tor/ReleaseNotes

This document summarizes new features and bugfixes in each stable
release of Tor. If you want to see more detailed descriptions of the
changes in each development snapshot, see the ChangeLog file.

Changes in version 0.3.5.8 - 2019-02-21
  Tor 0.3.5.8 backports serveral fixes from later releases, including fixes
  for an annoying SOCKS-parsing bug that affected users in earlier 0.3.5.x
  releases.

  It also includes a fix for a medium-severity security bug affecting Tor
  0.3.2.1-alpha and later. All Tor instances running an affected release
  should upgrade to 0.3.3.12, 0.3.4.11, 0.3.5.8, or 0.4.0.2-alpha.

  o Major bugfixes (cell scheduler, KIST, security):
    - Make KIST consider the outbuf length when computing what it can
      put in the outbuf. Previously, KIST acted as though the outbuf
      were empty, which could lead to the outbuf becoming too full. It
      is possible that an attacker could exploit this bug to cause a Tor
      client or relay to run out of memory and crash. Fixes bug 29168;
      bugfix on 0.3.2.1-alpha. This issue is also being tracked as
      TROVE-2019-001 and CVE-2019-8955.

  o Major bugfixes (networking, backport from 0.4.0.2-alpha):
    - Gracefully handle empty username/password fields in SOCKS5
      username/password auth messsage and allow SOCKS5 handshake to
      continue. Previously, we had rejected these handshakes, breaking
      certain applications. Fixes bug 29175; bugfix on 0.3.5.1-alpha.

  o Minor features (compilation, backport from 0.4.0.2-alpha):
    - Compile correctly when OpenSSL is built with engine support
      disabled, or with deprecated APIs disabled. Closes ticket 29026.
      Patches from "Mangix".

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 5 2019 Maxmind GeoLite2
      Country database. Closes ticket 29478.

  o Minor features (testing, backport from 0.4.0.2-alpha):
    - Treat all unexpected ERR and BUG messages as test failures. Closes
      ticket 28668.

  o Minor bugfixes (onion service v3, client, backport from 0.4.0.1-alpha):
    - Stop logging a "BUG()" warning and stacktrace when we find a SOCKS
      connection waiting for a descriptor that we actually have in the
      cache. It turns out that this can actually happen, though it is
      rare. Now, tor will recover and retry the descriptor. Fixes bug
      28669; bugfix on 0.3.2.4-alpha.

  o Minor bugfixes (IPv6, backport from 0.4.0.1-alpha):
    - Fix tor_ersatz_socketpair on IPv6-only systems. Previously, the
      IPv6 socket was bound using an address family of AF_INET instead
      of AF_INET6. Fixes bug 28995; bugfix on 0.3.5.1-alpha. Patch from
      Kris Katterjohn.

  o Minor bugfixes (build, compatibility, rust, backport from 0.4.0.2-alpha):
    - Update Cargo.lock file to match the version made by the latest
      version of Rust, so that "make distcheck" will pass again. Fixes
      bug 29244; bugfix on 0.3.3.4-alpha.

  o Minor bugfixes (client, clock skew, backport from 0.4.0.1-alpha):
    - Select guards even if the consensus has expired, as long as the
      consensus is still reasonably live. Fixes bug 24661; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (compilation, backport from 0.4.0.1-alpha):
    - Compile correctly on OpenBSD; previously, we were missing some
      headers required in order to detect it properly. Fixes bug 28938;
      bugfix on 0.3.5.1-alpha. Patch from Kris Katterjohn.

  o Minor bugfixes (documentation, backport from 0.4.0.2-alpha):
    - Describe the contents of the v3 onion service client authorization
      files correctly: They hold public keys, not private keys. Fixes
      bug 28979; bugfix on 0.3.5.1-alpha. Spotted by "Felixix".

  o Minor bugfixes (logging, backport from 0.4.0.1-alpha):
    - Rework rep_hist_log_link_protocol_counts() to iterate through all
      link protocol versions when logging incoming/outgoing connection
      counts. Tor no longer skips version 5, and we won't have to
      remember to update this function when new link protocol version is
      developed. Fixes bug 28920; bugfix on 0.2.6.10.

  o Minor bugfixes (logging, backport from 0.4.0.2-alpha):
    - Log more information at "warning" level when unable to read a
      private key; log more information at "info" level when unable to
      read a public key. We had warnings here before, but they were lost
      during our NSS work. Fixes bug 29042; bugfix on 0.3.5.1-alpha.

  o Minor bugfixes (misc, backport from 0.4.0.2-alpha):
    - The amount of total available physical memory is now determined
      using the sysctl identifier HW_PHYSMEM (rather than HW_USERMEM)
      when it is defined and a 64-bit variant is not available. Fixes
      bug 28981; bugfix on 0.2.5.4-alpha. Patch from Kris Katterjohn.

  o Minor bugfixes (onion services, backport from 0.4.0.2-alpha):
    - Avoid crashing if ClientOnionAuthDir (incorrectly) contains more
      than one private key for a hidden service. Fixes bug 29040; bugfix
      on 0.3.5.1-alpha.
    - In hs_cache_store_as_client() log an HSDesc we failed to parse at
      "debug" level. Tor used to log it as a warning, which caused very
      long log lines to appear for some users. Fixes bug 29135; bugfix
      on 0.3.2.1-alpha.
    - Stop logging "Tried to establish rendezvous on non-OR circuit..."
      as a warning. Instead, log it as a protocol warning, because there
      is nothing that relay operators can do to fix it. Fixes bug 29029;
      bugfix on 0.2.5.7-rc.

  o Minor bugfixes (tests, directory clients, backport from 0.4.0.1-alpha):
    - Mark outdated dirservers when Tor only has a reasonably live
      consensus. Fixes bug 28569; bugfix on 0.3.2.5-alpha.

  o Minor bugfixes (tests, backport from 0.4.0.2-alpha):
    - Detect and suppress "bug" warnings from the util/time test on
      Windows. Fixes bug 29161; bugfix on 0.2.9.3-alpha.
    - Do not log an error-level message if we fail to find an IPv6
      network interface from the unit tests. Fixes bug 29160; bugfix
      on 0.2.7.3-rc.

  o Minor bugfixes (usability, backport from 0.4.0.1-alpha):
    - Stop saying "Your Guard ..." in pathbias_measure_{use,close}_rate().
      Some users took this phrasing to mean that the mentioned guard was
      under their control or responsibility, which it is not. Fixes bug
      28895; bugfix on Tor 0.3.0.1-alpha.


Changes in version 0.3.5.7 - 2019-01-07
  Tor 0.3.5.7 is the first stable release in its series; it includes
  compilation and portability fixes, and a fix for a severe problem
  affecting directory caches.

  The Tor 0.3.5 series includes several new features and performance
  improvements, including client authorization for v3 onion services,
  cleanups to bootstrap reporting, support for improved bandwidth-
  measurement tools, experimental support for NSS in place of OpenSSL,
  and much more. It also begins a full reorganization of Tor's code
  layout, for improved modularity and maintainability in the future.
  Finally, there is the usual set of performance improvements and
  bugfixes that we try to do in every release series.

  There are a couple of changes in the 0.3.5 that may affect
  compatibility. First, the default version for newly created onion
  services is now v3. Use the HiddenServiceVersion option if you want to
  override this. Second, some log messages related to bootstrapping have
  changed; if you use stem, you may need to update to the latest version
  so it will recognize them.

  We have designated 0.3.5 as a "long-term support" (LTS) series: we
  will continue to patch major bugs in typical configurations of 0.3.5
  until at least 1 Feb 2022. (We do not plan to provide long-term
  support for embedding, Rust support, NSS support, running a directory
  authority, or unsupported platforms. For these, you will need to stick
  with the latest stable release.)

  Below are the changes since 0.3.4.9. For a complete list of changes
  since 0.3.5.6-rc, see the ChangeLog file.

  o Major features (bootstrap):
    - Don't report directory progress until after a connection to a
      relay or bridge has succeeded. Previously, we'd report 80%
      progress based on cached directory information when we couldn't
      even connect to the network. Closes ticket 27169.

  o Major features (new code layout):
    - Nearly all of Tor's source code has been moved around into more
      logical places. The "common" directory is now divided into a set
      of libraries in "lib", and files in the "or" directory have been
      split into "core" (logic absolutely needed for onion routing),
      "feature" (independent modules in Tor), and "app" (to configure
      and invoke the rest of Tor). See doc/HACKING/CodeStructure.md for
      more information. Closes ticket 26481.

      This refactoring is not complete: although the libraries have been
      refactored to be acyclic, the main body of Tor is still too
      interconnected. We will attempt to improve this in the future.

  o Major features (onion services v3):
    - Implement onion service client authorization at the descriptor
      level: only authorized clients can decrypt a service's descriptor
      to find out how to contact it. A new torrc option was added to
      control this client side: ClientOnionAuthDir <path>. On the
      service side, if the "authorized_clients/" directory exists in the
      onion service directory path, client configurations are read from
      the files within. See the manpage for more details. Closes ticket
      27547. Patch done by Suphanat Chunhapanya (haxxpop).
    - Improve revision counter generation in next-gen onion services.
      Onion services can now scale by hosting multiple instances on
      different hosts without synchronization between them, which was
      previously impossible because descriptors would get rejected by
      HSDirs. Addresses ticket 25552.
    - Version 3 onion services can now use the per-service
      HiddenServiceExportCircuitID option to differentiate client
      circuits. It communicates with the service by using the HAProxy
      protocol to assign virtual IP addresses to inbound client
      circuits. Closes ticket 4700. Patch by Mahrud Sayrafi.

  o Major features (onion services, UI change):
    - For a newly created onion service, the default version is now 3.
      Tor still supports existing version 2 services, but the operator
      now needs to set "HiddenServiceVersion 2" in order to create a new
      version 2 service. For existing services, Tor now learns the
      version by reading the key file. Closes ticket 27215.

  o Major features (portability, cryptography, experimental, TLS):
    - Tor now has the option to compile with the NSS library instead of
      OpenSSL. This feature is experimental, and we expect that bugs may
      remain. It is mainly intended for environments where Tor's
      performance is not CPU-bound, and where NSS is already known to be
      installed. To try it out, configure Tor with the --enable-nss
      flag. Closes tickets 26631, 26815, and 26816.

      If you are experimenting with this option and using an old cached
      consensus, Tor may fail to start. To solve this, delete your
      "cached-consensus" and "cached-microdesc-consensus" files,
      (if present), and restart Tor.

  o Major features (relay, UI change):
    - Relays no longer run as exits by default. If the "ExitRelay"
      option is auto (or unset), and no exit policy is specified with
      ExitPolicy or ReducedExitPolicy, we now treat ExitRelay as 0.
      Previously in this case, we allowed exit traffic and logged a
      warning message. Closes ticket 21530. Patch by Neel Chauhan.
    - Tor now validates that the ContactInfo config option is valid UTF-
      8 when parsing torrc. Closes ticket 27428.

  o Major bugfixes (compilation):
    - Fix compilation on ARM (and other less-used CPUs) when compiling
      with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.

  o Major bugfixes (compilation, rust):
    - Rust tests can now build and run successfully with the
      --enable-fragile-hardening option enabled. Doing this currently
      requires the rust beta channel; it will be possible with stable
      rust once Rust version 1.31 is released. Patch from Alex Crichton.
      Fixes bugs 27272, 27273, and 27274. Bugfix on 0.3.1.1-alpha.

  o Major bugfixes (directory authority):
    - Actually check that the address we get from DirAuthority
      configuration line is valid IPv4. Explicitly disallow DirAuthority
      address to be a DNS hostname. Fixes bug 26488; bugfix
      on 0.1.2.10-rc.

  o Major bugfixes (embedding, main loop):
    - When DisableNetwork becomes set, actually disable periodic events
      that are already enabled. (Previously, we would refrain from
      enabling new ones, but we would leave the old ones turned on.)
      Fixes bug 28348; bugfix on 0.3.4.1-alpha.

  o Major bugfixes (main loop, bootstrap):
    - Make sure Tor bootstraps and works properly if only the
      ControlPort is set. Prior to this fix, Tor would only bootstrap
      when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel
      port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.

  o Major bugfixes (onion service v3):
    - On an intro point for a version 3 onion service, stop closing
      introduction circuits on a NACK. This lets the client decide
      whether to reuse the circuit or discard it. Previously, we closed
      intro circuits when sending NACKs. Fixes bug 27841; bugfix on
      0.3.2.1-alpha. Patch by Neel Chaunan.

