go through and rewrite the changes files to be more user-facing

changes/10582_tproxy

@@ -1,7 +1,6 @@
   o Minor features:
-
     - Add support for the TPROXY transparent proxying facility on Linux.
-      See documentation for the new TransProxyType option for more details.
-      Implementation by "thomo". Closes ticket 10582.
+      See documentation for the new TransProxyType option for more
+      details. Implementation by "thomo". Closes ticket 10582.
 
 

changes/10777_netunreach

@@ -1,7 +1,6 @@
-  - Minor bugfixes:
-
-    - Treat ENETUNREACH, EACCES, and EPERM at an exit node as a
-      NOROUTE error, not an INTERNAL error, since they can apparently
-      happen when trying to connect to the wrong sort of
-      netblocks. Fixes a part of bug 10777; bugfix on 0.1.0.1-rc.
+  o Minor bugfixes:
+    - Treat ENETUNREACH, EACCES, and EPERM connection failures at an
+      exit node as a NOROUTE error, not an INTERNAL error, since they
+      can apparently happen when trying to connect to the wrong sort
+      of netblocks. Fixes part of bug 10777; bugfix on 0.1.0.1-rc.
 

changes/bug10046

@@ -1,3 +1,4 @@
   o Minor bugfixes:
-    - Fix an always-true assertion in pluggable transports code. Fixes
-      issue 10046. Found by dcb.
+    - Fix an always-true assertion in pluggable transports code so it
+      actually checks what it was trying to check. Fixes bug 10046;
+      bugfix on 0.2.3.9-alpha. Found by "dcb".

changes/bug10297

@@ -1,4 +1,5 @@
   o Minor features:
-    - Spawn background processes using the CREATE_NO_WINDOW flag on
-      Windows, in order to prevent a console window from appearing.
-      Resolves ticket 10297.
+    - On Windows, spawn background processes using the CREATE_NO_WINDOW
+      flag. Now Tor Browser Bundle 3.5 with pluggable transports enabled
+      doesn't pop up a blank console window. (In Tor Browser Bundle 2.x,
+      Vidalia set this option for us.) Implements ticket 10297.

changes/bug10313

@@ -1,8 +1,6 @@
   o Minor bugfixes:
-    - Fixed an erroneous pointer comparison that would have allowed
-      compilers to remove a bounds check in channeltls.c. The fix
-      was to remove the check entirely, since it was impossible for
-      the code to overflow the bounds. Noticed by Jared L
-      Wong. Fixes bug 10313 and 9980. Bugfix on 0.2.0.10-alpha.
-
+    - Remove an erroneous (but impossible and thus harmless) pointer
+      comparison that would have allowed compilers to skip a bounds
+      check in channeltls.c. Fixes bugs 10313 and 9980; bugfix on
+      0.2.0.10-alpha. Noticed by Jared L Wong and David Fifield.
 

changes/bug10324

@@ -1,2 +1,4 @@
   o Tool changes:
-    - Make tor-gencert create 2048 bit signing keys. Addresses ticket #10324.
+    - Make the "tor-gencert" tool used by directory authority operators
+      create 2048-bit signing keys by default (rather than 1024-bit, since
+      1024-bit is uncomfortably small these days). Addresses ticket 10324.

changes/bug10365

@@ -1,7 +1,7 @@
   o Minor bugfixes:
-
-    - When receving a VERSIONS cell with an odd number of bytes, close
-      the connection immediately. Fix for bug 10365; bugfix on
-      0.2.0.10-alpha. Spotted by "bobnomnom"; fix by "rl1987".
+    - When receiving a VERSIONS cell with an odd number of bytes, close
+      the connection immediately since the cell is malformed. Fixes bug
+      10365; bugfix on 0.2.0.10-alpha. Spotted by "bobnomnom"; fix by
+      "rl1987".
 
 

changes/bug10470

@@ -1,4 +1,4 @@
   o Documentation fixes:
-    - Note that all but one DirPort entry must have the NoAdvertise flag
-      set. Fix for #10470.
+    - Document that all but one DirPort entry must have the NoAdvertise
+      flag set. Fixes bug 10470; bugfix on 0.2.3.3-alpha / 0.2.3.16-alpha.
 

changes/bug10485

@@ -1,12 +1,4 @@
-<<<<<<< HEAD
   o Minor bugfixes:
     - Turn "circuit handshake stats since last time" log messages into a
       heartbeat message. Fixes bug 10485; bugfix on 0.2.4.17-rc.
 
