Start on the 0.2.5.5-alpha changelog.

I've copied the entries from changes/, labeled the ones that also
appeared in 0.2.4.22, sorted them lightly with a python script
(added to maint), and combined sections with the same name.

I didn't combine sections without a description (e.g. "Minor
bugfixes:"), since we'll probably add a description to those.

ChangeLog

@@ -1,4 +1,243 @@
-Changes in version 0.2.5.5-alpha - 2014-05-??
+Changes in version 0.2.5.5-alpha - 2014-06-??
+  Write a blurb here.
+
+  o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
+    - Fix a memory leak that could occur if a microdescriptor parse
+      fails during the tokenizing step. This bug could enable a memory
+      exhaustion attack by directory servers. Fixes bug 11649; bugfix
+      on 0.2.2.6-alpha.
+
+  o Major bugfixes (relay):
+    - When uploading to the directory authorities, use a direct dirport
+      connection if we are a uploading an ordinary, non-anonymous directory
+      object. Previously, relays would used tunnel connections under a
+      fairly wide variety of circumstances. Fixes bug 11469; bugfix on
+      0.2.4.3-alpha.
+
+  o Major security fixes (directory authorities):
+    - Directory authorities now include a digest of each relay's
+      identity key as a part of its microdescriptor.
+
+      This is a workaround for bug #11743 (reported by "cypherpunks"),
+      where Tor clients do not
+      support receiving multiple microdescriptors with the same SHA256
+      digest in the same consensus. When clients receive a consensus
+      like this, they only use one of the relays. Without this fix, a
+      hostile relay could selectively disable some client use of target
+      relays by constucting a router descriptor with a different
+      identity and the same microdescriptor parameters and getting the
+      authorities to list it in a microdescriptor consensus. This fix
+      prevents an attacker from causing a microdescriptor collision,
+      because the router's identity is not forgeable.
+
+  o Minor features (diagnostic):
+    - When logging a warning because of bug #7164, additionally check the
+      hash table for consistency (as proposed on ticket #11737). This may
+      help diagnose bug #7164.
+    - When we log a heartbeat, log how many one-hop circuits we have that
+      are at least 30 minutes old, and log status information about a
+      few of them. This is an attempt to track down bug 8387.
+
+  o Minor features (security):
+    - Apply the secure SipHash-2-4 function to the hash table mapping
+      circuit IDs and channels to circuits. We missed this one when we
+      were converting all the other hash functions to use SipHash back
+      in 0.2.5.3-alpha. Resolves ticket 11750.
+
+  o Minor features:
+    - Add a systemd service file (tor.service) that can be installed by
+      Linux distributions that make use of the systemd init daemon.
+      Fixes bug 8368.
+
+  o Minor features:
+    - Give more specific warnings when we notice at the client side that
+      an onion handshake has failed. Fixes ticket 9635.
+
+  o Minor features:
+    - The configure script has a --disable-seccomp option to turn off
+      support for libseccomp on systems that have it, in case it (or
+      Tor's use of it) is broken. Resolves ticket 11628.
+
+  o Minor features:
+    - When we encounter an unexpected CR in text that we're trying to
+      write to a file on Windows, log the name of the file.  Should help
+      diagnosing bug 11233.
+
+  o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22):
+    - When running a hidden service, do not allow TunneledDirConns 0;
+      this will keep the hidden service from running, and also
+      make it publish its descriptors directly over HTTP. Fixes bug 10849;
+      bugfix on 0.2.1.1-alpha.
+
+  o Minor bugfixes (compilation):
+    - Fix compilation of test_status.c when building with MVSC.
+      Bugfix on 0.2.5.4-alpha. Patch from Gisle Vanem.
+    - Resolve GCC complaints on OpenBSD about discarding constness in
+      TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix on
