Work on the changelog for 0.2.5.3-alpha some more

ChangeLog

@@ -1,135 +1,152 @@
 Changes in version 0.2.5.3-alpha - 2014-03-??
+  Tor 0.2.5.3-alpha includes all the fixes from 0.2.4.21. It contains
+  two new anti-DoS features for Tor nodes, resolves a bug that was
+  keeping SOCKS5 support for IPv6 from working, fixes several annoying
+  usability issues for bridge users, and removes more old
+  code for unused directory formats.
+
+  The Tor 0.2.5.x release series is now in patch-freeze: no feature
+  patches not already written will be considered for inclusion in
+  0.2.5.x.
 
   o Major features (server security, DoS-resistance):
-    - Also consider stream buffer sizes when calculating OOM
-      conditions. Rename MaxMemInCellQueues to MaxMemInQueues. Fixes
+    - When we run out of memory and we need to close circuits, also
+      consider how much memory is allocated in buffers for streams
+      attached to each circuit.
+
+      This change, which extends an anti-DoS feature introduced in
+      0.2.4.13-alpha and improved in 0.2.4.14-alpha, lets Tor exit nodes
+      better resist more memory-based DoS attacks than before. Since the
+      MaxMemInCellQueues option now applies to all queues, not only cell
+      queues, it is now renamed to MaxMemInQueues. This feature fixes
       bug 10169.
     - Avoid hash-flooding denial-of-service attacks by using the secure
-      SipHash-2-4 hash function for our hashtables.  Without this
+      SipHash-2-4 hash function for our hashtables. Without this
       feature, an attacker could degrade performance of a targeted
       client or server by flooding their data structures with a large
       number of data entries all calculated to be stored at the same
-      hash table position, thereby degrading hash table
-      performance. With this feature, hash table positions are derived
-      from a randomized cryptographic key using SipHash-2-4, and an
-      attacker cannot predict which entries will collide.
-      Closes ticket 4900.
+      hash table position, thereby slowing down hash table operations.
+      With this feature, hash table positions are derived from a
+      randomized cryptographic key, and an attacker cannot predict which
+      entries will collide. Closes ticket 4900.
     - Decrease the lower limit of MaxMemInQueues to 256 MBytes, to
-      appease raspberry pi users. Fixes bug 9686.
+      better support Raspberry Pi users. Fixes bug 9686; bugfix on
+      0.2.4.14-alpha.
 
   o Minor features (bridges, pluggable transports):
-    - Bridges write the SHA1 digest of their identity key fingerprint to
-      notice-level logs and to hashed-fingerprint, so that bridge
-      operators can look up their bridge in Globe and similar tools.
+    - Bridges now write the SHA1 digest of their identity key
+      fingerprint (that is, a hash of a hash of their public key) to
+      notice-level logs and to a new hashed-fingerprint file. This will
+      help bridge operatorslook up their bridge in Globe and similar
+      tools. Resolves ticket 10884.
     - Improve the message that gets displayed when Tor as a bridge is
       using pluggable transports but doesn't have an Extended ORPort
-      listener. Furthermore, we now log the message in the log file
-      too. Resolves ticket 11043.
-    - Don't log at warning severity when we refuse to launch a
-      pluggable transport proxy that we don't need. Resolves ticket
+      listener. Also, log the message in the log file too. Resolves
+      ticket 11043.
+    - Stop giving annoying warning messages when we decide not to launch
+      a pluggable transport proxy that we don't need. Resolves ticket
       5018; bugfix on 0.2.5.2-alpha.
 
   o Minor features (other):
-    - Warn the user if they put any ports in the SocksPolicy,
+    - Add a new option, PredictedPortsRelevanceTime, to control how long
+      after having received a request to connect to a given port Tor
+      will try to keep circuits ready in anticipation of future request
+      for that port. Patch from "unixninja92"; implements ticket 9176.
+    - Generate a warning if any ports are listed in the SocksPolicy,
       DirPolicy, AuthDirReject, AuthDirInvalid, AuthDirBadDir, or
-      AuthDirBadExit options. Fixes ticket #11108.
-    - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2 Country
-      database.
-    - Made PREDICTED_CIRCS_RELEVANCE_TIME configurable from config
-      file with a new option, PredictedPortsRelevanceTime. Implements
-      ticket #9176. Patch by unixninja92.
+      AuthDirBadExit options. (These options only support address
+      ranges.) Fixes ticket 11108.
+    - Update geoip and geoip6 to the February 7 2014 Maxmind GeoLite2
+      Country database.
 
