Edit 0.2.5.5-alpha changelog for terseness and grammar.

ChangeLog

@@ -1,23 +1,22 @@
 Changes in version 0.2.5.5-alpha - 2014-06-1?
-  Write a blurb here.
+  Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
+  0.2.5.x release series, including a couple of DoS issues, some performance
+  regressions, and a large number of bugs affecting the Linux
+  seccomp2 sandbox code, and various other bugfixes. It also adds diagnostic
+  bugfixes for a few tricky issues that we're trying to track down.
 
   o Major features (security, traffic analysis resistance):
-    - Increase the base amount of time that a canonical connection (one
-      that we have made to a known OR) is allowed to stay idle from 3
-      minutes to 15 minutes. This leaks less information about when
-      circuits have closed, and avoids unnecessary overhead from
-      renegotiating connections. Part of a fix for ticket 6799.
-    - Instead of closing connections after they have been idle for a
-      fixed interval, randomly add up to 50% to each connection's
-      maximum timeout. This makes it harder to tell when the last
-      circuit closed by looking at when a connection closes. Part of a
-      fix for ticket 6799.
-    - Base connection idleness tests on the actual time elapsed since
-      the connection last had circuits, not on the time when we last
-      added non-padding. This change also makes it harder for an
-      observer to tell when the last circuit closed by looking at when a
-      connection closes. Part of a fix for ticket 6799. Incidentally
-      fixes bug 12023; bugfix on 0.2.5.1-alpha.
+    - Several major improvements to the algorithm used to decide
+      when to close TLS connections. Previous versions of Tor closed connections
+      at a fixed interval after the last time a non-padding cell was sent
+      over the connection, regardless of the target of the connection. Now,
+      we randomize the intervals by adding up to 50% of their base value,
+      we measure the length of time since connection last had at least one
+      circuit, and we we allow connections to known ORs to remain open a
+      little longer (15 minutes instead of 3 minutes minimum). These changes
+      should improve Tor's resistance against some kinds of traffic analysis,
+      and lower some overhead from needlessly closed connections. Fixes
+      ticket 6799. Incidentally fixes ticket 12023; bugfix on 0.2.5.1-alpha.
 
   o Major bugfixes (security, OOM, new since 0.2.5.4-alpha, also in 0.2.4.22):
     - Fix a memory leak that could occur if a microdescriptor parse
@@ -25,23 +24,11 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
       exhaustion attack by directory servers. Fixes bug 11649; bugfix
       on 0.2.2.6-alpha.
 
-  o Major bugfixes (relay):
-    - When uploading to the directory authorities, use a direct dirport
-      connection if we are a uploading an ordinary, non-anonymous
-      directory object. Previously, relays would used tunnel connections
-      under a fairly wide variety of circumstances. Fixes bug 11469;
-      bugfix on 0.2.4.3-alpha.
-    - When a circuit accidentally has the same circuit ID for its
-      forward and reverse direction, correctly detect the direction of
-      cells using that circuit. Previously, this would have made roughly
-      one circuit in a million non-functional. Fixes bug 12195; this is
-      a bugfix on every version of Tor.
-
   o Major bugfixes (security, directory authorities):
     - Directory authorities now include a digest of each relay's
       identity key as a part of its microdescriptor.
 
-      This is a workaround for bug #11743 (reported by "cypherpunks"),
+      This is a workaround for bug 11743 (reported by "cypherpunks"),
       where Tor clients do not support receiving multiple
       microdescriptors with the same SHA256 digest in the same
       consensus. When clients receive a consensus like this, they only
@@ -53,36 +40,49 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
       attacker from causing a microdescriptor collision, because the
       router's identity is not forgeable.
 