-||||||| merged common ancestors
-=======
-  o Minor bugfixes:
-    - Move message about circuit handshake counts into the heartbeat
-      message where it belongs, instead of logging it once per hour
-      unconditionally. Fixes bug 10485; bugfix on 0.2.4.17-rc.
->>>>>>> origin/maint-0.2.4

changes/bug10536

@@ -1,6 +1,5 @@
 
-  o Minor bugfixes:
-    - Reject 0-lenth EXTEND2 cells more expicitly. Previously our code would
-      reject them a bit later than it should have. This bug is
-      harmless. Fixes bug 10536; bugfix on 0.2.4.8-alpha. Reported by
-      "cypherpunks".
+  o Code simplification and refactoring:
+    - Reject 0-length EXTEND2 cells more explicitly. Fixes bug 10536;
+      bugfix on 0.2.4.8-alpha. Reported by "cypherpunks".
+

changes/bug10543

@@ -1,5 +1,6 @@
   o Minor bugfixes:
-    - If all nodes with the Exit flag have been disabled with the ExitNodes
-      flag, consider nodes which can exit to other ports as well.  Fixes bug
-      10543; bugfix on 0.2.4.10-alpha.
+    - If we set the ExitNodes option but it doesn't include any nodes
+      that have the Exit flag, we would choose not to bootstrap. Now we
+      bootstrap so long as ExitNodes includes nodes which can exit to
+      some port. Fixes bug 10543; bugfix on 0.2.4.10-alpha.
 

changes/bug10565

@@ -1,3 +1,3 @@
   o Minor bugfixes:
-    - Fix compilation on Solaris 9, which didn't like us to have an
-      identifier namd "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.
+    - Fix compilation on Solaris 9, which didn't like us having an
+      identifier named "sun". Fixes bug 10565; bugfix in 0.2.5.1-alpha.

changes/bug10722

@@ -1,8 +1,8 @@
   o Minor bugfixes:
-    - Consider non-excluded hidden service directory servers before
-      excluded ones. Do not consider excluded hidden service directory
-      servers at all if StrictNodes was set.  (Previously, we would
-      sometimes decide to connect to those servers, and then realize
-      before we initiated a connection that we had excluded them.)
-      Fix for bug #10722. Bugfix on 0.2.0.10-alpha. Reported by
-      "mr-4".
+    - If ExcludeNodes is set, consider non-excluded hidden service
+      directory servers before excluded ones. Do not consider excluded
+      hidden service directory servers at all if StrictNodes is
+      set. (Previously, we would sometimes decide to connect to those
+      servers, and then realize before we initiated a connection that
+      we had excluded them.) Fixes bug 10722; bugfix on 0.2.0.10-alpha.
+      Reported by "mr-4".

changes/bug10758

@@ -1,4 +1,4 @@
-  o Removed code
-    - Remove all code that existed to support the v2 directory system:
-      There are no longer any v2 directory authorities. Resolves
-      bug 10758.
+  o Removed code and features:
+    - Remove all code that existed to support the v2 directory system,
+      since there are no longer any v2 directory authorities. Resolves
+      ticket 10758.

changes/bug10777_internal_024

@@ -1,4 +1,5 @@
   o Major bugfixes:
-    - Do not treat END_STREAM_REASON_INTERNAL as indicating a definite
-      circuit failure, since it could also indicate an ENETUNREACH
-      error. Fixes part of bug 10777; bugfix on 0.2.4.8-alpha.
+    - Do not treat streams that fail with reason
+      END_STREAM_REASON_INTERNAL as indicating a definite circuit failure,
+      since it could also indicate an ENETUNREACH connection error. Fixes
+      part of bug 10777; bugfix on 0.2.4.8-alpha.

changes/bug10793

@@ -1,4 +1,4 @@
   o Minor features (security):
-    - Always clear OpenSSL bignums before freeing them--even bignums
+    - Always clear OpenSSL bignums before freeing them -- even bignums
       that don't contain secrets. Resolves ticket 10793. Patch by
       Florent Daigniere.

changes/bug10842

@@ -1,4 +1,5 @@
-  o Minor bugfixes:
-    - Suppress a warning that votes and signatures cannot be uploaded to
-      other directory authorities if there's only one directory authority
-      in the network. Bugfix on 0.2.2.26-beta. Resolves ticket 10842.
+  o Minor bugfixes (log messages):
+    - Suppress a warning where, if there's only one directory authority
+      in the network, we would complain that votes and signatures cannot
+      be uploaded to other directory authorities. Fixes bug 10842;
+      bugfix on 0.2.2.26-beta.