   o Minor bugfixes (new since 0.2.5.2-alpha, also in 0.2.4.21):
     - Build without warnings under clang 3.4. (We have some macros that
       define static functions only some of which will get used later in
-      the module. Starting with clang 3.4, these give a warning unless the
-      unused attribute is set on them.) Resolves ticket 10904.
+      the module. Starting with clang 3.4, these give a warning unless
+      the unused attribute is set on them.) Resolves ticket 10904.
     - Fix build warnings about missing "a2x" comment when building the
       manpages from scratch on OpenBSD; OpenBSD calls it "a2x.py".
       Fixes bug 10929; bugfix on 0.2.2.9-alpha. Patch from Dana Koch.
 
   o Minor bugfixes (unit tests)
     - Fix a small bug in the unit tests that might have made the tests
-      call 'chmod' with an uninitialized bitmask.
-      Fixes bug 10928; bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
-
-   o Minor bugfixes (client):
-    - Fix IPv6 support when using the SocksPort with SOCKS5. Using IPv6
-      through a SOCKS5 using the SocksPort option will now work with
-      this fix. This part of the code has never been updated to support
-      IPv6 thus this does not fix a previously introduced regression.
-      Fixes bug 10987; bugfix on 0.2.4.7-alpha.
-    - Fix tor so that it raises a control port warning when we fail to
-      connect to all of our bridges. Fixes bug 11069; bugfix on
+      call 'chmod' with an uninitialized bitmask. Fixes bug 10928;
+      bugfix on 0.2.5.1-alpha. Patch from Dana Koch.
+
+  o Minor bugfixes (client):
+    - Fix connections to IPv6 addresses over SOCKS5; previously, we were
+      generating incorrect SOCKS5 responses, and confusing client
+      applications. Fixes bug 10987; bugfix on 0.2.4.7-alpha.
+    - Raises a control port warning when we fail to connect to all of
+      our bridges. Previously, we didn't let the controller know, which
+      would make the bootstrap process stall. Fixes bug 11069; bugfix on
       tor-0.2.1.2-alpha.
-    - Fix a bug where we would attempt to connect to bridges before
-      our pluggable transports were configured, which resulted in some
-      erroneous log messages. Fixes bug 11156; bugfix on
-      0.2.3.2-alpha.
-    - Exit immediately when exiting because of dropped connection from
-      a process-owning controller. Previously, if we were running in
-      server mode, we would wait for a little while as in the when we
-      got an INT signal--but this was problematic, since there was no
-      feedback for the user. Controllers that want to do a clean
-      shutdown should send an INT signal, and let the user know what's
-      going on. Fix for bug 10449; bugfix on 0.2.2.28-beta.
-    - Log an improved message when excluding hidden service directory
-      nodes prevents a hidden service from working.
-      Improves on our fix for bug #10722, which was a bugfix on
-      0.2.0.10-alpha.
+    - Exit immediately when a process-owning controller exits.
+      Previously, tor relays would wait for a little while after their
+      controller exited, as if they had gotten an INT signal-- but this
+      was problematic, since there was no feedback for the
+      user. Controllers that want to do a clean shutdown should send an
+      INT signal to let the user know what's going on. Fix for bug
+      10449; bugfix on 0.2.2.28-beta.
+    - Improve the log message when we can't connect to a hidden service
+      because we have excluded all of the hidden service directory nodes
+      hosting its descriptor. Improves on our fix for bug 10722, which
+      was a bugfix on 0.2.0.10-alpha.
+    - Fix a bug where we would attempt to connect to bridges before our
+      pluggable transports were configured, which resulted in some
+      erroneous log messages. Fixes bug 11156; bugfix on 0.2.3.2-alpha.
 
   o Minor bugfixes (servers):
     - Non-exit servers no longer launch mock DNS requests to check for
-      DNS hijacking.  This has been unnecessary since 0.2.1.7-alpha,
-      when non-exit servers stopped servicing DNS requests. Fixes bug
-      965; bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
+      DNS hijacking. This has been unnecessary since 0.2.1.7-alpha, when
+      non-exit servers stopped servicing DNS requests. Fixes bug 965;
+      bugfix on 0.2.1.7-alpha. Patch from Matt Pagan.
     - Avoid crashing on a malformed resolv.conf file when running a
       server using Libevent 1. Fixes bug 8788; bugfix on 0.1.1.23.
-    - Give the correct URL in the warning message that we present
-      when the user is trying to run a Tor relay on an ancient version
-      of Windows. Fixes bug 9393.
-    - Bridges now never collect statistics that were designed for relays.
-      Fix for bug 5824; bugfix on 0.2.3.8-alpha.
-    - Bridges now report complete directory request statistics. Related to
-      bug 5824; bugfix on 0.2.2.1-alpha.
+    - Give the correct URL in the warning message that we present when
+      trying to run a Tor relay on an ancient version of Windows. Fixes
+      bug 9393.
+    - Bridges now never collect statistics that were designed for
+      relays. Fix for bug 5824; bugfix on 0.2.3.8-alpha.
+    - Bridges now report complete directory request statistics. Related
+      to bug 5824; bugfix on 0.2.2.1-alpha.
 