+      0.1.1.23. Patch from Dana Koch.
+    - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
+      treatment of long and time_t as comparable types. Fixes part of bug 11633.
+      Patch from Dana Koch.
+
+  o Minor bugfixes (build):
+    - When deciding whether to build the 64-bit curve25519 implementation,
+      detect platforms where we can compile 128-bit arithmetic but cannot
+      link it. Fixes bug 11729; bugfix on 0.2.4.8-alpha. Patch
+      from "conradev".
+
+  o Minor bugfixes (Directory server):
+    - When sending a compressed set of descriptors or microdescriptors,
+      make sure to finalize the zlib stream. Previously, we would write
+      all the compressed data, but if the last descriptor we wanted to
+      send was missing or too old, we would not mark the stream as
+      finished. This caused problems for decompression tools. Fixes bug
+      11648; bugfix on 0.1.1.23.
+
+  o Minor bugfixes (dmalloc):
+    - Fix compilation with dmalloc. Fixes bug 11605; bugfix on 0.2.4.10-alpha.
+
+  o Minor bugfixes (documentation):
+    - Correct the documenation so that it lists the correct directories
+      for the stats files.  (They are in a subdirectory called "stats",
+      not "status".)
+
+  o Minor bugfixes (linux seccomp sandbox)
+    - Make the seccomp sandbox code compile with ARM linux. Fixes bug
+      11622; bugfix on 0.2.5.1-alpha.
+    - Avoid crashing when re-opening listener ports with the seccomp
+      sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
+    - Avoid crashing with the seccomp sandbox enabled along with
+      ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha.
+    - When we receive a SIGHUP with the sandbox enabled, correctly
+      support rotating our log files. Fixes bug 12032; bugfix on
+      0.2.5.1-alpha.
+    - Avoid crash when running with sandboxing enabled and
+      DirReqStatistics not disabled. Fixes bug 12035; bugfix on
+      0.2.5.1-alpha.
+    - Fix a "BUG" warning when trying to write bridge-stats files with
+      the Linux syscall sandbox filter enabled. Fixes bug 12041;
+      bugfix on 0.2.5.1-alpha.
+    - Prevent the sandbox from crashing on startup when run with the
+      --enable-expensive-hardening configuration option. Fixes bug
+      11477; bugfix on 0.2.5.4-alpha.
+    - When running with DirPortFrontPage and Sandbox both enabled, reload
+      the DirPortFrontPage correctly when restarting. Fixes bug 12028;
+      bugfix on 0.2.5.1-alpha.
+    - Don't try to enable the sandbox when using the Tor binary to
+      check its configuration, hash a passphrase, or so on. Doing
+      so was crashing on startup for some users. Fixes bug 11609;
+      bugfix on 0.2.5.1-alpha.
+    - Avoid warnings when running with sandboxing and node statistics
+      enabled at the same time.
+      Fixes part of 12064; bugfix on 0.2.5.1-alpha. Patch from Michael Wolf.
+    - Avoid warnings when running with sandboxing enabled at the same
+      time as cookie authentication, hidden services or directory
+      authority voting.  Fixes part of 12064; bugfix on 0.2.5.1-alpha.
+    - Do not allow options which would require us to call exec to be
+      enabled along with the seccomp2 sandbox: they will inevitably
+      crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha.
+    - Handle failures in getpwnam()/getpwuid() when running with the
+      User option set and the Linux syscall sandbox enabled. Fixes bug
+      11946; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (pluggable transports):
+    - Enable the ExtORPortCookieAuthFile option, to allow changing the
+      default location of the authentication token for the extended OR Port
+      as used by sever-side pluggable transports. We had implemented this
+      option before, but the code to make it settable had been omitted.
+      Fixes bug 11635; bugfix on 0.2.5.1-alpha.
+
+  o Minor bugfixes (testing):
+    - The Python parts of the test scripts now work on Python 3 as well
+      as Python 2, so systems where '/usr/bin/python' is Python 3 will