  o Major bugfixes (OpenSSL, portability):
    - Fix our usage of named groups when running as a TLS 1.3 client in
      OpenSSL 1.1.1. Previously, we only initialized EC groups when
      running as a relay, which caused clients to fail to negotiate TLS
      1.3 with relays. Fixes bug 28245; bugfix on 0.2.9.15 (when TLS 1.3
      support was added).

  o Major bugfixes (relay bandwidth statistics):
    - When we close relayed circuits, report the data in the circuit
      queues as being written in our relay bandwidth stats. This
      mitigates guard discovery and other attacks that close circuits
      for the explicit purpose of noticing this discrepancy in
      statistics. Fixes bug 23512; bugfix on 0.0.8pre3.

  o Major bugfixes (relay):
    - When our write bandwidth limit is exhausted, stop writing on the
      connection. Previously, we had a typo in the code that would make
      us stop reading instead, leading to relay connections being stuck
      indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix
      on 0.3.4.1-alpha.
    - Always reactivate linked connections in the main loop so long as
      any linked connection has been active. Previously, connections
      serving directory information wouldn't get reactivated after the
      first chunk of data was sent (usually 32KB), which would prevent
      clients from bootstrapping. Fixes bug 28912; bugfix on
      0.3.4.1-alpha. Patch by "cypherpunks3".

  o Major bugfixes (restart-in-process):
    - Fix a use-after-free error that could be caused by passing Tor an
      impossible set of options that would fail during options_act().
      Fixes bug 27708; bugfix on 0.3.3.1-alpha.

  o Minor features (admin tools):
    - Add a new --key-expiration option to print the expiration date of
      the signing cert in an ed25519_signing_cert file. Resolves
      issue 19506.

  o Minor features (build):
    - If you pass the "--enable-pic" option to configure, Tor will try
      to tell the compiler to build position-independent code suitable
      to link into a dynamic library. (The default remains -fPIE, for
      code suitable for a relocatable executable.) Closes ticket 23846.

  o Minor features (code correctness, testing):
    - Tor's build process now includes a "check-includes" make target to
      verify that no module of Tor relies on any headers from a higher-
      level module. We hope to use this feature over time to help
      refactor our codebase. Closes ticket 26447.

  o Minor features (code layout):
    - We have a new "lowest-level" error-handling API for use by code
      invoked from within the logging module. With this interface, the
      logging code is no longer at risk of calling into itself if a
      failure occurs while it is trying to log something. Closes
      ticket 26427.

  o Minor features (compilation):
    - When possible, place our warning flags in a separate file, to
      avoid flooding verbose build logs. Closes ticket 28924.
    - Tor's configure script now supports a --with-malloc= option to
      select your malloc implementation. Supported options are
      "tcmalloc", "jemalloc", "openbsd" (deprecated), and "system" (the
      default). Addresses part of ticket 20424. Based on a patch from
      Alex Xu.

  o Minor features (config):
    - The "auto" keyword in torrc is now case-insensitive. Closes
      ticket 26663.

  o Minor features (continuous integration):
    - Add a Travis CI build for --enable-nss on Linux gcc. Closes
      ticket 27751.
    - Add new CI job to Travis configuration to run stem-based
      integration tests. Closes ticket 27913.
    - Use the Travis Homebrew addon to install packages on macOS during
      Travis CI. The package list is the same, but the Homebrew addon
      does not do a `brew update` by default. Implements ticket 27738.
    - Report what program produced the mysterious core file that we
      occasionally see on Travis CI during make distcheck. Closes
      ticket 28024.
    - Don't do a distcheck with --disable-module-dirauth in Travis.
      Implements ticket 27252.
    - Install libcap-dev and libseccomp2-dev so these optional
      dependencies get tested on Travis CI. Closes ticket 26560.
    - Only run one online rust build in Travis, to reduce network
      errors. Skip offline rust builds on Travis for Linux gcc, because
      they're redundant. Implements ticket 27252.
    - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
      duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
      Linux with default settings, because all the non-default builds
      use gcc on Linux. Implements ticket 27252.

  o Minor features (continuous integration, Windows):
    - Always show the configure and test logs, and upload them as build
      artifacts, when building for Windows using Appveyor CI.
      Implements 28459.
    - Build tor on Windows Server 2012 R2 and Windows Server 2016 using
      Appveyor's CI. Closes ticket 28318.

  o Minor features (controller):
    - Emit CIRC_BW events as soon as we detect that we processed an
      invalid or otherwise dropped cell on a circuit. This allows
      vanguards and other controllers to react more quickly to dropped
      cells. Closes ticket 27678.
    - For purposes of CIRC_BW-based dropped cell detection, track half-
      closed stream ids, and allow their ENDs, SENDMEs, DATA and path
      bias check cells to arrive without counting it as dropped until
      either the END arrives, or the windows are empty. Closes
      ticket 25573.
    - Implement a 'GETINFO md/all' controller command to enable getting
      all known microdescriptors. Closes ticket 8323.
    - The GETINFO command now support an "uptime" argument, to return
      Tor's uptime in seconds. Closes ticket 25132.

  o Minor features (denial-of-service avoidance):
    - Make our OOM handler aware of the DNS cache so that it doesn't
      fill up the memory. This check is important for our DoS mitigation
      subsystem. Closes ticket 18642. Patch by Neel Chauhan.

  o Minor features (development):
    - Tor's makefile now supports running the "clippy" Rust style tool
      on our Rust code. Closes ticket 22156.

  o Minor features (directory authority):
    - There is no longer an artificial upper limit on the length of
      bandwidth lines. Closes ticket 26223.
    - When a bandwidth file is used to obtain the bandwidth measurements,
      include this bandwidth file headers in the votes. Closes
      ticket 3723.
    - Improved support for networks with only a single authority or a
      single fallback directory. Patch from Gabriel Somlo. Closes
      ticket 25928.

  o Minor features (embedding API):
    - The Tor controller API now supports a function to launch Tor with
      a preconstructed owning controller FD, so that embedding
      applications don't need to manage controller ports and
      authentication. Closes ticket 24204.
    - The Tor controller API now has a function that returns the name
      and version of the backend implementing the API. Closes
      ticket 26947.

  o Minor features (fallback directory list):
    - Replace the 150 fallbacks originally introduced in Tor
      0.3.3.1-alpha in January 2018 (of which ~115 were still
      functional), with a list of 157 fallbacks (92 new, 65 existing, 85
      removed) generated in December 2018. Closes ticket 24803.

  o Minor features (geoip):
    - Update geoip and geoip6 to the January 3 2019 Maxmind GeoLite2
      Country database. Closes ticket 29012.

  o Minor features (memory management):
    - Get Libevent to use the same memory allocator as Tor, by calling
      event_set_mem_functions() during initialization. Resolves
      ticket 8415.

  o Minor features (memory usage):
    - When not using them, store legacy TAP public onion keys in DER-
      encoded format, rather than as expanded public keys. This should
      save several megabytes on typical clients. Closes ticket 27246.

  o Minor features (OpenSSL bug workaround):
    - Work around a bug in OpenSSL 1.1.1a, which prevented the TLS 1.3
      key export function from handling long labels. When this bug is
      detected, Tor will disable TLS 1.3. We recommend upgrading to a
      version of OpenSSL without this bug when it becomes available.
      Closes ticket 28973.

  o Minor features (OpenSSL):
    - When possible, use RFC5869 HKDF implementation from OpenSSL rather
      than our own. Resolves ticket 19979.

  o Minor features (performance):
    - Remove about 96% of the work from the function that we run at
      startup to test our curve25519_basepoint implementation. Since
      this function has yet to find an actual failure, we now only run
      it for 8 iterations instead of 200. Based on our profile
      information, this change should save around 8% of our startup time
      on typical desktops, and may have a similar effect on other
      platforms. Closes ticket 28838.
    - Stop re-validating our hardcoded Diffie-Hellman parameters on
      every startup. Doing this wasted time and cycles, especially on
      low-powered devices. Closes ticket 28851.

  o Minor features (Rust, code quality):
    - Improve rust code quality in the rust protover implementation by
      making it more idiomatic. Includes changing an internal API to
      take &str instead of &String. Closes ticket 26492.

  o Minor features (testing):
    - Add scripts/test/chutney-git-bisect.sh, for bisecting using
      chutney. Implements ticket 27211.

  o Minor features (tor-resolve):
    - The tor-resolve utility can now be used with IPv6 SOCKS proxies.
      Side-effect of the refactoring for ticket 26526.

  o Minor features (UI):
    - Log each included configuration file or directory as we read it,
      to provide more visibility about where Tor is reading from. Patch
      from Unto Sten; closes ticket 27186.
    - Lower log level of "Scheduler type KIST has been enabled" to INFO.
      Closes ticket 26703.

  o Minor bugfixes (32-bit OSX and iOS, timing):
    - Fix an integer overflow bug in our optimized 32-bit millisecond-
      difference algorithm for 32-bit Apple platforms. Previously, it
      would overflow when calculating the difference between two times
      more than 47 days apart. Fixes part of bug 27139; bugfix
      on 0.3.4.1-alpha.
    - Improve the precision of our 32-bit millisecond difference
      algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
      bugfix on 0.3.4.1-alpha.
    - Relax the tolerance on the mainloop/update_time_jumps test when
      running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
      on 0.3.4.1-alpha.

  o Minor bugfixes (bootstrap):
    - Try harder to get descriptors in non-exit test networks, by using
      the mid weight for the third hop when there are no exits. Fixes
      bug 27237; bugfix on 0.2.6.2-alpha.

  o Minor bugfixes (C correctness):
    - Avoid casting smartlist index to int implicitly, as it may trigger
      a warning (-Wshorten-64-to-32). Fixes bug 26282; bugfix on
      0.2.3.13-alpha, 0.2.7.1-alpha and 0.2.1.1-alpha.
    - Use time_t for all values in
      predicted_ports_prediction_time_remaining(). Rework the code that
      computes difference between durations/timestamps. Fixes bug 27165;
      bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (client, memory usage):
    - When not running as a directory cache, there is no need to store
      the text of the current consensus networkstatus in RAM.
      Previously, however, clients would store it anyway, at a cost of
      over 5 MB. Now, they do not. Fixes bug 27247; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (client, ReachableAddresses):
    - Instead of adding a "reject *:*" line to ReachableAddresses when
      loading the configuration, add one to the policy after parsing it
      in parse_reachable_addresses(). This prevents extra "reject *.*"
      lines from accumulating on reloads. Fixes bug 20874; bugfix on
      0.1.1.5-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (code quality):
    - Rename sandbox_getaddrinfo() and other functions to no longer
      misleadingly suggest that they are sandbox-only. Fixes bug 26525;
      bugfix on 0.2.7.1-alpha.

  o Minor bugfixes (code safety):
    - Rewrite our assertion macros so that they no longer suppress the
      compiler's -Wparentheses warnings. Fixes bug 27709; bugfix
      on 0.0.6.

  o Minor bugfixes (compilation):
    - Initialize a variable unconditionally in aes_new_cipher(), since
      some compilers cannot tell that we always initialize it before
      use. Fixes bug 28413; bugfix on 0.2.9.3-alpha.

  o Minor bugfixes (configuration):
    - Refuse to start with relative file paths and RunAsDaemon set
      (regression from the fix for bug 22731). Fixes bug 28298; bugfix
      on 0.3.3.1-alpha.

  o Minor bugfixes (configuration, Onion Services):
    - In rend_service_parse_port_config(), disallow any input to remain
      after address-port pair was parsed. This will catch address and
      port being whitespace-separated by mistake of the user. Fixes bug
      27044; bugfix on 0.2.9.10.

  o Minor bugfixes (connection, relay):
    - Avoid a logging a BUG() stacktrace when closing connection held
      open because the write side is rate limited but not the read side.
      Now, the connection read side is simply shut down until Tor is
      able to flush the connection and close it. Fixes bug 27750; bugfix
      on 0.3.4.1-alpha.