   o Minor bugfixes (backtrace support):
-    - Build using the -fasynchronous-unwind-tables option so that more
-      platforms (in particular, ones like 32-bit Intel where the
-      -fomit-frame-pointer option is on by default and table
-      generation is not) will support generating backtraces. This
-      doesn't yet add Windows support yet; only Linux, OSX, and some BSD
-      are affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix
-      on 0.2.5.2-alpha.
-    - Avoid strange behavior if two threads hit failed asswertions
-      at the same time and both try to log backtraces at
-      once. (Previously, if this had happened, both threads would
-      have stored their intermediate results in the same buffer, and
-      generated junk outputs.) Reported by "cypherpunks". Fixes bug
-      11048; bugfix on 0.2.5.2-alpha.
-    - Fix a 64-to-32-conversion warning in format_number_sigsafe().
-      Bugfix on 0.2.5.2-alpha; patch from Nick Hopper.
+    - Support automatic backtraces on more platforms by using the
+      -fasynchronous-unwind-tables compiler option. This option is
+      needed for platforms like 32-bit Intel where -fomit-frame-pointer
+      is on by default and table generation is not. This doesn't yet
+      add Windows support yet; only Linux, OSX, and some BSD are
+      affected. Reported by 'cypherpunks'; fixes bug 11047; bugfix on
+      0.2.5.2-alpha.
+    - Avoid strange behavior if two threads hit failed assertions at the
+      same time and both try to log backtraces at once. (Previously, if
+      this had happened, both threads would have stored their
+      intermediate results in the same buffer, and generated junk
+      outputs.) Reported by "cypherpunks". Fixes bug 11048; bugfix on
+      0.2.5.2-alpha.
+    - Fix a 64-to-32-conversion compiler warning in
+      format_number_sigsafe(). Bugfix on 0.2.5.2-alpha; patch from Nick
+      Hopper.
 
   o Removed code:
-    - Remove all code for hidden service authorities to accept and serve
-      version 0 descriptors and left-over code for hidden services and
-      hidden service clients to upload and fetch version 0 descriptors.
-      Version 0 descriptors are not in use anymore since 0.2.2.1-alpha.
-      Fixes the rest of bug 10841.
+    - Remove all remaining code related to version-0 hidden service
+      descriptors: they have not been in use since 0.2.2.1-alpha. Fixes
+      the rest of bug 10841.
 
   o Documentation:
     - Explain that SocksPolicy, DirPolicy, and their allies don't take
-      port arguments. Fixes ticket #11108.
+      port arguments. Fixes ticket 11108.
     - Fix the max client name length in the manpage's description of
-      HiddenServiceAuthorizeClient description: it should have been
-      16, not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
+      HiddenServiceAuthorizeClient description: it should have been 16,
+      not 19. Fixes bug 11118; bugfix on 0.2.1.6-alpha.
     - Document in the manpage that "KBytes" may also be written as
       "kilobytes" or "KB", that "Kbits" may also be written as
-      "kilobits", and so forth. Closes ticket #9222.
+      "kilobits", and so forth. Closes ticket 9222.
     - Fix a comment about the rend_server_descriptor_t.protocols field
-      to more accurately describe its range. Also, make that
-      field unsigned, to more accurately reflect its usage.
-      Fixes bug 9099; bugfix on 0.2.1.5-alpha.
+      to more accurately describe its range. Also, make that field
+      unsigned, to more accurately reflect its usage. Fixes bug 9099;
+      bugfix on 0.2.1.5-alpha.
 
   o Code simplifications and refactoring:
     - Get rid of router->address, since in all cases it was just the
@@ -137,10 +154,9 @@ Changes in version 0.2.5.3-alpha - 2014-03-??
 
   o Test infrastructure:
     - Update to the latest version of tinytest.
-    - Improve the tinytest implementation of string operation tests
-      so that comparisons NULL strings no longer crash the tests;
-      they now just fail, normally. Fixes bug 9004; bugfix on
-      0.2.2.4-alpha.
+    - Improve the tinytest implementation of string operation tests so
+      that comparisons NULL strings no longer crash the tests; they now
+      just fail, normally. Fixes bug 9004; bugfix on 0.2.2.4-alpha.
 
 
 Changes in version 0.2.4.21 - 2014-02-28