+      no longer have the tests break. Fixes bug 11608; bugfix on
+      0.2.5.2-alpha.
+    - When looking for versions of python that we could run the tests
+      with, check for "python2.7" and "python3.3"; previously we were
+      only looking for "python", "python2", and "python3". Patch from
+      Dana Koch. Fixes bug 11632; bugfix on 0.2.5.2-alpha.
+
+  o Minor bugfixes (tor-fw-helper):
+    - Give a correct log message when tor-fw-helper fails to launch.
+      (Previously, we would say something like "tor-fw-helper sent us a
+      string we could not parse".) Fixes bug 9781; bugfix on 0.2.4.2-alpha.
+
+  o Minor bugfixes:
+    - Avoid another 60-second delay when starting Tor in a
+      pluggable-transport-using configuration when we already have
+      cached descriptors for our bridges. Fixes bug 11965; bugfix on
+      0.2.3.6-alpha.
+
+  o Minor bugfixes:
+    - Check return code on spawn_func() in cpuworker code, so that we don't
+      think we've spawned a nonworking cpuworker and write junk to it
+      forever. Fix related to bug 4345; bugfix on all released Tor versions.
+      Found by "skruffy".
+    - Use a pthread_attr to make sure that spawn_func() cannot return
+      an error while at the same time launching a thread. Fix related
+      to bug 4345; bugfix on all released Tor versions. Reported by
+      "cypherpunks".
+
+  o Minor bugfixes:
+    - Correctly detect the total available system memory. We tried to do this
+      in 0.2.5.4-alpha, but the code was set up to always return an error
+      value, even on success.
+      Fixes bug 11805; bugfix on 0.2.5.4-alpha.
+
+  o Minor bugfixes:
+    - Fix a broken log message about delayed directory fetches that
+      was caused by a misuse of strlcpy(). Fixes bug 11654; bugfix on
+      0.2.5.3-alpha.
+
+  o Minor bugfixes:
+    - Fix all valgrind warnings produced by the unit tests. There were
+      over a thousand memory leak warnings previously, mostly produced
+      by forgetting to free things in the unit test code.  Fixes bug
+      11618, bugfixes on many versions of Tor.
+
+  o Minor bugfixes:
+    - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
+      bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
+
+  o Minor bugfixes:
+    - Make Tor compile correctly with --disable-buf-freelists.
+      Fixes bug 11623; bugfix on 0.2.5.3-alpha.
+
+  o Bugfixes:
+    - Add configure options controlling allocator tricks like mempools and
+      freelists, and turn them off by default; on most platforms malloc is
+      reasonable enough for this not to be necessary, and a similar feature
+      in OpenSSL exacerbated Heartbleed.  Fixes bug #11476.
+
+  o Distribution:
+    - Include a tor.service file in contrib.dist for use with
+      systemd. Some distributions will be able to use this file unmodified;
+      others will need to tweak it, or write their own. Patch from
+      Jamie Nguyen; resolves ticket 8368.
+
+  o Documentation:
+    - Clean up several option names in the manpage to match their real
+      names, add the missing documentation for a couple of testing and
+      directory authority options, remove the documentation for a
+      V2-directory fetching option that no longer exists. Resolves
+      ticket 11634.
+
+  o Package cleanup:
+    - The contrib directory has been sorted and tidy. Before, it was an
+      unsorted dumping ground for useful and not-so-useful things. Now,
+      it has been divided based on functionality, and the items which
+      seemed to be nonfunctional or useless have been removed. Resolves
+      ticket 8966; based on patches from "rl1987".
+
+  o Removed code:
+    - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
+      and MTBF calculations, but that nobody was using. Fixes #11742.
+    - The TunnelDirConns and PreferTunnelledDirConns options no longer
+      exist; tunneled directory connections have been available since
+      0.1.2.5-alpha, and turning them off is not a good idea. This is a
+      brute-force fix for 10849, where "TunnelDirConns 0" would break
+      hidden services.
+
 