  o Minor bugfixes (continuous integration, Windows):
    - Stop reinstalling identical packages in our Windows CI. Fixes bug
      27464; bugfix on 0.3.4.1-alpha.
    - Install only the necessary mingw packages during our appveyor
      builds. This change makes the build a little faster, and prevents
      a conflict with a preinstalled mingw openssl that appveyor now
      ships. Fixes bugs 27765 and 27943; bugfix on 0.3.4.2-alpha.
    - Explicitly specify the path to the OpenSSL library and do not
      download OpenSSL from Pacman, but instead use the library that is
      already provided by AppVeyor. Fixes bug 28574; bugfix on master.
    - Manually configure the zstd compiler options, when building using
      mingw on Appveyor Windows CI. The MSYS2 mingw zstd package does
      not come with a pkg-config file. Fixes bug 28454; bugfix
      on 0.3.4.1-alpha.
    - Stop using an external OpenSSL install, and stop installing MSYS2
      packages, when building using mingw on Appveyor Windows CI. Fixes
      bug 28399; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (controller):
    - Consider all routerinfo errors other than "not a server" to be
      transient for the purpose of "GETINFO exit-policy/*" controller
      request. Print stacktrace in the unlikely case of failing to
      recompute routerinfo digest. Fixes bug 27034; bugfix
      on 0.3.4.1-alpha.

  o Minor bugfixes (correctness):
    - Fix an unreached code path where we checked the value of
      "hostname" inside send_resolved_hostname_cell(). Previously, we
      used it before checking it; now we check it first. Fixes bug
      28879; bugfix on 0.1.2.7-alpha.

  o Minor bugfixes (directory connection shutdown):
    - Avoid a double-close when shutting down a stalled directory
      connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (directory permissions):
    - When a user requests a group-readable DataDirectory, give it to
      them. Previously, when the DataDirectory and the CacheDirectory
      were the same, the default setting (0) for
      CacheDirectoryGroupReadable would override the setting for
      DataDirectoryGroupReadable. Fixes bug 26913; bugfix
      on 0.3.3.1-alpha.

  o Minor bugfixes (HTTP tunnel):
    - Fix a bug warning when closing an HTTP tunnel connection due to an
      HTTP request we couldn't handle. Fixes bug 26470; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (ipv6):
    - In addrs_in_same_network_family(), we choose the subnet size based
      on the IP version (IPv4 or IPv6). Previously, we chose a fixed
      subnet size of /16 for both IPv4 and IPv6 addresses. Fixes bug
      15518; bugfix on 0.2.3.1-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (Linux seccomp2 sandbox):
    - Permit the "shutdown()" system call, which is apparently used by
      OpenSSL under some circumstances. Fixes bug 28183; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (logging):
    - Stop talking about the Named flag in log messages. Clients have
      ignored the Named flag since 0.3.2. Fixes bug 28441; bugfix
      on 0.3.2.1-alpha.
    - As a precaution, do an early return from log_addr_has_changed() if
      Tor is running as client. Also, log a stack trace for debugging as
      this function should only be called when Tor runs as server. Fixes
      bug 26892; bugfix on 0.1.1.9-alpha.
    - Refrain from mentioning bug 21018 in the logs, as it is already
      fixed. Fixes bug 25477; bugfix on 0.2.9.8.

  o Minor bugfixes (logging, documentation):
    - When SafeLogging is enabled, scrub IP address in
      channel_tls_process_netinfo_cell(). Also, add a note to manpage
      that scrubbing is not guaranteed on loglevels below Notice. Fixes
      bug 26882; bugfix on 0.2.4.10-alpha.

  o Minor bugfixes (memory leaks):
    - Fix a harmless memory leak in libtorrunner.a. Fixes bug 28419;
      bugfix on 0.3.3.1-alpha. Patch from Martin Kepplinger.
    - Fix a small memory leak when calling Tor with --dump-config. Fixes
      bug 27893; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (netflow padding):
    - Ensure circuitmux queues are empty before scheduling or sending
      padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (onion service v2):
    - Log at level "info", not "warning", in the case that we do not
      have a consensus when a .onion request comes in. This can happen
      normally while bootstrapping. Fixes bug 27040; bugfix
      on 0.2.8.2-alpha.

  o Minor bugfixes (onion service v3):
    - When deleting an ephemeral onion service (DEL_ONION), do not close
      any rendezvous circuits in order to let the existing client
      connections finish by themselves or closed by the application. The
      HS v2 is doing that already so now we have the same behavior for
      all versions. Fixes bug 28619; bugfix on 0.3.3.1-alpha.
    - Build the service descriptor's signing key certificate before
      uploading, so we always have a fresh one: leaving no chances for
      it to expire service side. Fixes bug 27838; bugfix
      on 0.3.2.1-alpha.
    - Stop dumping a stack trace when trying to connect to an intro
      point without having a descriptor for it. Fixes bug 27774; bugfix
      on 0.3.2.1-alpha.
    - When selecting a v3 rendezvous point, don't only look at the
      protover, but also check whether the curve25519 onion key is
      present. This way we avoid picking a relay that supports the v3
      rendezvous but for which we don't have the microdescriptor. Fixes
      bug 27797; bugfix on 0.3.2.1-alpha.
    - Close all SOCKS request (for the same .onion) if the newly fetched
      descriptor is unusable. Before that, we would close only the first
      one leaving the other hanging and let to time out by themselves.
      Fixes bug 27410; bugfix on 0.3.2.1-alpha.
    - When the onion service directory can't be created or has the wrong
      permissions, do not log a stack trace. Fixes bug 27335; bugfix
      on 0.3.2.1-alpha.
    - When replacing a descriptor in the client cache, make sure to
      close all client introduction circuits for the old descriptor, so
      we don't end up with unusable leftover circuits. Fixes bug 27471;
      bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (OS compatibility):
    - Properly handle configuration changes that move a listener to/from
      wildcard IP address. If the first attempt to bind a socket fails,
      close the old listener and try binding the socket again. Fixes bug
      17873; bugfix on 0.0.8pre-1.

  o Minor bugfixes (performance)::
    - Rework node_is_a_configured_bridge() to no longer call
      node_get_all_orports(), which was performing too many memory
      allocations. Fixes bug 27224; bugfix on 0.2.3.9.

  o Minor bugfixes (protover):
    - Reject protocol names containing bytes other than alphanumeric
      characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
      on 0.2.9.4-alpha.

  o Minor bugfixes (protover, rust):
    - Reject extra commas in version strings. Fixes bug 27197; bugfix
      on 0.3.3.3-alpha.
    - protover_all_supported() would attempt to allocate up to 16GB on
      some inputs, leading to a potential memory DoS. Fixes bug 27206;
      bugfix on 0.3.3.5-rc.
    - Compute protover votes correctly in the rust version of the
      protover code. Previously, the protover rewrite in 24031 allowed
      repeated votes from the same voter for the same protocol version
      to be counted multiple times in protover_compute_vote(). Fixes bug
      27649; bugfix on 0.3.3.5-rc.
    - Reject protover names that contain invalid characters. Fixes bug
      27687; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (relay shutdown, systemd):
    - Notify systemd of ShutdownWaitLength so it can be set to longer
      than systemd's TimeoutStopSec. In Tor's systemd service file, set
      TimeoutSec to 60 seconds to allow Tor some time to shut down.
      Fixes bug 28113; bugfix on 0.2.6.2-alpha.

  o Minor bugfixes (relay statistics):
    - Update relay descriptor on bandwidth changes only when the uptime
      is smaller than 24h, in order to reduce the efficiency of guard
      discovery attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.

  o Minor bugfixes (relay):
    - Consider the fact that we'll be making direct connections to our
      entry and guard nodes when computing the fraction of nodes that
      have their descriptors. Also, if we are using bridges and there is
      at least one bridge with a full descriptor, treat the fraction of
      guards available as 100%. Fixes bug 25886; bugfix on 0.2.4.10-alpha.
      Patch by Neel Chauhan.
    - Update the message logged on relays when DirCache is disabled.
      Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the
      Guard flag. Fixes bug 24312; bugfix on 0.3.3.5-rc.

  o Minor bugfixes (testing):
    - Stop running stem's unit tests as part of "make test-stem", but
      continue to run stem's unit and online tests during "make test-
      stem-full". Fixes bug 28568; bugfix on 0.2.6.3-alpha.
    - Stop leaking memory in an entry guard unit test. Fixes bug 28554;
      bugfix on 0.3.0.1-alpha.
    - Make the hs_service tests use the same time source when creating
      the introduction point and when testing it. Now tests work better
      on very slow systems like ARM or Travis. Fixes bug 27810; bugfix
      on 0.3.2.1-alpha.
    - Revise the "conditionvar_timeout" test so that it succeeds even on
      heavily loaded systems where the test threads are not scheduled
      within 200 msec. Fixes bug 27073; bugfix on 0.2.6.3-alpha.
    - Fix two unit tests to work when HOME environment variable is not
      set. Fixes bug 27096; bugfix on 0.2.8.1-alpha.
    - If a unit test running in a subprocess exits abnormally or with a
      nonzero status code, treat the test as having failed, even if the
      test reported success. Without this fix, memory leaks don't cause
      the tests to fail, even with LeakSanitizer. Fixes bug 27658;
      bugfix on 0.2.2.4-alpha.
    - When logging a version mismatch in our openssl_version tests,
      report the actual offending version strings. Fixes bug 26152;
      bugfix on 0.2.9.1-alpha.
    - Fix forking tests on Windows when there is a space somewhere in
      the path. Fixes bug 26437; bugfix on 0.2.2.4-alpha.

  o Minor bugfixes (Windows):
    - Correctly identify Windows 8.1, Windows 10, and Windows Server
      2008 and later from their NT versions. Fixes bug 28096; bugfix on
      0.2.2.34; reported by Keifer Bly.
    - On recent Windows versions, the GetVersionEx() function may report
      an earlier Windows version than the running OS. To avoid user
      confusion, add "[or later]" to Tor's version string on affected
      versions of Windows. Fixes bug 28096; bugfix on 0.2.2.34; reported
      by Keifer Bly.
    - Remove Windows versions that were never supported by the
      GetVersionEx() function. Stop duplicating the latest Windows
      version in get_uname(). Fixes bug 28096; bugfix on 0.2.2.34;
      reported by Keifer Bly.

  o Code simplification and refactoring:
    - When parsing a port configuration, make it more obvious to static
      analyzer tools that we always initialize the address. Closes
      ticket 28881.
    - Divide more large Tor source files -- especially ones that span
      multiple areas of functionality -- into smaller parts, including
      onion.c and main.c. Closes ticket 26747.
    - Divide the "routerparse.c" module into separate modules for each
      group of parsed objects. Closes ticket 27924.
    - Move protover_rust.c to the same place protover.c was moved to.
      Closes ticket 27814.
    - Split directory.c into separate pieces for client, server, and
      common functionality. Closes ticket 26744.
    - Split the non-statistics-related parts from the rephist.c and
      geoip.c modules. Closes ticket 27892.
    - Split the router.c file into relay-only and shared components, to
      help with future modularization. Closes ticket 27864.
    - Divide the routerlist.c and dirserv.c modules into smaller parts.
      Closes ticket 27799.
    - 'updateFallbackDirs.py' now ignores the blacklist file, as it's not
      longer needed. Closes ticket 26502.
    - Include paths to header files within Tor are now qualified by
      directory within the top-level src directory.
    - Many structures have been removed from the centralized "or.h"
      header, and moved into their own headers. This will allow us to
      reduce the number of places in the code that rely on each
      structure's contents and layout. Closes ticket 26383.
    - Remove ATTR_NONNULL macro from codebase. Resolves ticket 26527.
    - Remove GetAdaptersAddresses_fn_t. The code that used it was
      removed as part of the 26481 refactor. Closes ticket 27467.
    - Rework Tor SOCKS server code to use Trunnel and benefit from
      autogenerated functions for parsing and generating SOCKS wire
      format. New implementation is cleaner, more maintainable and
      should be less prone to heartbleed-style vulnerabilities.
      Implements a significant fraction of ticket 3569.
    - Split sampled_guards_update_from_consensus() and
      select_entry_guard_for_circuit() into subfunctions. In
      entry_guards_update_primary() unite three smartlist enumerations
      into one and move smartlist comparison code out of the function.
      Closes ticket 21349.
    - Tor now assumes that you have standards-conformant stdint.h and
      inttypes.h headers when compiling. Closes ticket 26626.
    - Unify our bloom filter logic. Previously we had two copies of this
      code: one for routerlist filtering, and one for address set
      calculations. Closes ticket 26510.
    - Use the simpler strcmpstart() helper in
      rend_parse_v2_service_descriptor instead of strncmp(). Closes
      ticket 27630.
    - Utility functions that can perform a DNS lookup are now wholly
      separated from those that can't, in separate headers and C
      modules. Closes ticket 26526.

