microdescriptors. Fixes a bug related
-      to 21585; bugfix on 0.3.0.1-alpha.

changes/bug23551

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compression):
-    - Handle a pathological case when decompressing Zstandard data when the
-      output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.

changes/bug23568

@@ -1,4 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix a compilation warning when building with zstd support
-      on 32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha.
-      Found and fixed by Andreas Stieger.

changes/bug23608

@@ -1,4 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - Fix additional channelpadding unit test failures by using mocked time
-      instead of actual time for all tests. Fixes bug 23608;
-      bugfix on 0.3.1.1-alpha.

changes/bug23610

@@ -1,4 +0,0 @@
-  o Minor bugfixes (hidden service, relay):
-    - Avoid a possible double close of a circuit by the intro point on error
-      of sending the INTRO_ESTABLISHED cell. Fixes ticket 23610; bugfix on
-      0.3.0.1-alpha.

changes/bug23690

@@ -1,5 +0,0 @@
-  o Major bugfixes (relay, crash, assertion failure):
-    - Fix a timing-based assertion failure that could occur when the
-      circuit out-of-memory handler freed a connection's output buffer.
-      Fixes bug 23690; bugfix on 0.2.6.1-alpha.
-

changes/bug23693

@@ -1,6 +0,0 @@
-  o Minor bugfixes (relay, crash):
-    - Avoid a crash when transitioning from client mode to bridge mode.
-      Previously, we would launch the worker threads whenever our "public
-      server" mode changed, but not when our "server" mode changed.
-      Fixes bug 23693; bugfix on 0.2.6.3-alpha.
-

changes/bug23817

@@ -1,3 +0,0 @@
-  o Minor bugfixes (descriptors):
-    - Don't try fetching microdescriptors from relays that have failed to
-      deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha.

changes/bug23862

@@ -1,5 +0,0 @@
-  o Minor bugfixes (entry guards):
-    - Tor now updates its guard state when it reads a consensus regardless of
-      whether it's missing descriptors. That makes tor use its primary guards
-      to fetch descriptors in some edge cases where it would have used fallback
-      directories in the past. Fixes bug 23862; bugfix on 0.3.0.1-alpha.

changes/bug23874

@@ -1,3 +0,0 @@
-  o Minor bugfixes (memory safety):
-    - Clear the address when node_get_prim_orport() returns early.
-      Fixes bug 23874; bugfix on 0.2.8.2-alpha.

changes/bug23908

@@ -1,3 +0,0 @@
-  o Minor bugfixes (directory authority, backport from 0.3.2.1-alpha):
-    - Remove the length limit on HTTP status lines that authorities can send
-      in their replies. Fixes bug 23499; bugfix on 0.3.1.6-rc.

changes/bug23985

@@ -1,9 +0,0 @@
-  o Minor bugfixes (bootstrapping):
-    - Fetch descriptors aggressively whenever we lack enough
-      to build circuits, regardless of how many descriptors we are missing.
-      Previously, we would delay launching the fetch when we had fewer than
-      15 missing descriptors, even if some of those descriptors were
-      blocking circuits from building. Fixes bug 23985; bugfix on
-      0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha,
-      when we began treating missing descriptors from our primary guards
-      as a reason to delay circuits.

changes/bug24086

@@ -1,7 +0,0 @@
-  o Minor bugfixes (directory cache):
-    - When a consensus diff calculation is only partially successful, only
-      record the successful parts as having succeeded. Partial success
-      can happen if (for example) one compression method fails but
-      the others succeed. Previously we misrecorded all the calculations as
-      having succeeded, which would later cause a nonfatal assertion failure.
-      Fixes bug 24086; bugfix on 0.3.1.1-alpha.

changes/bug24099

@@ -1,4 +0,0 @@
-  o Minor bugfixes (directory cache):
-    - Recover better from empty or corrupt files in the consensus cache
-      directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
-

changes/bug24167

@@ -1,7 +0,0 @@
-  o Minor bugfixes (network layer):
-    - When closing a connection via close_connection_immediately(), we
-      mark it as "not blocked on bandwidth", to prevent later calls
-      from trying to unblock it, and give it permission to read. This
-      fixes a backtrace warning that can happen on relays under various
-      circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
-

changes/bug24170

@@ -1,3 +0,0 @@
-  o Minor bugfixes (path selection):
-    - Actually log the total bandwidth in compute_weighted_bandwidths().
-      Fixes bug 24170; bugfix on 0.2.4.3-alpha.

changes/bug24198

@@ -1,4 +0,0 @@
-  o Minor bugfixes (controller, linux seccomp2 sandbox):
-    - Avoid a crash when attempting to use the seccomp2 sandbox
-      together with the OwningControllerProcess feature.
-      Fixes bug 24198; bugfix on 0.2.5.1-alpha.

changes/bug24262

@@ -1,3 +0,0 @@
-  o Minor bugfixes (hidden service):
-    - Fix the consensus parameter "hsdir-interval" to "hsdir_interval" so it
-      matches the dir-spec.txt. Fixes bug 24262; bugfix on 0.3.1.1-alpha.

changes/bug24313

@@ -1,5 +0,0 @@
-  o Major bugfixes (security, hidden service v2):
-    - Fix a use-after-free error that could crash v2 Tor hidden services
-      when it failed to open circuits while expiring introductions
-      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha.  This
-      issue is also tracked as TROVE-2017-013 and CVE-2017-8823.