 
 Changes in version 0.2.4.22 - 2014-05-16

changes/11622

@@ -1,3 +0,0 @@
-  o Minor bugfixes (linux seccomp sandbox)
-    - Make the seccomp sandbox code compile with ARM linux. Fixes bug
-      11622; bugfix on 0.2.5.1-alpha.

changes/12032

@@ -1,4 +0,0 @@
-  o Minor bugfixes (linux syscall sandbox):
-    - Avoid crash when running with sandboxing enabled and
-      DirReqStatistics not disabled. Fixes bug 12035; bugfix on
-      0.2.5.1-alpha.

changes/bug10849_023

@@ -1,6 +0,0 @@
-  o Major bugfixes:
-    - When running a hidden service, do not allow TunneledDirConns 0;
-      this will keep the hidden service from running, and also
-      make it publish its descriptors directly over HTTP. Fixes bug 10849;
-      bugfix on 0.2.1.1-alpha.
-

changes/bug10849_025

@@ -1,6 +0,0 @@
-  o Removed code:
-    - The TunnelDirConns and PreferTunnelledDirConns options no longer
-      exist; tunneled directory connections have been available since
-      0.1.2.5-alpha, and turning them off is not a good idea. This is a
-      brute-force fix for 10849, where "TunnelDirConns 0" would break
-      hidden services.

changes/bug11233

@@ -1,4 +0,0 @@
-  o Minor features:
-    - When we encounter an unexpected CR in text that we're trying to
-      write to a file on Windows, log the name of the file.  Should help
-      diagnosing bug 11233.

changes/bug11469

@@ -1,6 +0,0 @@
-  o Major bugfixes (relay):
-    - When uploading to the directory authorities, use a direct dirport
-      connection if we are a uploading an ordinary, non-anonymous directory
-      object. Previously, relays would used tunnel connections under a
-      fairly wide variety of circumstances. Fixes bug 11469; bugfix on
-      0.2.4.3-alpha.

changes/bug11476

@@ -1,5 +0,0 @@
-  o Bugfixes:
-    - Add configure options controlling allocator tricks like mempools and
-      freelists, and turn them off by default; on most platforms malloc is
-      reasonable enough for this not to be necessary, and a similar feature
-      in OpenSSL exacerbated Heartbleed.  Fixes bug #11476.

changes/bug11477

@@ -1,4 +0,0 @@
-  o Minor bugfixes (linux syscall sandbox):
-    - Prevent the sandbox from crashing on startup when run with the
-      --enable-expensive-hardening configuration option. Fixes bug
-      11477; bugfix on 0.2.5.4-alpha.

changes/bug11605

@@ -1,2 +0,0 @@
-  o Minor bugfixes (dmalloc):
-    - Fix compilation with dmalloc. Fixes bug 11605; bugfix on 0.2.4.10-alpha.

changes/bug11608

@@ -1,5 +0,0 @@
-  o Minor bugfixes (testing):
-    - The Python parts of the test scripts now work on Python 3 as well
-      as Python 2, so systems where '/usr/bin/python' is Python 3 will
-      no longer have the tests break. Fixes bug 11608; bugfix on
-      0.2.5.2-alpha.

changes/bug11609

@@ -1,5 +0,0 @@
-  o Minor bugfixes (sandbox):
-    - Don't try to enable the sandbox when using the Tor binary to
-      check its configuration, hash a passphrase, or so on. Doing
-      so was crashing on startup for some users. Fixes bug 11609;
-      bugfix on 0.2.5.1-alpha.

changes/bug11618

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Fix all valgrind warnings produced by the unit tests. There were
-      over a thousand memory leak warnings previously, mostly produced
-      by forgetting to free things in the unit test code.  Fixes bug
-      11618, bugfixes on many versions of Tor.

changes/bug11623

@@ -1,3 +0,0 @@
-  o Minor bugfixes:
-    - Make Tor compile correctly with --disable-buf-freelists.
-      Fixes bug 11623; bugfix on 0.2.5.3-alpha.

changes/bug11628

@@ -1,4 +0,0 @@
-  o Minor features:
-    - The configure script has a --disable-seccomp option to turn off
-      support for libseccomp on systems that have it, in case it (or
-      Tor's use of it) is broken. Resolves ticket 11628.