  o Documentation:
    - In the tor-resolve(1) manpage, fix the reference to socks-
      extensions.txt by adding a web URL. Resolves ticket 27853.
    - Mention that we require Python to be 2.7 or newer for some
      integration tests that we ship with Tor. Resolves ticket 27677.
    - Copy paragraph and URL to Tor's code of conduct document from
      CONTRIBUTING to new CODE_OF_CONDUCT file. Resolves ticket 26638.
    - Remove old instructions from INSTALL document. Closes ticket 26588.
    - Warn users that they should not include MyFamily line(s) in their
      torrc when running Tor bridge. Closes ticket 26908.

  o Removed features:
    - Tor no longer supports building with the dmalloc library. For
      debugging memory issues, we suggest using gperftools or msan
      instead. Closes ticket 26426.
    - Tor no longer attempts to run on Windows environments without the
      GetAdaptersAddresses() function. This function has existed since
      Windows XP, which is itself already older than we support.
    - Remove Tor2web functionality for version 2 onion services. The
      Tor2webMode and Tor2webRendezvousPoints options are now obsolete.
      (This feature was never shipped in vanilla Tor and it was only
      possible to use this feature by building the support at compile
      time. Tor2webMode is not implemented for version 3 onion services.)
      Closes ticket 26367.

  o Testing:
    - Increase logging and tag all log entries with timestamps in
      test_rebind.py. Provides diagnostics for issue 28229.

  o Code simplification and refactoring (shared random, dirauth):
    - Change many tor_assert() to use BUG() instead. The idea is to not
      crash a dirauth but rather scream loudly with a stacktrace and let
      it continue run. The shared random subsystem is very resilient and
      if anything wrong happens with it, at worst a non coherent value
      will be put in the vote and discarded by the other authorities.
      Closes ticket 19566.

  o Documentation (onion services):
    - Improve HSv3 client authorization by making some options more
      explicit and detailed. Closes ticket 28026. Patch by Mike Tigas.
    - Document in the man page that changing ClientOnionAuthDir value or
      adding a new file in the directory will not work at runtime upon
      sending a HUP if Sandbox 1. Closes ticket 28128.
    - Note in the man page that the only real way to fully revoke an
      onion service v3 client authorization is by restarting the tor
      process. Closes ticket 28275.


Changes in version 0.3.4.9 - 2018-11-02
  Tor 0.3.4.9 is the second stable release in its series; it backports
  numerous fixes, including a fix for a bandwidth management bug that
  was causing memory exhaustion on relays. Anyone running an earlier
  version of Tor 0.3.4.9 should upgrade.

  o Major bugfixes (compilation, backport from 0.3.5.3-alpha):
    - Fix compilation on ARM (and other less-used CPUs) when compiling
      with OpenSSL before 1.1. Fixes bug 27781; bugfix on 0.3.4.1-alpha.

  o Major bugfixes (mainloop, bootstrap, backport from 0.3.5.3-alpha):
    - Make sure Tor bootstraps and works properly if only the
      ControlPort is set. Prior to this fix, Tor would only bootstrap
      when a client port was set (Socks, Trans, NATD, DNS or HTTPTunnel
      port). Fixes bug 27849; bugfix on 0.3.4.1-alpha.

  o Major bugfixes (relay, backport from 0.3.5.3-alpha):
    - When our write bandwidth limit is exhausted, stop writing on the
      connection. Previously, we had a typo in the code that would make
      us stop reading instead, leading to relay connections being stuck
      indefinitely and consuming kernel RAM. Fixes bug 28089; bugfix
      on 0.3.4.1-alpha.

  o Major bugfixes (restart-in-process, backport from 0.3.5.1-alpha):
    - Fix a use-after-free error that could be caused by passing Tor an
      impossible set of options that would fail during options_act().
      Fixes bug 27708; bugfix on 0.3.3.1-alpha.

  o Minor features (continuous integration, backport from 0.3.5.1-alpha):
    - Don't do a distcheck with --disable-module-dirauth in Travis.
      Implements ticket 27252.
    - Only run one online rust build in Travis, to reduce network
      errors. Skip offline rust builds on Travis for Linux gcc, because
      they're redundant. Implements ticket 27252.
    - Skip gcc on OSX in Travis CI, because it's rarely used. Skip a
      duplicate hardening-off build in Travis on Tor 0.2.9. Skip gcc on
      Linux with default settings, because all the non-default builds
      use gcc on Linux. Implements ticket 27252.

  o Minor features (continuous integration, backport from 0.3.5.3-alpha):
    - Use the Travis Homebrew addon to install packages on macOS during
      Travis CI. The package list is the same, but the Homebrew addon
      does not do a `brew update` by default. Implements ticket 27738.

  o Minor features (geoip):
    - Update geoip and geoip6 to the October 9 2018 Maxmind GeoLite2
      Country database. Closes ticket 27991.

  o Minor bugfixes (32-bit OSX and iOS, timing, backport from 0.3.5.2-alpha):
    - Fix an integer overflow bug in our optimized 32-bit millisecond-
      difference algorithm for 32-bit Apple platforms. Previously, it
      would overflow when calculating the difference between two times
      more than 47 days apart. Fixes part of bug 27139; bugfix
      on 0.3.4.1-alpha.
    - Improve the precision of our 32-bit millisecond difference
      algorithm for 32-bit Apple platforms. Fixes part of bug 27139;
      bugfix on 0.3.4.1-alpha.
    - Relax the tolerance on the mainloop/update_time_jumps test when
      running on 32-bit Apple platforms. Fixes part of bug 27139; bugfix
      on 0.3.4.1-alpha.

  o Minor bugfixes (C correctness, to appear in 0.3.5.4-alpha):
    - Avoid undefined behavior in an end-of-string check when parsing
      the BEGIN line in a directory object. Fixes bug 28202; bugfix
      on 0.2.0.3-alpha.

  o Minor bugfixes (CI, appveyor, to appear in 0.3.5.4-alpha):
    - Only install the necessary mingw packages during our appveyor
      builds. This change makes the build a little faster, and prevents
      a conflict with a preinstalled mingw openssl that appveyor now
      ships. Fixes bugs 27943 and 27765; bugfix on 0.3.4.2-alpha.

  o Minor bugfixes (code safety, backport from 0.3.5.3-alpha):
    - Rewrite our assertion macros so that they no longer suppress the
      compiler's -Wparentheses warnings. Fixes bug 27709; bugfix

  o Minor bugfixes (continuous integration, backport from 0.3.5.1-alpha):
    - Stop reinstalling identical packages in our Windows CI. Fixes bug
      27464; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (directory authority, to appear in 0.3.5.4-alpha):
    - Log additional info when we get a relay that shares an ed25519 ID
      with a different relay, instead making a BUG() warning. Fixes bug
      27800; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (directory connection shutdown, backport from 0.3.5.1-alpha):
    - Avoid a double-close when shutting down a stalled directory
      connection. Fixes bug 26896; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (HTTP tunnel, backport from 0.3.5.1-alpha):
    - Fix a bug warning when closing an HTTP tunnel connection due to an
      HTTP request we couldn't handle. Fixes bug 26470; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (netflow padding, backport from 0.3.5.1-alpha):
    - Ensure circuitmux queues are empty before scheduling or sending
      padding. Fixes bug 25505; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (onion service v3, backport from 0.3.5.1-alpha):
    - When the onion service directory can't be created or has the wrong
      permissions, do not log a stack trace. Fixes bug 27335; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (onion service v3, backport from 0.3.5.2-alpha):
    - Close all SOCKS request (for the same .onion) if the newly fetched
      descriptor is unusable. Before that, we would close only the first
      one leaving the other hanging and let to time out by themselves.
      Fixes bug 27410; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (onion service v3, backport from 0.3.5.3-alpha):
    - When selecting a v3 rendezvous point, don't only look at the
      protover, but also check whether the curve25519 onion key is
      present. This way we avoid picking a relay that supports the v3
      rendezvous but for which we don't have the microdescriptor. Fixes
      bug 27797; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (protover, backport from 0.3.5.3-alpha):
    - Reject protocol names containing bytes other than alphanumeric
      characters and hyphens ([A-Za-z0-9-]). Fixes bug 27316; bugfix
      on 0.2.9.4-alpha.

  o Minor bugfixes (rust, backport from 0.3.5.1-alpha):
    - Compute protover votes correctly in the rust version of the
      protover code. Previously, the protover rewrite in 24031 allowed
      repeated votes from the same voter for the same protocol version
      to be counted multiple times in protover_compute_vote(). Fixes bug
      27649; bugfix on 0.3.3.5-rc.
    - Reject protover names that contain invalid characters. Fixes bug
      27687; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (rust, backport from 0.3.5.2-alpha):
    - protover_all_supported() would attempt to allocate up to 16GB on
      some inputs, leading to a potential memory DoS. Fixes bug 27206;
      bugfix on 0.3.3.5-rc.

  o Minor bugfixes (rust, directory authority, to appear in 0.3.5.4-alpha):
    - Fix an API mismatch in the rust implementation of
      protover_compute_vote(). This bug could have caused crashes on any
      directory authorities running Tor with Rust (which we do not yet
      recommend). Fixes bug 27741; bugfix on 0.3.3.6.

  o Minor bugfixes (rust, to appear in 0.3.5.4-alpha):
    - Fix a potential null dereference in protover_all_supported(). Add
      a test for it. Fixes bug 27804; bugfix on 0.3.3.1-alpha.
    - Return a string that can be safely freed by C code, not one
      created by the rust allocator, in protover_all_supported(). Fixes
      bug 27740; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (testing, backport from 0.3.5.1-alpha):
    - If a unit test running in a subprocess exits abnormally or with a
      nonzero status code, treat the test as having failed, even if the
      test reported success. Without this fix, memory leaks don't cause
      the tests to fail, even with LeakSanitizer. Fixes bug 27658;
      bugfix on 0.2.2.4-alpha.

  o Minor bugfixes (testing, backport from 0.3.5.3-alpha):
    - Make the hs_service tests use the same time source when creating
      the introduction point and when testing it. Now tests work better
      on very slow systems like ARM or Travis. Fixes bug 27810; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (testing, to appear in 0.3.5.4-alpha):
    - Treat backtrace test failures as expected on BSD-derived systems
      (NetBSD, OpenBSD, and macOS/Darwin) until we solve bug 17808.
      (FreeBSD failures have been treated as expected since 18204 in
      0.2.8.) Fixes bug 27948; bugfix on 0.2.5.2-alpha.


Changes in version 0.2.9.17 - 2018-09-10
  Tor 0.2.9.17 backports numerous bugfixes from later versions of Tor.

  o Minor features (compatibility, backport from 0.3.4.8):
    - Tell OpenSSL to maintain backward compatibility with previous
      RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
      ciphers are disabled by default. Closes ticket 27344.

  o Minor features (continuous integration, backport from 0.3.4.7-rc):
    - Enable macOS builds in our Travis CI configuration. Closes
      ticket 24629.
    - Install libcap-dev and libseccomp2-dev so these optional
      dependencies get tested on Travis CI. Closes ticket 26560.
    - Run asciidoc during Travis CI. Implements ticket 27087.
    - Use ccache in our Travis CI configuration. Closes ticket 26952.

  o Minor features (geoip):
    - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
      Country database. Closes ticket 27089.

  o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
    - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
      tell the compiler not to include the system malloc implementation.
      Fixes bug 20424; bugfix on 0.2.0.20-rc.

  o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
    - Silence a spurious compiler warning on the GetAdaptersAddresses
      function pointer cast. This issue is already fixed by 26481 in
      0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
      bugfix on 0.2.3.11-alpha.
    - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
      supported, and always fails. Some compilers warn about the
      function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
      on 0.2.2.23-alpha.

  o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
    - Don't link or search for pthreads when building for Windows, even
      if we are using build environment (like mingw) that provides a
      pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
    - Skip a pair of unreliable key generation tests on Windows, until
      the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
      bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.

  o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
    - Pass the module flags to distcheck configure, and log the flags
      before running configure. (Backported to 0.2.9 and later as a
      precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (continuous integration, backport from 0.3.4.8):
    - When a Travis build fails, and showing a log fails, keep trying to
      show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
    - When we use echo in Travis, don't pass a --flag as the first
      argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.

  o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
    - When voting for recommended versions, make sure that all of the
      versions are well-formed and parsable. Fixes bug 26485; bugfix
      on 0.1.1.6-alpha.