changes/bug24480

@@ -1,3 +0,0 @@
-  o Minor bugfixes (compilation):
-    - Fix a signed/unsigned comparison warning introduced by our
-      fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.

changes/bug24633

@@ -1,5 +0,0 @@
-  o Minor bugfixes (portability, msvc):
-    - Fix a bug in the bit-counting parts of our timing-wheel code on
-      MSVC. (Note that MSVC is still not a supported build platform,
-      due to cyptographic timing channel risks.) Fixes bug 24633;
-      bugfix on 0.2.9.1-alpha.

changes/bug24666

@@ -1,7 +0,0 @@
-  o Minor bugfixes (memory usage):
-
-    - When queuing DESTROY cells on a channel, only queue the
-      circuit-id and reason fields: not the entire 514-byte
-      cell. This fix should help mitigate any bugs or attacks that
-      fill up these queues, and free more RAM for other uses. Fixes
-      bug 24666; bugfix on 0.2.5.1-alpha.

changes/bug24736

@@ -1,6 +0,0 @@
-  o Minor bugfixes (address selection):
-    - When the fascist_firewall_choose_address_ functions don't find a
-      reachable address, set the returned address to the null address and port.
-      This is a precautionary measure, because some callers do not check the
-      return value.
-      Fixes bug 24736; bugfix on 0.2.8.2-alpha.

changes/bug24826_031

@@ -1,4 +0,0 @@
-  o Minor bugfixes (performance, fragile-hardening):
-    - Improve the performance of our consensus-diff application code when Tor
-      is built with the --enable-fragile-hardening option set. Fixes bug
-      24826; bugfix on  0.3.1.1-alpha.

changes/bug24859

@@ -1,4 +0,0 @@
-  o Minor bugfixes (logging):
-    - Don't treat inability to store a cached consensus object as a
-      bug: it can happen normally when we are out of disk space.
-      Fixes bug 24859; bugfix on 0.3.1.1-alpha.

changes/bug24895

@@ -1,8 +0,0 @@
-  o Major bugfixes (onion services):
-    - Fix an "off by 2" error in counting rendezvous failures on the onion
-      service side. While we thought we would stop the rendezvous attempt
-      after one failed circuit, we were actually making three circuit attempts
-      before giving up. Now switch to a default of 2, and allow the consensus
-      parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895;
-      bugfix on 0.0.6.
-

changes/bug24898

@@ -1,8 +0,0 @@
-  o Major bugfixes (relays):
-    - Fix a set of false positives where relays would consider connections
-      to other relays as being client-only connections (and thus e.g.
-      deserving different link padding schemes) if those relays fell out
-      of the consensus briefly. Now we look only at the initial handshake
-      and whether the connection authenticated as a relay. Fixes bug
-      24898; bugfix on 0.3.1.1-alpha.
-

changes/bug24898-029

@@ -1,6 +0,0 @@
-  o Minor bugfixes (relay):
-    - Make the internal channel_is_client() function look at what sort
-      of connection handshake the other side used, rather than whether
-      the other side ever sent a create_fast cell to us. Backports part
-      of the fixes from bugs 22805 and 24898.
-

changes/bug24952

@@ -1,5 +0,0 @@
-  o Minor bugfix (channel connection):
-    - The accurate address of a connection is real_addr, not the addr member.
-      TLS Channel remote address is now real_addr content instead of addr
-      member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha.
-      Patch by "ffmancera".

changes/bug24978

@@ -1,7 +0,0 @@
-  o Minor features (compatibility, OpenSSL):
-    - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
-      Previous versions of Tor would not have worked with OpenSSL
-      1.1.1, since they neither disabled TLS 1.3 nor enabled any of the
-      ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites.
-      Closes ticket 24978.
-

changes/bug25070

@@ -1,3 +0,0 @@
-  o Major bugfixes (protocol versions):
-    - Add Link protocol version 5 to the supported protocols list.
-      Fixes bug 25070; bugfix on 0.3.1.1-alpha.

changes/bug25223

@@ -1,4 +0,0 @@
-  o Minor bugfixes (DoS mitigation):
-    - Make sure we don't modify consensus parameters if we aren't a public
-      relay when a new consensus arrives. Fixes bug 25223; bugfix on
-      0.3.3.2-alpha.

changes/bug25249

@@ -1,3 +0,0 @@
-  o Minor bugfixes (spec conformance):
-    - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
-      0.2.9.4-alpha.

changes/bug25249.2

@@ -1,3 +0,0 @@
-  o Minor bugfixes (spec conformance):
-    - Forbid UINT32_MAX as a protocol version.  Fixes part of bug 25249;
-      bugfix on 0.2.9.4-alpha.

changes/bug8185_025

@@ -1,6 +0,0 @@
-  o Minor bugfixes (logging, relay shutdown, annoyance):
-    - When a circuit is marked for close, do not attempt to package any cells
-      for channels on that circuit. Previously, we would detect this
-      condition lower in the call stack, when we noticed that the circuit had
-      no attached channel, and log an annoying message. Fixes bug 8185;
-      bugfix on 0.2.5.4-alpha.

changes/diagnose_22752

@@ -1,4 +0,0 @@
-  o Minor features (bug mitigation, diagnostics, logging):
-    - Avoid an assertion failure, and log a better error message,
-      when unable to remove a file from the consensus cache on
-      Windows. Attempts to mitigate and diagnose bug 22752.

changes/geoip-2017-11-06

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-2017-12-06

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
-      Country database.
-

changes/geoip-2018-01-05

@@ -1,4 +0,0 @@
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
-      Country database.
-