changes/bug11632

@@ -1,5 +0,0 @@
-  o Minor bugfixes (testing):
-    - When looking for versions of python that we could run the tests
-      with, check for "python2.7" and "python3.3"; previously we were
-      only looking for "python", "python2", and "python3". Patch from
-      Dana Koch. Fixes bug 11632; bugfix on 0.2.5.2-alpha.

changes/bug11633_part1

@@ -1,4 +0,0 @@
-  o Minor bugfixes (build):
-    - Resolve GCC complaints on OpenBSD about discarding constness in
-      TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix on
-      0.1.1.23. Patch from Dana Koch.

changes/bug11633_part2

@@ -1,4 +0,0 @@
-  o Minor bugfixes (build):
-    - Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
-      treatment of long and time_t as comparable types. Fixes part of bug 11633.
-      Patch from Dana Koch.

changes/bug11634

@@ -1,6 +0,0 @@
-  o Documentation:
-    - Clean up several option names in the manpage to match their real
-      names, add the missing documentation for a couple of testing and
-      directory authority options, remove the documentation for a
-      V2-directory fetching option that no longer exists. Resolves
-      ticket 11634.

changes/bug11635

@@ -1,6 +0,0 @@
-  o Minor bugfixes (pluggable transports):
-    - Enable the ExtORPortCookieAuthFile option, to allow changing the
-      default location of the authentication token for the extended OR Port
-      as used by sever-side pluggable transports. We had implemented this
-      option before, but the code to make it settable had been omitted.
-      Fixes bug 11635; bugfix on 0.2.5.1-alpha.

changes/bug11648

@@ -1,8 +0,0 @@
-  o Minor bugfixes (Directory server):
-    - When sending a compressed set of descriptors or microdescriptors,
-      make sure to finalize the zlib stream. Previously, we would write
-      all the compressed data, but if the last descriptor we wanted to
-      send was missing or too old, we would not mark the stream as
-      finished. This caused problems for decompression tools. Fixes bug
-      11648; bugfix on 0.1.1.23.
-

changes/bug11654

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Fix a broken log message about delayed directory fetches that
-      was caused by a misuse of strlcpy(). Fixes bug 11654; bugfix on
-      0.2.5.3-alpha.

changes/bug11729

@@ -1,5 +0,0 @@
-  o Minor bugfixes (build):
-    - When deciding whether to build the 64-bit curve25519 implementation,
-      detect platforms where we can compile 128-bit arithmetic but cannot
-      link it. Fixes bug 11729; bugfix on 0.2.4.8-alpha. Patch
-      from "conradev".

changes/bug11737_diagnostic

@@ -1,5 +0,0 @@
-  o Minor features (diagnostic):
-    - When logging a warning because of bug #7164, additionally check the
-      hash table for consistency (as proposed on ticket #11737). This may
-      help diagnose bug #7164.
-

changes/bug11742

@@ -1,4 +0,0 @@
-  o Removed code:
-    - Remove /tor/dbg-stability.txt URL that was meant to help debug WFU
-      and MTBF calculations, but that nobody was using. Fixes #11742.
-

changes/bug11743

@@ -1,16 +0,0 @@
-  o Major security fixes (directory authorities):
-
-    - Directory authorities now include a digest of each relay's
-      identity key as a part of its microdescriptor.
-
-      This is a workaround for bug #11743 (reported by "cypherpunks"),
-      where Tor clients do not
-      support receiving multiple microdescriptors with the same SHA256
-      digest in the same consensus. When clients receive a consensus
-      like this, they only use one of the relays. Without this fix, a
-      hostile relay could selectively disable some client use of target
-      relays by constucting a router descriptor with a different
-      identity and the same microdescriptor parameters and getting the
-      authorities to list it in a microdescriptor consensus. This fix
-      prevents an attacker from causing a microdescriptor collision,
-      because the router's identity is not forgeable.