  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
    - Fix a bug in out sandboxing rules for the openat() syscall.
      Previously, no openat() call would be permitted, which would break
      filesystem operations on recent glibc versions. Fixes bug 25440;
      bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.

  o Minor bugfixes (onion services, backport from 0.3.4.8):
    - Silence a spurious compiler warning in
      rend_client_send_introduction(). Fixes bug 27463; bugfix
      on 0.1.1.2-alpha.

  o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
    - Log a protocol warning when single onion services or Tor2web clients
      fail to authenticate direct connections to relays.
      Fixes bug 26924; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (testing, backport from 0.3.4.6-rc):
    - Disable core dumps in test_bt.sh, to avoid failures in "make
      distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.

  o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
    - Before running make test-network-all, delete old logs and test
      result files, to avoid spurious failures. Fixes bug 27295; bugfix
      on 0.2.7.3-rc.

  o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
    - Our "tortls/cert_matches_key" unit test no longer relies on
      OpenSSL internals. Previously, it relied on unsupported OpenSSL
      behavior in a way that caused it to crash with OpenSSL 1.0.2p.
      Fixes bug 27226; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
    - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
      27185; bugfix on 0.2.2.2-alpha.


Changes in version 0.3.2.12 - 2018-09-10
  Tor 0.3.2.12 backport numerous fixes from later versions of Tor.

  o Minor features (compatibility, backport from 0.3.4.8):
    - Tell OpenSSL to maintain backward compatibility with previous
      RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
      ciphers are disabled by default. Closes ticket 27344.

  o Minor features (continuous integration, backport from 0.3.4.7-rc):
    - Enable macOS builds in our Travis CI configuration. Closes
      ticket 24629.
    - Install libcap-dev and libseccomp2-dev so these optional
      dependencies get tested on Travis CI. Closes ticket 26560.
    - Run asciidoc during Travis CI. Implements ticket 27087.
    - Use ccache in our Travis CI configuration. Closes ticket 26952.

  o Minor features (continuous integration, rust, backport from 0.3.4.7-rc):
    - Use cargo cache in our Travis CI configuration. Closes
      ticket 26952.

  o Minor features (controller, backport from 0.3.4.6-rc):
    - The control port now exposes the list of HTTPTunnelPorts and
      ExtOrPorts via GETINFO net/listeners/httptunnel and
      net/listeners/extor respectively. Closes ticket 26647.

  o Minor features (directory authorities, backport from 0.3.4.7-rc):
    - Authorities no longer vote to make the subprotocol version
      "LinkAuth=1" a requirement: it is unsupportable with NSS, and
      hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.

  o Minor features (geoip):
    - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
      Country database. Closes ticket 27089.

  o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
    - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
      tell the compiler not to include the system malloc implementation.
      Fixes bug 20424; bugfix on 0.2.0.20-rc.
    - Don't try to use a pragma to temporarily disable the
      -Wunused-const-variable warning if the compiler doesn't support
      it. Fixes bug 26785; bugfix on 0.3.2.11.

  o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
    - Silence a spurious compiler warning on the GetAdaptersAddresses
      function pointer cast. This issue is already fixed by 26481 in
      0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
      bugfix on 0.2.3.11-alpha.
    - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
      supported, and always fails. Some compilers warn about the
      function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
      on 0.2.2.23-alpha.

  o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
    - Don't link or search for pthreads when building for Windows, even
      if we are using build environment (like mingw) that provides a
      pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
    - Skip a pair of unreliable key generation tests on Windows, until
      the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
      bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.

  o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
    - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
    - Pass the module flags to distcheck configure, and log the flags
      before running configure. (Backported to 0.2.9 and later as a
      precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (continuous integration, backport from 0.3.4.8):
    - When a Travis build fails, and showing a log fails, keep trying to
      show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
    - When we use echo in Travis, don't pass a --flag as the first
      argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.

  o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
    - When voting for recommended versions, make sure that all of the
      versions are well-formed and parsable. Fixes bug 26485; bugfix
      on 0.1.1.6-alpha.

  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
    - Fix a bug in out sandboxing rules for the openat() syscall.
      Previously, no openat() call would be permitted, which would break
      filesystem operations on recent glibc versions. Fixes bug 25440;
      bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.

  o Minor bugfixes (logging, backport from 0.3.4.6-rc):
    - Improve the log message when connection initiators fail to
      authenticate direct connections to relays. Fixes bug 26927; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (onion services, backport from 0.3.4.7-rc):
    - Fix bug that causes services to not ever rotate their descriptors
      if they were getting SIGHUPed often. Fixes bug 26932; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (onion services, backport from 0.3.4.8):
    - Silence a spurious compiler warning in
      rend_client_send_introduction(). Fixes bug 27463; bugfix
      on 0.1.1.2-alpha.

  o Minor bugfixes (rust, backport from 0.3.4.7-rc):
    - Backport test_rust.sh from master. Fixes bug 26497; bugfix
      on 0.3.1.5-alpha.
    - Consistently use ../../.. as a fallback for $abs_top_srcdir in
      test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha.
    - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
      $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.

  o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
    - Log a protocol warning when single onion services or Tor2web clients
      fail to authenticate direct connections to relays.
      Fixes bug 26924; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (testing, backport from 0.3.4.6-rc):
    - Disable core dumps in test_bt.sh, to avoid failures in "make
      distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.

  o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
    - When running make test-network-all, use the mixed+hs-v2 network.
      (A previous fix to chutney removed v3 onion services from the
      mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
      confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
    - Before running make test-network-all, delete old logs and test
      result files, to avoid spurious failures. Fixes bug 27295; bugfix
      on 0.2.7.3-rc.

  o Minor bugfixes (testing, openssl compatibility):
    - Our "tortls/cert_matches_key" unit test no longer relies on OpenSSL
      internals.  Previously, it relied on unsupported OpenSSL behavior in
      a way that caused it to crash with OpenSSL 1.0.2p. Fixes bug 27226;
      bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
    - Our "tortls/cert_matches_key" unit test no longer relies on
      OpenSSL internals. Previously, it relied on unsupported OpenSSL
      behavior in a way that caused it to crash with OpenSSL 1.0.2p.
      Fixes bug 27226; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
    - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
      27185; bugfix on 0.2.2.2-alpha.


Changes in version 0.3.3.10 - 2018-09-10
  Tor 0.3.3.10 backports numerous fixes from later versions of Tor.

  o Minor features (bug workaround, backport from 0.3.4.7-rc):
    - Compile correctly on systems that provide the C11 stdatomic.h
      header, but where C11 atomic functions don't actually compile.
      Closes ticket 26779; workaround for Debian issue 903709.

  o Minor features (compatibility, backport from 0.3.4.8):
    - Tell OpenSSL to maintain backward compatibility with previous
      RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
      ciphers are disabled by default. Closes ticket 27344.

  o Minor features (continuous integration, backport from 0.3.4.7-rc):
    - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629.
    - Enable macOS builds in our Travis CI configuration. Closes
      ticket 24629.
    - Install libcap-dev and libseccomp2-dev so these optional
      dependencies get tested on Travis CI. Closes ticket 26560.
    - Run asciidoc during Travis CI. Implements ticket 27087.
    - Use ccache in our Travis CI configuration. Closes ticket 26952.

  o Minor features (continuous integration, rust, backport from 0.3.4.7-rc):
    - Use cargo cache in our Travis CI configuration. Closes
      ticket 26952.

  o Minor features (controller, backport from 0.3.4.6-rc):
    - The control port now exposes the list of HTTPTunnelPorts and
      ExtOrPorts via GETINFO net/listeners/httptunnel and
      net/listeners/extor respectively. Closes ticket 26647.

  o Minor features (directory authorities, backport from 0.3.4.7-rc):
    - Authorities no longer vote to make the subprotocol version
      "LinkAuth=1" a requirement: it is unsupportable with NSS, and
      hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.

  o Minor features (geoip):
    - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
      Country database. Closes ticket 27089.

  o Minor bugfixes (compilation, backport from 0.3.4.6-rc):
    - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
      tell the compiler not to include the system malloc implementation.
      Fixes bug 20424; bugfix on 0.2.0.20-rc.
    - Don't try to use a pragma to temporarily disable the
      -Wunused-const-variable warning if the compiler doesn't support
      it. Fixes bug 26785; bugfix on 0.3.2.11.

  o Minor bugfixes (compilation, backport from 0.3.4.7-rc):
    - Silence a spurious compiler warning on the GetAdaptersAddresses
      function pointer cast. This issue is already fixed by 26481 in
      0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
      bugfix on 0.2.3.11-alpha.
    - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
      supported, and always fails. Some compilers warn about the
      function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
      on 0.2.2.23-alpha.

  o Minor bugfixes (compilation, windows, backport from 0.3.4.7-rc):
    - Don't link or search for pthreads when building for Windows, even
      if we are using build environment (like mingw) that provides a
      pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (continuous integration, backport from 0.3.4.6-rc):
    - Skip a pair of unreliable key generation tests on Windows, until
      the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
      bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.

  o Minor bugfixes (continuous integration, backport from 0.3.4.7-rc):
    - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
    - Pass the module flags to distcheck configure, and log the flags
      before running configure. (Backported to 0.2.9 and later as a
      precaution.) Fixes bug 27088; bugfix on 0.3.4.1-alpha.

  o Minor bugfixes (continuous integration, backport from 0.3.4.8):
    - When a Travis build fails, and showing a log fails, keep trying to
      show the other logs. Fixes bug 27453; bugfix on 0.3.4.7-rc.
    - When we use echo in Travis, don't pass a --flag as the first
      argument. Fixes bug 27418; bugfix on 0.3.4.7-rc.

  o Minor bugfixes (directory authority, backport from 0.3.4.6-rc):
    - When voting for recommended versions, make sure that all of the
      versions are well-formed and parsable. Fixes bug 26485; bugfix
      on 0.1.1.6-alpha.

  o Minor bugfixes (in-process restart, backport from 0.3.4.7-rc):
    - Always call tor_free_all() when leaving tor_run_main(). When we
      did not, restarting tor in-process would cause an assertion
      failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (linux seccomp2 sandbox, backport from 0.3.4.7-rc):
    - Fix a bug in our sandboxing rules for the openat() syscall.
      Previously, no openat() call would be permitted, which would break
      filesystem operations on recent glibc versions. Fixes bug 25440;
      bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.

  o Minor bugfixes (logging, backport from 0.3.4.6-rc):
    - Improve the log message when connection initiators fail to
      authenticate direct connections to relays. Fixes bug 26927; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (onion services, backport from 0.3.4.7-rc):
    - Fix bug that causes services to not ever rotate their descriptors
      if they were getting SIGHUPed often. Fixes bug 26932; bugfix
      on 0.3.2.1-alpha.

  o Minor bugfixes (onion services, backport from 0.3.4.8):
    - Silence a spurious compiler warning in
      rend_client_send_introduction(). Fixes bug 27463; bugfix
      on 0.1.1.2-alpha.

  o Minor bugfixes (portability, backport from 0.3.4.6-rc):
    - Work around two different bugs in the OS X 10.10 and later SDKs
      that would prevent us from successfully targeting earlier versions
      of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (portability, backport from 0.3.4.7-rc):
    - Fix compilation of the unit tests on GNU/Hurd, which does not
      define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch
      from "paulusASol".

  o Minor bugfixes (rust, backport from 0.3.4.7-rc):
    - Backport test_rust.sh from master. Fixes bug 26497; bugfix
      on 0.3.1.5-alpha.
    - Consistently use ../../.. as a fallback for $abs_top_srcdir in
      test_rust.sh. Fixes bug 27093; bugfix on 0.3.4.3-alpha.
    - Protover parsing was accepting the presence of whitespace in
      version strings, which the C implementation would choke on, e.g.
      "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc.
    - Protover parsing was ignoring a 2nd hyphen and everything after
      it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix
      on 0.3.3.1-alpha.
    - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
      $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
    - cd to ${abs_top_builddir}/src/rust before running cargo in
      src/test/test_rust.sh. This makes the working directory consistent
      between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha.

  o Minor bugfixes (single onion services, Tor2web, backport from 0.3.4.6-rc):
    - Log a protocol warning when single onion services or Tor2web clients
      fail to authenticate direct connections to relays.
      Fixes bug 26924; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (testing, backport from 0.3.4.6-rc):
    - Disable core dumps in test_bt.sh, to avoid failures in "make
      distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.

  o Minor bugfixes (testing, chutney, backport from 0.3.4.8):
    - When running make test-network-all, use the mixed+hs-v2 network.
      (A previous fix to chutney removed v3 onion services from the
      mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
      confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
    - Before running make test-network-all, delete old logs and test
      result files, to avoid spurious failures. Fixes bug 27295; bugfix
      on 0.2.7.3-rc.

  o Minor bugfixes (testing, openssl compatibility, backport from 0.3.4.7-rc):
    - Our "tortls/cert_matches_key" unit test no longer relies on
      OpenSSL internals. Previously, it relied on unsupported OpenSSL
      behavior in a way that caused it to crash with OpenSSL 1.0.2p.
      Fixes bug 27226; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (v3 onion services, backport from 0.3.4.6-rc):
    - Stop sending ed25519 link specifiers in v3 onion service introduce
      cells and descriptors, when the rendezvous or introduction point
      doesn't support ed25519 link authentication. Fixes bug 26627;
      bugfix on 0.3.2.4-alpha.

  o Minor bugfixes (Windows, compilation, backport from 0.3.4.7-rc):
    - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
      27185; bugfix on 0.2.2.2-alpha.