changes/bug10870

@@ -1,6 +1,6 @@
   o Code simplification and refactoring:
     - Remove data structures which were introduced to implement the
       CellStatistics option: they are now redundant with the addition
-      of timestamp to the regular packed_cell_t data structure, which
-      we did in 0.2.4.18-rc in order to resolve #9093. Fixes bug
-      10870.
+      of a timestamp to the regular packed_cell_t data structure, which
+      we did in 0.2.4.18-rc in order to resolve ticket 9093. Implements
+      ticket 10870.

changes/bug10881

@@ -1,7 +1,7 @@
-  o Removed code:
-
-    - Remove code for designating authorities as "Hidden service
-      authorities". There has been no use of hidden service authorities
-      since 0.2.2.1-alpha, when we stopped uploading or downloading v0
-      hidden service descriptors. Fixes bug 10881; part of a fix for bug
-      10841.
+  o Removed config options:
+    - Remove the HSAuthoritativeDir and AlternateHSAuthority torrc
+      options, which were used for designating authorities as "Hidden
+      service authorities". There has been no use of hidden service
+      authorities since 0.2.2.1-alpha, when we stopped uploading or
+      downloading v0 hidden service descriptors. Fixes bug 10881; also
+      part of a fix for bug 10841.

changes/bug1376

@@ -1,4 +1,3 @@
-  o Minor bugfixes:
-
-    - Added additional argument to write_chunks_to_file to optionally skip
-      using a temp file to do non-atomic writes. Implements ticket #1376.
+  o Code simplification and refactoring: 
+    - Previously we used two temporary files when writing descriptors to
+      disk; now we only use one. Implements ticket 1376.

changes/bug4677

@@ -1,4 +1,4 @@
   o Minor bugfixes (build):
     - Restore the ability to compile Tor with V2_HANDSHAKE_SERVER
-      turned off. Fixes bug 4677; bugfix on 0.2.3.2-alpha. Patch
-      from "piet".
+      turned off (that is, without support for v2 link handshakes). Fixes
+      bug 4677; bugfix on 0.2.3.2-alpha. Patch from "piet".

changes/bug5018

@@ -1,3 +1,5 @@
-  o Minor features:
-    - Don't launch pluggable transport proxies that contribute
-      transports we don't need. Resolves ticket 5018.
+  o Major features:
+    - Don't launch pluggable transport proxies if we don't have any
+      bridges configured that would use them. Now we can list many
+      pluggable transports, and Tor will dynamically start one when it
+      hears a bridge address that needs it. Resolves ticket 5018.

changes/bug5605

@@ -1,5 +1,7 @@
-o Minor Bugfixes:
-  - No longer writing control ports to file if updating reversible
-    options fail. Fixes bug 5605; bugfix on 0.2.2.26-beta.  Patch from
-    Ryman.
+  o Minor bugfixes:
+    - If changing a config option via "setconf" fails in a recoverable
+      way, we used to nonetheless write our new control ports to the
+      file described by the "ControlPortWriteToFile" option. Now we only
+      write out that file if we successfully switch to the new config
+      option. Fixes bug 5605; bugfix on 0.2.2.26-beta. Patch from "Ryman".
 

changes/bug7359

@@ -1,7 +1,9 @@
-  o Minor features (controller):
-    - Extend ORCONN controller event by ID parameter and add four new
-      controller event types CONN_BW, CIRC_BW, CELL_STATS, and TB_EMPTY
-      that shall help understand connection and circuit usage.  The new
-      events are emitted in private Tor networks only.  Implements
-      proposal 218.  Resolves ticket #7359.
+  o Major features (controller):
+    - Extend ORCONN controller event to include an "ID" parameter,
+      and add four new controller event types CONN_BW, CIRC_BW,
+      CELL_STATS, and TB_EMPTY that show connection and circuit usage.
+      The new events are emitted in private Tor networks only, with the
+      goal of being able to better track performance and load during
+      full-network simulations. Implements proposal 218. Resolves
+      ticket 7359.
 