changes/bug11750

@@ -1,5 +0,0 @@
-  o Minor features (security):
-    - Apply the secure SipHash-2-4 function to the hash table mapping
-      circuit IDs and channels to circuits. We missed this one when we
-      were converting all the other hash functions to use SipHash back
-      in 0.2.5.3-alpha. Resolves ticket 11750.

changes/bug11761

@@ -1,4 +0,0 @@
-  o Minor bugfixes:
-    - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
-      bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
-

changes/bug11805

@@ -1,5 +0,0 @@
-  o Minor bugfixes:
-    - Correctly detect the total available system memory. We tried to do this
-      in 0.2.5.4-alpha, but the code was set up to always return an error
-      value, even on success.
-      Fixes bug 11805; bugfix on 0.2.5.4-alpha. 

changes/bug11946

@@ -1,5 +0,0 @@
-  o Minor bugfixes (sandbox):
-
-    - Handle failures in getpwnam()/getpwuid() when running with the
-      User option set and the Linux syscall sandbox enabled. Fixes bug
-      11946; bugfix on 0.2.5.1-alpha.

changes/bug11965

@@ -1,6 +0,0 @@
-  o Minor bugfixes:
-
-    - Avoid another 60-second delay when starting Tor in a
-      pluggable-transport-using configuration when we already have
-      cached descriptors for our bridges. Fixes bug 11965; bugfix on
-      0.2.3.6-alpha.

changes/bug12028

@@ -1,5 +0,0 @@
-  o Minor bugfixes (linux syscall sandbox):
-    - When running with DirPortFrontPage and Sandbox both enabled, reload
-      the DirPortFrontPage correctly when restarting. Fixes bug 12028;
-      bugfix on 0.2.5.1-alpha.
-

changes/bug12032

@@ -1,4 +0,0 @@
-  o Minor bugfixes (Linux syscall sandbox):
-    - When we receive a SIGHUP with the sandbox enabled, correctly
-      support rotating our log files. Fixes bug 12032; bugfix on
-      0.2.5.1-alpha.

changes/bug12041

@@ -1,5 +0,0 @@
-  o Minor bugfixes (linux syscall sandbox):
-    - Fix a "BUG" warning when trying to write bridge-stats files with
-      the Linux syscall sandbox filter enabled. Fixes bug 12041;
-      bugfix on 0.2.5.1-alpha.
-

changes/bug12043

@@ -1,4 +0,0 @@
-  o Minor bugfixes (linux syscall sandboxing):
-    - Do not allow options which would require us to call exec to be
-      enabled along with the seccomp2 sandbox: they will inevitably
-      crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha.

changes/bug12064_part1

@@ -1,4 +0,0 @@
-  o Minor bugfixes (seccomp sandbox):
-    - Avoid warnings when running with sandboxing and node statistics
-      enabled at the same time.
-      Fixes part of 12064; bugfix on 0.2.5.1-alpha. Patch from Michael Wolf.

changes/bug12064_part2

@@ -1,5 +0,0 @@
-  o Minor bugfixes (seccomp sandbox):
-    - Avoid warnings when running with sandboxing enabled at the same
-      time as cookie authentication, hidden services or directory
-      authority voting.  Fixes part of 12064; bugfix on 0.2.5.1-alpha.
-

changes/bug12115

@@ -1,3 +0,0 @@
-  o Minor bugfixes (linux seccomp sandbox):
-    - Avoid crashing when re-opening listener ports with the seccomp
-      sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.

changes/bug12139

@@ -1,4 +0,0 @@
-  o Minor bugfixes (linux seccomp sandbox):
-    - Avoid crashing with the seccomp sandbox enabled along with
-      ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha.
-

changes/bug4345

@@ -1,10 +0,0 @@
-  o Minor bugfixes:
-    - Check return code on spawn_func() in cpuworker code, so that we don't
-      think we've spawned a nonworking cpuworker and write junk to it
-      forever. Fix related to bug 4345; bugfix on all released Tor versions.
-      Found by "skruffy".
-
-    - Use a pthread_attr to make sure that spawn_func() cannot return
-      an error while at the same time launching a thread. Fix related
-      to bug 4345; bugfix on all released Tor versions. Reported by
-      "cypherpunks".