Changes in version 0.3.4.8 - 2018-09-10
  Tor 0.3.4.8 is the first stable release in its series; it includes
  compilation and portability fixes.

  The Tor 0.3.4 series includes improvements for running Tor in
  low-power and embedded environments, which should help performance in
  general. We've begun work on better modularity, and included preliminary
  changes on the directory authority side to accommodate a new bandwidth
  measurement system.  We've also integrated more continuous-integration
  systems into our development process, and made corresponding changes to
  Tor's testing infrastructure.  Finally, we've continued to refine
  our anti-denial-of-service code.

  Below are the changes since 0.3.3.9. For a list of only the changes
  since 0.3.4.7-rc, see the ChangeLog file.

  o New system requirements:
    - Tor no longer tries to support old operating systems without
      mmap() or some local equivalent. Apparently, compilation on such
      systems has been broken for some time, without anybody noticing or
      complaining. Closes ticket 25398.

  o Major features (directory authority, modularization):
    - The directory authority subsystem has been modularized. The code
      is now located in src/or/dirauth/, and is compiled in by default.
      To disable the module, the configure option
      --disable-module-dirauth has been added. This module may be
      disabled by default in some future release. Closes ticket 25610.

  o Major features (main loop, CPU usage):
    - When Tor is disabled (via DisableNetwork or via hibernation), it
      no longer needs to run any per-second events. This change should
      make it easier for mobile applications to disable Tor while the
      device is sleeping, or Tor is not running. Closes ticket 26063.
    - Tor no longer enables all of its periodic events by default.
      Previously, Tor would enable all possible main loop events,
      regardless of whether it needed them. Furthermore, many of these
      events are now disabled when Tor is hibernating or DisableNetwork
      is set. This is a big step towards reducing client CPU usage by
      reducing the amount of wake-ups the daemon does. Closes tickets
      25376 and 25762.
    - The bandwidth-limitation logic has been refactored so that
      bandwidth calculations are performed on-demand, rather than every
      TokenBucketRefillInterval milliseconds. This change should improve
      the granularity of our bandwidth calculations, and limit the
      number of times that the Tor process needs to wake up when it is
      idle. Closes ticket 25373.
    - Move responsibility for many operations from a once-per-second
      callback to a callback that is only scheduled as needed. Moving
      this functionality has allowed us to disable the callback when
      Tor's network is disabled. Once enough items are removed from our
      once-per-second callback, we can eliminate it entirely to conserve
      CPU when idle. The functionality removed includes: closing
      connections, circuits, and channels (ticket 25932); consensus
      voting (25937); flushing log callbacks (25951); honoring delayed
      SIGNEWNYM requests (25949); rescanning the consensus cache
      (25931); saving the state file to disk (25948); warning relay
      operators about unreachable ports (25952); and keeping track of
      Tor's uptime (26009).

  o Minor features (accounting):
    - When Tor becomes dormant, it now uses a scheduled event to wake up
      at the right time. Previously, we would use the per-second timer
      to check whether to wake up, but we no longer have any per-second
      timers enabled when the network is disabled. Closes ticket 26064.

  o Minor features (bug workaround):
    - Compile correctly on systems that provide the C11 stdatomic.h
      header, but where C11 atomic functions don't actually compile.
      Closes ticket 26779; workaround for Debian issue 903709.

  o Minor features (code quality):
    - Add optional spell-checking for the Tor codebase, using the
      "misspell" program. To use this feature, run "make check-typos".
      Closes ticket 25024.

  o Minor features (compatibility):
    - Tell OpenSSL to maintain backward compatibility with previous
      RSA1024/DH1024 users in Tor. With OpenSSL 1.1.1-pre6, these
      ciphers are disabled by default. Closes ticket 27344.
    - Tor now detects versions of OpenSSL 1.1.0 and later compiled with
      the no-deprecated option, and builds correctly with them. Closes
      tickets 19429, 19981, and 25353.

  o Minor features (compilation):
    - When compiling with --enable-openbsd-malloc or --enable-tcmalloc,
      tell the compiler not to include the system malloc implementation.
      Fixes bug 20424; bugfix on 0.2.0.20-rc.
    - Don't try to use a pragma to temporarily disable the
      -Wunused-const-variable warning if the compiler doesn't support
      it. Fixes bug 26785; bugfix on 0.3.2.11.
    - When building Tor, prefer to use Python 3 over Python 2, and more
      recent (contemplated) versions over older ones. Closes
      ticket 26372.

  o Minor features (compression, zstd):
    - When running with zstd, Tor now considers using advanced functions
      that the zstd maintainers have labeled as potentially unstable. To
      prevent breakage, Tor will only use this functionality when the
      runtime version of the zstd library matches the version with which
      Tor was compiled. Closes ticket 25162.

  o Minor features (configuration):
    - The "DownloadSchedule" options have been renamed to end with
      "DownloadInitialDelay". The old names are still allowed, but will
      produce a warning. Comma-separated lists are still permitted for
      these options, but all values after the first are ignored (as they
      have been since 0.2.9). Closes ticket 23354.

  o Minor features (continuous integration):
    - Log the compiler path and version during Appveyor builds.
      Implements ticket 27449.
    - Show config.log and test-suite.log after failed Appveyor builds.
      Also upload the zipped full logs as a build artifact. Implements
      ticket 27430.
    - Backport Travis rust distcheck to 0.3.3. Closes ticket 24629.
    - Enable macOS builds in our Travis CI configuration. Closes
      ticket 24629.
    - Install libcap-dev and libseccomp2-dev so these optional
      dependencies get tested on Travis CI. Closes ticket 26560.
    - Only post Appveyor IRC notifications when the build fails.
      Implements ticket 27275.
    - Run asciidoc during Travis CI. Implements ticket 27087.
    - Use ccache in our Travis CI configuration. Closes ticket 26952.
    - Add the necessary configuration files for continuous integration
      testing on Windows, via the Appveyor platform. Closes ticket
      25549. Patches from Marcin Cieślak and Isis Lovecruft.

  o Minor features (continuous integration, rust):
    - Use cargo cache in our Travis CI configuration. Closes
      ticket 26952.

  o Minor features (control port):
    - Introduce GETINFO "current-time/{local,utc}" to return the local
      and UTC times respectively in ISO format. This helps a controller
      like Tor Browser detect a time-related error. Closes ticket 25511.
      Patch by Neel Chauhan.
    - Introduce new fields to the CIRC_BW event. There are two new
      fields in each of the read and written directions. The DELIVERED
      fields report the total valid data on the circuit, as measured by
      the payload sizes of verified and error-checked relay command
      cells. The OVERHEAD fields report the total unused bytes in each
      of these cells. Closes ticket 25903.

  o Minor features (controller):
    - The control port now exposes the list of HTTPTunnelPorts and
      ExtOrPorts via GETINFO net/listeners/httptunnel and
      net/listeners/extor respectively. Closes ticket 26647.

  o Minor features (directory authorities):
    - Stop warning about incomplete bw lines before the first complete
      bw line has been found, so that additional header lines can be
      ignored. Fixes bug 25960; bugfix on 0.2.2.1-alpha
    - Authorities no longer vote to make the subprotocol version
      "LinkAuth=1" a requirement: it is unsupportable with NSS, and
      hasn't been needed since Tor 0.3.0.1-alpha. Closes ticket 27286.

  o Minor features (directory authority):
    - Directory authorities now open their key-pinning files as O_SYNC,
      to limit their chances of accidentally writing partial lines.
      Closes ticket 23909.

  o Minor features (directory authority, forward compatibility):
    - Make the lines of the measured bandwidth file able to contain
      their entries in any order. Previously, the node_id entry needed
      to come first. Closes ticket 26004.

  o Minor features (entry guards):
    - Introduce a new torrc option NumPrimaryGuards for controlling the
      number of primary guards. Closes ticket 25843.

  o Minor features (geoip):
    - Update geoip and geoip6 to the August 7 2018 Maxmind GeoLite2
      Country database. Closes ticket 27089.

  o Minor features (performance):
    - Avoid a needless call to malloc() when processing an incoming
      relay cell. Closes ticket 24914.
    - Make our timing-wheel code run a tiny bit faster on 32-bit
      platforms, by preferring 32-bit math to 64-bit. Closes
      ticket 24688.
    - Avoid a needless malloc()/free() pair every time we handle an ntor
      handshake. Closes ticket 25150.

  o Minor features (Rust, portability):
    - Rust cross-compilation is now supported. Closes ticket 25895.

  o Minor features (testing):
    - Add a unit test for voting_schedule_get_start_of_next_interval().
      Closes ticket 26014, and helps make unit test coverage
      more deterministic.
    - A new unittests module specifically for testing the functions in
      the (new-ish) bridges.c module has been created with new
      unittests, raising the code coverage percentages. Closes 25425.
    - We now have improved testing for addressmap_get_virtual_address()
      function. This should improve our test coverage, and make our test
      coverage more deterministic. Closes ticket 25993.

  o Minor features (timekeeping, circuit scheduling):
    - When keeping track of how busy each circuit have been recently on
      a given connection, use coarse-grained monotonic timers rather
      than gettimeofday(). This change should marginally increase
      accuracy and performance. Implements part of ticket 25927.

  o Minor features (unit tests):
    - Test complete bandwidth measurements files, and test that
      incomplete bandwidth lines only give warnings when the end of the
      header has not been detected. Fixes bug 25947; bugfix
      on 0.2.2.1-alpha

  o Minor bugfixes (bandwidth management):
    - Consider ourselves "low on write bandwidth" if we have exhausted
      our write bandwidth some time in the last second. This was the
      documented behavior before, but the actual behavior was to change
      this value every TokenBucketRefillInterval. Fixes bug 25828;
      bugfix on 0.2.3.5-alpha.

  o Minor bugfixes (C correctness):
    - Add a missing lock acquisition in the shutdown code of the control
      subsystem. Fixes bug 25675; bugfix on 0.2.7.3-rc. Found by
      Coverity; this is CID 1433643.

  o Minor bugfixes (code style):
    - Fixed multiple includes of transports.h in src/or/connection.c
      Fixes bug 25261; bugfix on 0.2.5.1-alpha.
    - Remove the unused variable n_possible from the function
      channel_get_for_extend(). Fixes bug 25645; bugfix on 0.2.4.4-alpha

  o Minor bugfixes (compilation):
    - Silence a spurious compiler warning on the GetAdaptersAddresses
      function pointer cast. This issue is already fixed by 26481 in
      0.3.5 and later, by removing the lookup and cast. Fixes bug 27465;
      bugfix on 0.2.3.11-alpha.
    - Stop calling SetProcessDEPPolicy() on 64-bit Windows. It is not
      supported, and always fails. Some compilers warn about the
      function pointer cast on 64-bit Windows. Fixes bug 27461; bugfix
      on 0.2.2.23-alpha.
    - Fix a compilation warning on some versions of GCC when building
      code that calls routerinfo_get_my_routerinfo() twice, assuming
      that the second call will succeed if the first one did. Fixes bug
      26269; bugfix on 0.2.8.2-alpha.
    - Refrain from compiling unit testing related object files when
      --disable-unittests is set to configure script. Fixes bug 24891;
      bugfix on 0.2.5.1-alpha.
    - The --enable-fatal-warnings flag now affects Rust code as well.
      Closes ticket 26245.
    - Avoid a compiler warning when casting the return value of
      smartlist_len() to double with DEBUG_SMARTLIST enabled. Fixes bug
      26283; bugfix on 0.2.4.10-alpha.