changes/bug9162

@@ -1,6 +1,8 @@
   o Minor bugfixes:
-    - Fix a get_configured_bridge_by_addr_port_digest() function so
-      that it would return a bridge with given address and port even
-      if bridge digest is not specified by caller.  Fixes bug 9162;
-      bugfix on 0.2.0.3-alpha.  Based on a patch from "rl1987".
+    - Fix a bug where the first connection works to a bridge that uses a
+      pluggable transport with client-side parameters, but we don't send
+      the client-side parameters on subsequent connections. (We don't
+      use any pluggable transports with client-side parameters yet,
+      but ScrambleSuit will soon become the first one.) Fixes bug 9162;
+      bugfix on 0.2.0.3-alpha. Based on a patch from "rl1987".
 

changes/bug9206

@@ -1,6 +1,6 @@
   o Minor features (testing):
+    - When bootstrapping a test network, sometimes very few relays get
+      the Guard flag. Now a new option "TestingDirAuthVoteGuard" can
+      specify a set of relays which should be voted Guard regardless of
+      their uptime or bandwidth. Addresses ticket 9206.
 
-    - When bootstrapping a test network, few relays get the Guard
-      flag. There is now a new option, TestingDirAuthVoteGuard, which
-      can be used to specify a set of relays which should be voted
-      Guard regardless of uptime or bandwidth. Addresses ticket 9206.

changes/bug9578

@@ -1,6 +1,7 @@
   o Minor bugfixes:
-    - When a command-line option such as --version or --help that ordinarily
-      implies --hush appears on the command line along with --quiet, obey
-      --quiet. Previously, we obeyed --quiet only if it appeared later on the
-      command line. Fixes bug 9578; bugfix on 0.2.5.1-alpha.
+    - When a command-line option such as --version or --help that
+      ordinarily implies --hush appears on the command line along with
+      --quiet, then actually obey --quiet. Previously, we obeyed --quiet
+      only if it appeared later on the command line. Fixes bug 9578;
+      bugfix on 0.2.5.1-alpha.
 

changes/bug9602

@@ -1,5 +1,4 @@
- o Bugfixes
-   - Null out orconn->chan->conn when closing orconn in case orconn is freed
-     before channel_run_cleanup() gets to orconn->chan, and handle the null
-     conn edge case correctly in channel_tls_t methods.  Fixes bug #9602;
-     bugfix on 0.2.4.4-alpha.
+  o Minor bugfixes:
+    - Avoid a segfault on SIGUSR1, where we had freed a connection but did
+      not entirely remove it from the connection lists. Fixes bug 9602;
+      bugfix on 0.2.4.4-alpha.

changes/bug9651

@@ -1,3 +1,5 @@
   o Minor features:
-    - Warn when the Extended ORPort should be set, but it isn't. Resolves
-      ticket 9651.
+    - When ServerTransportPlugin is set on a bridge, Tor can write more
+      useful statistics about bridge use in its extrainfo descriptors,
+      but only if the Extended ORPort ("ExtORPort") is set too. Add a
+      log message to inform the user in this case. Resolves ticket 9651.

changes/bug9859

@@ -1,6 +1,10 @@
-  o Minor Feature
-
-    - Assign status flags to bridges based on thresholds calculated
-      over all bridges. Fixes bug 9859.
+  o Major features:
+    - The bridge directory authority now assigns status flags (Stable,
+      Guard, etc) to bridges based on thresholds calculated over all
+      Running bridges. Now bridgedb can finally make use of its features
+      to e.g. include at least one Stable bridge in its answers. Fixes
+      bug 9859.
+  o Minor features:
     - Add threshold cutoffs to the networkstatus document created by
       the Bridge Authority. Fixes bug 1117.
+

changes/bug9869

@@ -1,7 +1,5 @@
   o Minor features (build):
-
-    - Assume that a user using configure --host wants to cross-
-      compile and error if we cannot find a properly named tool-
-      chain. Add --disable-tool-name-check to enable the user
-      to build nevertheless. Addresses ticket 9869. Patch by
-      Benedikt Gollatz.
+    - Assume that a user using ./configure --host wants to cross-compile,
+      and give an error if we cannot find a properly named
+      tool-chain. Add a --disable-tool-name-check option to proceed
+      nevertheless. Addresses ticket 9869. Patch by Benedikt Gollatz.

changes/bug9926

@@ -1,6 +1,6 @@
-  o Minor bugfixes:
+  o Code simplification and refactoring:
     - Remove some old fallback code designed to keep Tor clients working
-      in a network with only two working nodes. Elsewhere in the code we
+      in a network with only two working relays. Elsewhere in the code we
       have long since stopped supporting such networks, so there wasn't
-      much point in keeping it around. Fixes bug 9926.
+      much point in keeping it around. Addresses ticket 9926.
 