+  o Major bugfixes (relay):
+    - Use a direct dirport connection when uploading non-anonymous descriptors to the directory authorities.
+      object. Previously, relays would incorrectly use tunnel connections
+      under a fairly wide variety of circumstances. Fixes bug 11469; bugfix
+      on 0.2.4.3-alpha.
+    - When a circuit accidentally has the same circuit ID for its
+      forward and reverse direction, correctly detect the direction of
+      cells using that circuit. Previously, this bug made roughly
+      one circuit in a million non-functional. Fixes bug 12195; this is
+      a bugfix on every version of Tor.
+
   o Major bugfixes (client, pluggable transports):
     - When managing pluggable transports, use OS notification facilities
-      to learn if they have crashed, and do not attempt to kill any
-      process that has already exited. Fix for bug 8746; bugfix
+      to learn if they have crashed, and don't attempt to kill any
+      process that has already exited. Fixes bug 8746; bugfix
       on 0.2.3.6-alpha.
 
   o Minor features (diagnostic):
-    - When logging a warning because of bug #7164, additionally check
-      the hash table for consistency (as proposed on ticket #11737).
-      This may help diagnose bug #7164.
+    - When logging a warning because of bug 7164, additionally check
+      the hash table for consistency (as proposed on ticket 11737).
+      This may help diagnose bug 7164.
     - When we log a heartbeat, log how many one-hop circuits we have
       that are at least 30 minutes old, and log status information about
       a few of them. This is an attempt to track down bug 8387.
-    - When we encounter an unexpected CR in text that we're trying to
-      write to a file on Windows, log the name of the file. Should help
+    - When encountering an unexpected CR while writing text to a
+      file on Windows, log the name of the file. Should help
       diagnosing bug 11233.
-    - Give more specific warnings when we notice at the client side that
+    - Give more specific warnings when a client notices that
       an onion handshake has failed. Fixes ticket 9635.
     - Add significant new logging code to attempt to diagnose bug 12184,
       where relays seem to run out of available circuit IDs.
-    - Improve the diagnostic log message for bug #8387 even further to
+    - Improve the diagnostic log message for bug 8387 even further to
       try to improve our odds of figuring out why one-hop directory
       circuits sometimes do not get closed.
 
   o Minor features (security, memory management):
-    - Add configure options controlling allocator tricks like mempools
-      and freelists, and turn them off by default; on most platforms
-      malloc is reasonable enough for this not to be necessary, and a
-      similar feature in OpenSSL exacerbated Heartbleed. Fixes
-      bug #11476.
+    - Memory allocation tricks (mempools and buffer freelists)
+      are now disabled by default. You can turn them back on with
+      --enable-mempools and --enable-buf-freelists respectively.
+      We're disabling these features because malloc performance is good
+      enough on most platforms, and a
+      similar feature in OpenSSL exacerbated exploitation of the Heartbleed
+      attack. Resolves ticket 11476.
 
   o Minor features (security):
     - Apply the secure SipHash-2-4 function to the hash table mapping
@@ -99,21 +99,22 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
     - Update geoip and geoip6 to the June 4 2014 Maxmind GeoLite2
       Country database.
 
-  o Minor bugfixes (configuration, security, new since 0.2.5.4-alpha, also in 0.2.4.22):
+  o Minor bugfixes (security, new since 0.2.5.4-alpha, also in 0.2.4.22):
     - When running a hidden service, do not allow TunneledDirConns 0;
       this will keep the hidden service from running, and also
       make it publish its descriptors directly over HTTP. Fixes bug 10849;
       bugfix on 0.2.1.1-alpha.
 
   o Minor bugfixes (performance):
-    - Do not recompute whether we have sufficient information to build
-      circuits every time we make a successful connection. Previously,
-      we would forget our cached value for this flag every time we
+    - Avoid a bug where every successful connection made us recompute the
+      flag telling us whether we have sufficient information to build
+      circuits. Previously,
+      we would forget our cached value
       successfully opened a channel (or marked a router as running or
       not running for any other reason), regardless of whether we had
       previously believed the router to be running. This forced us to
-      run a fairly expensive update operation with relatively high
-      frequency. Fixes bug 12170; bugfix on 0.1.2.1-alpha.
+      run an expensive update operation far too often.
+      Fixes bug 12170; bugfix on 0.1.2.1-alpha.
     - Avoid using tor_memeq() for checking relay cell integrity. This
       removes a possible performance bottleneck. Fixes part of bug
       12169; bugfix on 0.2.1.31.
@@ -135,6 +136,8 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
       0.2.4.8-alpha. Patch from "conradev".
     - Fix compilation when DNS_CACHE_DEBUG is enabled. Fixes bug 11761;
       bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
+    - Fix compilation with dmalloc. Fixes bug 11605; bugfix
+      on 0.2.4.10-alpha.
 
   o Minor bugfixes (Directory server):
     - When sending a compressed set of descriptors or microdescriptors,
@@ -144,17 +147,8 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
       finished. This caused problems for decompression tools. Fixes bug
       11648; bugfix on 0.1.1.23.
 