  o Minor bugfixes (compilation, windows):
    - Don't link or search for pthreads when building for Windows, even
      if we are using build environment (like mingw) that provides a
      pthreads library. Fixes bug 27081; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (continuous integration):
    - Build with zstd on macOS. Fixes bug 27090; bugfix on 0.3.1.5-alpha.
    - Skip a pair of unreliable key generation tests on Windows, until
      the underlying issue in bug 26076 is resolved. Fixes bug 26830 and
      bug 26853; bugfix on 0.2.7.3-rc and 0.3.2.1-alpha respectively.

  o Minor bugfixes (control port):
    - Respond with more human-readable error messages to GETINFO exit-
      policy/* requests. Also, let controller know if an error is
      transient (response code 551) or not (response code 552). Fixes
      bug 25852; bugfix on 0.2.8.1-alpha.
    - Parse the "HSADDRESS=" parameter in HSPOST commands properly.
      Previously, it was misparsed and ignored. Fixes bug 26523; bugfix
      on 0.3.3.1-alpha. Patch by "akwizgran".
    - Make CIRC_BW event reflect the total of all data sent on a
      circuit, including padding and dropped cells. Also fix a mis-
      counting bug when STREAM_BW events were enabled. Fixes bug 25400;
      bugfix on 0.2.5.2-alpha.

  o Minor bugfixes (correctness, flow control):
    - Upon receiving a stream-level SENDME cell, verify that our window
      has not grown too large. Fixes bug 26214; bugfix on svn
      r54 (pre-0.0.1).

  o Minor bugfixes (directory authority):
    - When voting for recommended versions, make sure that all of the
      versions are well-formed and parsable. Fixes bug 26485; bugfix
      on 0.1.1.6-alpha.

  o Minor bugfixes (directory client):
    - When unverified-consensus is verified, rename it to cached-
      consenus. Fixes bug 4187; bugfix on 0.2.0.3-alpha.
    - Fixed launching a certificate fetch always during the scheduled
      periodic consensus fetch by fetching only in those cases when
      consensus are waiting for certs. Fixes bug 24740; bugfix
      on 0.2.9.1-alpha.

  o Minor bugfixes (error reporting):
    - Improve tolerance for directory authorities with skewed clocks.
      Previously, an authority with a clock more than 60 seconds ahead
      could cause a client with a correct clock to warn that the
      client's clock was behind. Now the clocks of a majority of
      directory authorities have to be ahead of the client before this
      warning will occur. Fixes bug 25756; bugfix on 0.2.2.25-alpha.

  o Minor bugfixes (in-process restart):
    - Always call tor_free_all() when leaving tor_run_main(). When we
      did not, restarting tor in-process would cause an assertion
      failure. Fixes bug 26948; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (Linux seccomp2 sandbox):
    - Fix a bug in our sandboxing rules for the openat() syscall.
      Previously, no openat() call would be permitted, which would break
      filesystem operations on recent glibc versions. Fixes bug 25440;
      bugfix on 0.2.9.15. Diagnosis and patch from Daniel Pinto.

  o Minor bugfixes (logging):
    - Improve the log message when connection initiators fail to
      authenticate direct connections to relays. Fixes bug 26927; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (onion services):
    - Silence a spurious compiler warning in
      rend_client_send_introduction(). Fixes bug 27463; bugfix
      on 0.1.1.2-alpha.
    - Fix bug that causes services to not ever rotate their descriptors
      if they were getting SIGHUPed often. Fixes bug 26932; bugfix
      on 0.3.2.1-alpha.
    - Recompute some consensus information after detecting a clock jump,
      or after transitioning from a non-live consensus to a live
      consensus. We do this to avoid having an outdated state, and
      miscalculating the index for next-generation onion services. Fixes
      bug 24977; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (portability):
    - Fix compilation of the unit tests on GNU/Hurd, which does not
      define PATH_MAX. Fixes bug 26873; bugfix on 0.3.3.1-alpha. Patch
      from "paulusASol".
    - Work around two different bugs in the OS X 10.10 and later SDKs
      that would prevent us from successfully targeting earlier versions
      of OS X. Fixes bug 26876; bugfix on 0.3.3.1-alpha.
    - Do not align mmap length, as it is not required by POSIX, and the
      getpagesize function is deprecated. Fixes bug 25399; bugfix
      on 0.1.1.23.

  o Minor bugfixes (portability, FreeBSD):
    - In have_enough_mem_for_dircache(), the variable DIRCACHE_MIN_MEM_MB
      does not stringify on FreeBSD, so we switch to tor_asprintf().
      Fixes bug 20887; bugfix on 0.2.8.1-alpha. Patch by Neel Chauhan.

  o Minor bugfixes (relay statistics):
    - When a relay is collecting internal statistics about how many
      create cell requests it has seen of each type, accurately count
      the requests from relays that temporarily fall out of the
      consensus. (To be extra conservative, we were already ignoring
      requests from clients in our counts, and we continue ignoring them
      here.) Fixes bug 24910; bugfix on 0.2.4.17-rc.

  o Minor bugfixes (rust):
    - Backport test_rust.sh from master. Fixes bug 26497; bugfix
      on 0.3.1.5-alpha.
    - Protover parsing was accepting the presence of whitespace in
      version strings, which the C implementation would choke on, e.g.
      "Desc=1\t,2". Fixes bug 27177; bugfix on 0.3.3.5-rc.
    - Protover parsing was ignoring a 2nd hyphen and everything after
      it, accepting entries like "Link=1-5-foo". Fixes bug 27164; bugfix
      on 0.3.3.1-alpha.
    - Stop setting $CARGO_HOME. cargo will use the user's $CARGO_HOME, or
      $HOME/.cargo by default. Fixes bug 26497; bugfix on 0.3.1.5-alpha.
    - cd to ${abs_top_builddir}/src/rust before running cargo in
      src/test/test_rust.sh. This makes the working directory consistent
      between builds and tests. Fixes bug 26497; bugfix on 0.3.3.2-alpha.

  o Minor bugfixes (single onion services, Tor2web):
    - Log a protocol warning when single onion services or Tor2web
      clients fail to authenticate direct connections to relays. Fixes
      bug 26924; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (test coverage tools):
    - Update our "cov-diff" script to handle output from the latest
      version of gcov, and to remove extraneous timestamp information
      from its output. Fixes bugs 26101 and 26102; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (testing):
    - Disable core dumps in test_bt.sh, to avoid failures in "make
      distcheck". Fixes bug 26787; bugfix on 0.2.5.2-alpha.
    - When testing workqueue event-cancellation, make sure that we
      actually cancel an event, and that cancel each event with equal
      probability. (It was previously possible, though extremely
      unlikely, for our event-canceling test not to cancel any events.)
      Fixes bug 26008; bugfix on 0.2.6.3-alpha.
    - Repeat part of the test in test_client_pick_intro() a number of
      times, to give it consistent coverage. Fixes bug 25996; bugfix
      on 0.3.2.1-alpha.
    - Remove randomness from the hs_common/responsible_hsdirs test, so
      that it always takes the same path through the function it tests.
      Fixes bug 25997; bugfix on 0.3.2.1-alpha.
    - Change the behavior of the "channel/outbound" test so that it
      never causes a 10-second rollover for the EWMA circuitmux code.
      Previously, this behavior would happen randomly, and result in
      fluctuating test coverage. Fixes bug 25994; bugfix
      on 0.3.3.1-alpha.
    - Use X509_new() to allocate certificates that will be freed later
      with X509_free(). Previously, some parts of the unit tests had
      used tor_malloc_zero(), which is incorrect, and which caused test
      failures on Windows when they were built with extra hardening.
      Fixes bugs 25943 and 25944; bugfix on 0.2.8.1-alpha. Patch by
      Marcin Cieślak.
    - While running the circuit_timeout test, fix the PRNG to a
      deterministic AES stream, so that the test coverage from this test
      will itself be deterministic. Fixes bug 25995; bugfix
      on 0.2.2.2-alpha.

  o Minor bugfixes (testing, bootstrap):
    - When calculating bootstrap progress, check exit policies and the
      exit flag. Previously, Tor would only check the exit flag, which
      caused race conditions in small and fast networks like chutney.
      Fixes bug 27236; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (testing, chutney):
    - When running make test-network-all, use the mixed+hs-v2 network.
      (A previous fix to chutney removed v3 onion services from the
      mixed+hs-v23 network, so seeing "mixed+hs-v23" in tests is
      confusing.) Fixes bug 27345; bugfix on 0.3.2.1-alpha.
    - Before running make test-network-all, delete old logs and test
      result files, to avoid spurious failures. Fixes bug 27295; bugfix
      on 0.2.7.3-rc.

  o Minor bugfixes (testing, openssl compatibility):
    - Our "tortls/cert_matches_key" unit test no longer relies on
      OpenSSL internals. Previously, it relied on unsupported OpenSSL
      behavior in a way that caused it to crash with OpenSSL 1.0.2p.
      Fixes bug 27226; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (v3 onion services):
    - Stop sending ed25519 link specifiers in v3 onion service introduce
      cells and descriptors, when the rendezvous or introduction point
      doesn't support ed25519 link authentication. Fixes bug 26627;
      bugfix on 0.3.2.4-alpha.

  o Minor bugfixes (vanguards):
    - Allow the last hop in a vanguard circuit to be the same as our
      first, to prevent the adversary from influencing guard node choice
      by choice of last hop. Also prevent the creation of A - B - A
      paths, or A - A paths, which are forbidden by relays. Fixes bug
      25870; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (Windows, compilation):
    - Silence a compilation warning on MSVC 2017 and clang-cl. Fixes bug
      27185; bugfix on 0.2.2.2-alpha.

  o Code simplification and refactoring:
    - Remove duplicate code in parse_{c,s}method_line and bootstrap
      their functionalities into a single function. Fixes bug 6236;
      bugfix on 0.2.3.6-alpha.
    - We remove the PortForwsrding and PortForwardingHelper options,
      related functions, and the port_forwarding tests. These options
      were used by the now-deprecated Vidalia to help ordinary users
      become Tor relays or bridges. Closes ticket 25409. Patch by
      Neel Chauhan.
    - In order to make the OR and dir checking function in router.c less
      confusing we renamed some functions and
      consider_testing_reachability() has been split into
      router_should_check_reachability() and
      router_do_reachability_checks(). Also we improved the documentation
      in some functions. Closes ticket 18918.
    - Initial work to isolate Libevent usage to a handful of modules in
      our codebase, to simplify our call structure, and so that we can
      more easily change event loops in the future if needed. Closes
      ticket 23750.
    - Introduce a function to call getsockname() and return tor_addr_t,
      to save a little complexity throughout the codebase. Closes
      ticket 18105.
    - Make hsdir_index in node_t a hsdir_index_t rather than a pointer
      as hsdir_index is always present. Also, we move hsdir_index_t into
      or.h. Closes ticket 23094. Patch by Neel Chauhan.
    - Merge functions used for describing nodes and suppress the
      functions that do not allocate memory for the output buffer
      string. NODE_DESC_BUF_LEN constant and format_node_description()
      function cannot be used externally from router.c module anymore.
      Closes ticket 25432. Patch by valentecaio.
    - Our main loop has been simplified so that all important operations
      happen inside events. Previously, some operations had to happen
      outside the event loop, to prevent infinite sequences of event
      activations. Closes ticket 25374.
    - Put a SHA1 public key digest in hs_service_intro_point_t, and use
      it in register_intro_circ() and service_intro_point_new(). This
      prevents the digest from being re-calculated each time. Closes
      ticket 23107. Patch by Neel Chauhan.
    - Refactor token-bucket implementations to use a common backend.
      Closes ticket 25766.
    - Remove extern declaration of stats_n_seconds_working variable from
      main, protecting its accesses with get_uptime() and reset_uptime()
      functions. Closes ticket 25081, patch by “valentecaio”.
    - Remove our previous logic for "cached gettimeofday()" -- our
      coarse monotonic timers are fast enough for this purpose, and far
      less error-prone. Implements part of ticket 25927.
    - Remove the return value for fascist_firewall_choose_address_base(),
      and sister functions such as fascist_firewall_choose_address_node()
      and fascist_firewall_choose_address_rs(). Also, while we're here,
      initialize the ap argument as leaving it uninitialized can pose a
      security hazard. Closes ticket 24734. Patch by Neel Chauhan.
    - Rename two fields of connection_t struct. timestamp_lastwritten is
      renamed to timestamp_last_write_allowed and timestamp_lastread is
      renamed to timestamp_last_read_allowed. Closes ticket 24714, patch
      by "valentecaio".
    - Since Tor requires C99, remove our old workaround code for libc
      implementations where free(NULL) doesn't work. Closes ticket 24484.
    - Use our standard rate-limiting code to deal with excessive
      libevent failures, rather than the hand-rolled logic we had
      before. Closes ticket 26016.
    - We remove the return value of node_get_prim_orport() and
      node_get_prim_dirport(), and introduce node_get_prim_orport() in
      node_ipv6_or_preferred() and node_ipv6_dir_preferred() in order to
      check for a null address. Closes ticket 23873. Patch by
      Neel Chauhan.
    - We switch to should_record_bridge_info() in
      geoip_note_client_seen() and options_need_geoip_info() instead of
      accessing the configuration values directly. Fixes bug 25290;
      bugfix on 0.2.1.6-alpha. Patch by Neel Chauhan.