changes/bug9934

@@ -1,4 +1,5 @@
   o Minor features (controller):
-    - New DROPGUARDS command to forget all current entry guards. Not
-      recommended for ordinary use, since replacing guards too frequently
-      makes several attacks easier. Resolves ticket #9934; patch from "ra".
+    - New "DROPGUARDS" controller command to forget all current entry
+      guards. Not recommended for ordinary use, since replacing guards
+      too frequently makes several attacks easier. Resolves ticket 9934;
+      patch from "ra".

changes/bug9948

@@ -1,6 +1,4 @@
   o Minor features (build):
-
-    - Check in configure whether we can link an executable when
-      stack protection is enabled so we can warn the user about a
-      potentially missing libssp. Addresses ticket 9948. Patch
-      from Benedikt Gollatz. 
+    - If we run ./configure and the compiler recognizes -fstack-protector
+      but the linker rejects it, warn the user about a potentially missing
+      libssp package. Addresses ticket 9948. Patch from Benedikt Gollatz.

changes/feature9777

@@ -1,3 +1,7 @@
-  o Minor features:
-    - Avoid using circuit paths if no node in the path supports the ntor
-      circuit extension handshake. Implements ticket 9777.
+  o Major features:
+    - When we choose a path for a 3-hop circuit, make sure it contains
+      at least one relay that supports the NTor circuit extension
+      handshake. Otherwise, there is a chance that we're building
+      a circuit that's worth attacking by an adversary who finds
+      breaking 1024-bit crypto doable, and that chance changes the game
+      theory. Implements ticket 9777.

changes/prop157-require

@@ -2,4 +2,4 @@
     - Clients now reject any directory authority certificates lacking
       a dir-key-crosscert element. These have been included since
       0.2.1.9-alpha, so there's no real reason for them to be optional
-      any longer. Completes proposal 157.
+      any longer. Completes proposal 157. Resolves ticket 10162.

changes/prop221

@@ -1,6 +1,7 @@
-  o Minor features:
-    - Stop sending the CREATE_FAST cells by default; instead, use a
-      parameter in the consensus to decide whether to use
-      CREATE_FAST. This can improve security on connections where
-      Tor's circuit handshake is stronger than the available TLS
-      connection security levels. Implements proposal 221.
+  o Major features:
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.

changes/python-tests

@@ -1,4 +1,4 @@
   o Minor features:
-    - "make check" now runs extra tests beyond the unit test scripts if
-      Python is installed.
+    - If Python is installed, "make check" now runs extra tests beyond
+      the unit test scripts.
 

changes/seccomp2-fixes

@@ -1,3 +1,4 @@
   o Minor bugfixes:
     - Fix compilation warnings and startup issues when running with
-      libseccomp-2.1.0. Fixes bug 10563.
+      "Sandbox 1" and libseccomp-2.1.0. Fixes bug 10563; bugfix on
+      0.2.5.1-alpha.

changes/stack_trace

@@ -4,5 +4,5 @@
       Unix-like operating systems), Tor can now dump stack traces
       when a crash occurs or an assertion fails. By default, traces
       are dumped to stderr (if possible) and to any logs that are
-      reporting errors.
+      reporting errors. Implements ticket 9299.
 

changes/ticket10060

@@ -1,5 +1,5 @@
   o Minor features:
-    - Adding --allow-missing-torrc commandline option that allows Tor to
-      run if configuration file specified by -f is not available.
+    - Add an --allow-missing-torrc commandline option that tells Tor to
+      run even if the configuration file specified by -f is not available.
       Implements ticket 10060.
 

changes/ticket8510

@@ -1,4 +1,3 @@
   o Minor features:
-    - Implement the HS_DESC async control event that notifies controller on
-      activities related to hidden service descriptors. Partly resolves
-      ticket 8510.
+    - Add a new "HS_DESC" controller event that reports activities
+      related to hidden service descriptors. Resolves ticket 8510.

changes/ticket9839

@@ -1,3 +1,3 @@
   o Documentation:
-    - Update manpage to describe some of the files one could find
-      in data directory. Fixes bug 9839.
+    - Update manpage to describe some of the files you can expect to
+      find in Tor's DataDirectory. Addresses ticket 9839.