changes/bug8368

@@ -1,4 +0,0 @@
-  o Minor features:
-    - Add a systemd service file (tor.service) that can be installed by
-      Linux distributions that make use of the systemd init daemon.
-      Fixes bug 8368.

changes/bug9635

@@ -1,3 +0,0 @@
-  o Minor features:
-    - Give more specific warnings when we notice at the client side that
-      an onion handshake has failed. Fixes ticket 9635.

changes/bug9781

@@ -1,5 +0,0 @@
-  o Minor bugfixes (tor-fw-helper):
-
-    - Give a correct log message when tor-fw-helper fails to launch.
-      (Previously, we would say something like "tor-fw-helper sent us a
-      string we could not parse".) Fixes bug 9781; bugfix on 0.2.4.2-alpha.

changes/diagnose_8387

@@ -1,4 +0,0 @@
-  o Minor features (diagnostic):
-    - When we log a heartbeat, log how many one-hop circuits we have that
-      are at least 30 minutes old, and log status information about a
-      few of them. This is an attempt to track down bug 8387.

changes/md_leak_bug

@@ -1,5 +0,0 @@
-  o Major bugfixes (security, OOM)
-    - Fix a memory leak that could occur if a microdescriptor parse
-      fails during the tokenizing step. This could enable a memory
-      exhaustion attack by directory servers. Fixes bug #11649; bugfix
-      on 0.2.2.6-alpha.

changes/msvc_fix

@@ -1,3 +0,0 @@
-  o Minor bugfixes (build):
-    - Fix compilation of test_status.c when building with MVSC.
-      Bugfix on 0.2.5.4-alpha. Patch from Gisle Vanem.

changes/stats_not_status

@@ -1,4 +0,0 @@
-  o Minor bugfixes (documentation):
-    - Correct the documenation so that it lists the correct directories
-      for the stats files.  (They are in a subdirectory called "stats",
-      not "status".)

changes/ticket8368

@@ -1,5 +0,0 @@
-  o Distribution:
-    - Include a tor.service file in contrib.dist for use with
-      systemd. Some distributions will be able to use this file unmodified;
-      others will need to tweak it, or write their own. Patch from
-      Jamie Nguyen; resolves ticket 8368.

changes/ticket8966

@@ -1,7 +0,0 @@
-  o Package cleanup:
-    - The contrib directory has been sorted and tidy. Before, it was an
-      unsorted dumping ground for useful and not-so-useful things. Now,
-      it has been divided based on functionality, and the items which
-      seemed to be nonfunctional or useless have been removed. Resolves
-      ticket 8966; based on patches from "rl1987".
-

scripts/maint/sortChanges.py

@@ -0,0 +1,40 @@
+#!/usr/bin/python
+
+import re
+import sys
+
+def fetch(fn):
+    with open(fn) as f:
+        s = f.read()
+        s = "%s\n" % s.rstrip()
+        return s
+
+def score(s):
+    m = re.match(r'^ +o (.*)', s)
+    if not m:
+        print >>sys.stderr, "Can't score %r"%s
+    lw = m.group(1).lower()
+    if lw.startswith("major feature"):
+        score = 0
+    elif lw.startswith("major bug"):
+        score = 1
+    elif lw.startswith("major"):
+        score = 2
+    elif lw.startswith("minor feature"):
+        score = 10
+    elif lw.startswith("minor bug"):
+        score = 11
+    elif lw.startswith("minor"):
+        score = 12
+    else:
+        score = 100
+
+    return (score,  lw, s)
+
+
+changes = [ score(fetch(fn)) for fn in sys.argv[1:] if not fn.endswith('~') ]
+
+changes.sort()
+
+for _, _, s in changes:
+    print s