-  o Minor bugfixes (dmalloc):
-    - Fix compilation with dmalloc. Fixes bug 11605; bugfix
-      on 0.2.4.10-alpha.
-
-  o Minor bugfixes (documentation):
-    - Correct the documenation so that it lists the correct directories
-      for the stats files. (They are in a subdirectory called "stats",
-      not "status".)
-
   o Minor bugfixes (Linux seccomp sandbox):
-    - Make the seccomp sandbox code compile with ARM linux. Fixes bug
+    - Make the seccomp sandbox code compile under ARM linux. Fixes bug
       11622; bugfix on 0.2.5.1-alpha.
     - Avoid crashing when re-opening listener ports with the seccomp
       sandbox active. Fixes bug 12115; bugfix on 0.2.5.1-alpha.
@@ -185,9 +179,9 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
     - Avoid warnings when running with sandboxing enabled at the same
       time as cookie authentication, hidden services or directory
       authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
-    - Do not allow options which would require us to call exec to be
-      enabled along with the seccomp2 sandbox: they will inevitably
-      crash. Fix for bug 12043; bugfix on 0.2.5.1-alpha.
+    - Do not allow options that require calls to exec to be
+      enabled alongside the seccomp2 sandbox: they will inevitably
+      crash. Fixes bug 12043; bugfix on 0.2.5.1-alpha.
     - Handle failures in getpwnam()/getpwuid() when running with the
       User option set and the Linux syscall sandbox enabled. Fixes bug
       11946; bugfix on 0.2.5.1-alpha.
@@ -213,7 +207,7 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
     - Avoid "Tried to open a socket with DisableNetwork set" warnings
       when starting a client with bridges configured and DisableNetwork
       set. (Tor launcher starts Tor with DisableNetwork set the first
-      time.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
+      time it runs.) Fixes bug 10405; bugfix on 0.2.3.9-alpha.
 
   o Minor bugfixes (testing):
     - The Python parts of the test scripts now work on Python 3 as well
@@ -261,15 +255,15 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
       v2 link handshake. Fixes bug 12227; bugfix on 0.2.4.8-alpha. Found
       by "starlight".
     - When rejecting DATA cells for stream_id zero, still count them
-      against the circuit's deliver window so that we don't get fail to
-      send a SENDME. Fix for bug 11246; bugfix on 0.2.4.10-alpha.
+      against the circuit's deliver window so that we don't fail to
+      send a SENDME. Fixes bug 11246; bugfix on 0.2.4.10-alpha.
 
   o Minor bugfixes (logging):
     - Fix a misformatted log message about delayed directory fetches.
       Fixes bug 11654; bugfix on 0.2.5.3-alpha.
     - Squelch a spurious LD_BUG message "No origin circuit for
       successful SOCKS stream" in certain hidden service failure cases;
-      fixes bug #10616.
+      fixes bug 10616.
 
   o Distribution:
     - Include a tor.service file in contrib/dist for use with systemd.
@@ -283,14 +277,17 @@ Changes in version 0.2.5.5-alpha - 2014-06-1?
       directory authority options, remove the documentation for a
       V2-directory fetching option that no longer exists. Resolves
       ticket 11634.
+    - Correct the documenation so that it lists the correct directory
+      for the stats files. (They are in a subdirectory called "stats",
+      not "status".)
     - In the manpage, move more authority-only options into the
       directory authority section so that operators of regular directory
       caches don't get confused.
 
   o Package cleanup:
-    - The contrib directory has been sorted and tidy. Before, it was an
+    - The contrib directory has been sorted and tidied. Before, it was an
       unsorted dumping ground for useful and not-so-useful things. Now,
-      it has been divided based on functionality, and the items which
+      it is divided based on functionality, and the items which
       seemed to be nonfunctional or useless have been removed. Resolves
       ticket 8966; based on patches from "rl1987".