  o Deprecated features:
    - As we are not recommending 0.2.5 anymore, we require relays that
      once had an ed25519 key associated with their RSA key to always
      have that key, instead of allowing them to drop back to a version
      that didn't support ed25519. This means they need to use a new RSA
      key if they want to downgrade to an older version of tor without
      ed25519. Closes ticket 20522.

  o Removed features:
    - Directory authorities will no longer support voting according to
      any consensus method before consensus method 25. This keeps
      authorities compatible with all authorities running 0.2.9.8 and
      later, and does not break any clients or relays. Implements ticket
      24378 and proposal 290.
    - The PortForwarding and PortForwardingHelper features have been
      removed. The reasoning is, given that implementations of NAT
      traversal protocols within common consumer grade routers are
      frequently buggy, and that the target audience for a NAT punching
      feature is a perhaps less-technically-inclined relay operator,
      when the helper fails to setup traversal the problems are usually
      deep, ugly, and very router specific, making them horrendously
      impossible for technical support to reliable assist with, and thus
      resulting in frustration all around. Unfortunately, relay
      operators who would like to run relays behind NATs will need to
      become more familiar with the port forwarding configurations on
      their local router. Closes 25409.
    - The TestingEnableTbEmptyEvent option has been removed. It was used
      in testing simulations to measure how often connection buckets
      were emptied, in order to improve our scheduling, but it has not
      been actively used in years. Closes ticket 25760.
    - The old "round-robin" circuit multiplexer (circuitmux)
      implementation has been removed, along with a fairly large set of
      code that existed to support it. It has not been the default
      circuitmux since we introduced the "EWMA" circuitmux in 0.2.4.x,
      but it still required an unreasonable amount of memory and CPU.
      Closes ticket 25268.


Changes in version 0.3.3.9 - 2018-07-13
  Tor 0.3.3.9 moves to a new bridge authority, meaning people running
  bridge relays should upgrade.

  o Directory authority changes:
    - The "Bifroest" bridge authority has been retired; the new bridge
      authority is "Serge", and it is operated by George from the
      TorBSD project. Closes ticket 26771.


Changes in version 0.3.2.11 - 2018-07-13
  Tor 0.3.2.11 moves to a new bridge authority, meaning people running
  bridge relays should upgrade. We also take this opportunity to backport
  other minor fixes.

  o Directory authority changes:
    - The "Bifroest" bridge authority has been retired; the new bridge
      authority is "Serge", and it is operated by George from the
      TorBSD project. Closes ticket 26771.

  o Directory authority changes (backport from 0.3.3.7):
    - Add an IPv6 address for the "dannenberg" directory authority.
      Closes ticket 26343.

  o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
    - When directory authorities read a zero-byte bandwidth file, they
      would previously log a warning with the contents of an
      uninitialised buffer. They now log a warning about the empty file
      instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.

  o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
    - Correctly detect when onion services get disabled after HUP. Fixes
      bug 25761; bugfix on 0.3.2.1.

  o Minor features (sandbox, backport from 0.3.3.4-alpha):
    - Explicitly permit the poll() system call when the Linux
      seccomp2-based sandbox is enabled: apparently, some versions of
      libc use poll() when calling getpwnam(). Closes ticket 25313.

  o Minor feature (continuous integration, backport from 0.3.3.5-rc):
    - Update the Travis CI configuration to use the stable Rust channel,
      now that we have decided to require that. Closes ticket 25714.

  o Minor features (continuous integration, backport from 0.3.4.1-alpha):
    - Our .travis.yml configuration now includes support for testing the
      results of "make distcheck". (It's not uncommon for "make check"
      to pass but "make distcheck" to fail.) Closes ticket 25814.
    - Our Travis CI configuration now integrates with the Coveralls
      coverage analysis tool. Closes ticket 25818.

  o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
    - Add several checks to detect whether Tor relays are uploading
      their descriptors without specifying why they regenerated them.
      Diagnostic for ticket 25686.

  o Minor features (compilation, backport from 0.3.4.4-rc):
    - When building Tor, prefer to use Python 3 over Python 2, and more
      recent (contemplated) versions over older ones. Closes
      ticket 26372.

  o Minor features (geoip):
    - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
      Country database. Closes ticket 26674.

  o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
    - Upon receiving a malformed connected cell, stop processing the
      cell immediately. Previously we would mark the connection for
      close, but continue processing the cell as if the connection were
      open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.

  o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
    - Allow the nanosleep() system call, which glibc uses to implement
      sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
    - When running the hs_ntor_ref.py test, make sure only to pass
      strings (rather than "bytes" objects) to the Python subprocess
      module. Python 3 on Windows seems to require this. Fixes bug
      26535; bugfix on 0.3.1.1-alpha.
    - When running the ntor_ref.py test, make sure only to pass strings
      (rather than "bytes" objects) to the Python subprocess module.
      Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
      on 0.2.5.5-alpha.

  o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
    - Work around a change in OpenSSL 1.1.1 where return values that
      would previously indicate "no password" now indicate an empty
      password. Without this workaround, Tor instances running with
      OpenSSL 1.1.1 would accept descriptors that other Tor instances
      would reject. Fixes bug 26116; bugfix on 0.2.5.16.

  o Minor bugfixes (documentation, backport from 0.3.3.5-rc):
    - Document that the PerConnBW{Rate,Burst} options will fall back to
      their corresponding consensus parameters only if those parameters
      are set. Previously we had claimed that these values would always
      be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.

  o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
    - Fix a compilation warning on some versions of GCC when building
      code that calls routerinfo_get_my_routerinfo() twice, assuming
      that the second call will succeed if the first one did. Fixes bug
      26269; bugfix on 0.2.8.2-alpha.

  o Minor bugfixes (client, backport from 0.3.4.1-alpha):
    - Don't consider Tor running as a client if the ControlPort is open,
      but no actual client ports are open. Fixes bug 26062; bugfix
      on 0.2.9.4-alpha.

  o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
    - Prevent a possible out-of-bounds smartlist read in
      protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.

  o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
    - Fix a very unlikely (impossible, we believe) null pointer
      dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
      Coverity; this is CID 1430932.

  o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
    - Fix a memory leak when a v3 onion service is configured and gets a
      SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
    - When parsing the descriptor signature, look for the token plus an
      extra white-space at the end. This is more correct but also will
      allow us to support new fields that might start with "signature".
      Fixes bug 26069; bugfix on 0.3.0.1-alpha.

  o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
    - Relays now correctly block attempts to re-extend to the previous
      relay by Ed25519 identity. Previously they would warn in this
      case, but not actually reject the attempt. Fixes bug 26158; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
    - Avoid a crash when running with DirPort set but ORPort turned off.
      Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
    - Silence unused-const-variable warnings in zstd.h with some GCC
      versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (testing, backport from 0.3.3.4-alpha):
    - Avoid intermittent test failures due to a test that had relied on
      onion service introduction point creation finishing within 5
      seconds of real clock time. Fixes bug 25450; bugfix
      on 0.3.1.3-alpha.

  o Minor bugfixes (compilation, backport from 0.3.3.4-alpha):
    - Fix a C99 compliance issue in our configuration script that caused
      compilation issues when compiling Tor with certain versions of
      xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.

  o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
    - Fix a number of small memory leaks identified by coverity. Fixes
      bug 26467; bugfix on numerous Tor versions.

  o Code simplification and refactoring (backport from 0.3.3.5-rc):
    - Move the list of default directory authorities to its own file.
      Closes ticket 24854. Patch by "beastr0".


Changes in version 0.2.9.16 - 2018-07-13
  Tor 0.2.9.16 moves to a new bridge authority, meaning people running
  bridge relays should upgrade. We also take this opportunity to backport
  other minor fixes.

  o Directory authority changes:
    - The "Bifroest" bridge authority has been retired; the new bridge
      authority is "Serge", and it is operated by George from the
      TorBSD project. Closes ticket 26771.

  o Directory authority changes (backport from 0.3.3.7):
    - Add an IPv6 address for the "dannenberg" directory authority.
      Closes ticket 26343.

  o Major bugfixes (directory authorities, backport from 0.3.4.1-alpha):
    - When directory authorities read a zero-byte bandwidth file, they
      would previously log a warning with the contents of an
      uninitialised buffer. They now log a warning about the empty file
      instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.

  o Minor features (sandbox, backport from 0.3.3.4-alpha):
    - Explicitly permit the poll() system call when the Linux
      seccomp2-based sandbox is enabled: apparently, some versions of
      libc use poll() when calling getpwnam(). Closes ticket 25313.

  o Minor features (continuous integration, backport from 0.3.4.1-alpha):
    - Our .travis.yml configuration now includes support for testing the
      results of "make distcheck". (It's not uncommon for "make check"
      to pass but "make distcheck" to fail.) Closes ticket 25814.
    - Our Travis CI configuration now integrates with the Coveralls
      coverage analysis tool. Closes ticket 25818.

  o Minor features (compilation, backport from 0.3.4.4-rc):
    - When building Tor, prefer to use Python 3 over Python 2, and more
      recent (contemplated) versions over older ones. Closes
      ticket 26372.

  o Minor features (geoip):
    - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
      Country database. Closes ticket 26674.

  o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
    - Upon receiving a malformed connected cell, stop processing the
      cell immediately. Previously we would mark the connection for
      close, but continue processing the cell as if the connection were
      open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.

  o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
    - Allow the nanosleep() system call, which glibc uses to implement
      sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
    - When running the ntor_ref.py test, make sure only to pass strings
      (rather than "bytes" objects) to the Python subprocess module.
      Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
      on 0.2.5.5-alpha.

  o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
    - Work around a change in OpenSSL 1.1.1 where return values that
      would previously indicate "no password" now indicate an empty
      password. Without this workaround, Tor instances running with
      OpenSSL 1.1.1 would accept descriptors that other Tor instances
      would reject. Fixes bug 26116; bugfix on 0.2.5.16.

  o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
    - Fix a compilation warning on some versions of GCC when building
      code that calls routerinfo_get_my_routerinfo() twice, assuming
      that the second call will succeed if the first one did. Fixes bug
      26269; bugfix on 0.2.8.2-alpha.

  o Minor bugfixes (client, backport from 0.3.4.1-alpha):
    - Don't consider Tor running as a client if the ControlPort is open,
      but no actual client ports are open. Fixes bug 26062; bugfix
      on 0.2.9.4-alpha.

  o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
    - Prevent a possible out-of-bounds smartlist read in
      protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.

  o Minor bugfixes (C correctness, backport from 0.3.3.4-alpha):
    - Fix a very unlikely (impossible, we believe) null pointer
      dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
      Coverity; this is CID 1430932.

  o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
    - Fix a number of small memory leaks identified by coverity. Fixes
      bug 26467; bugfix on numerous Tor versions.

  o Code simplification and refactoring (backport from 0.3.3.5-rc):
    - Move the list of default directory authorities to its own file.
      Closes ticket 24854. Patch by "beastr0".


Changes in version 0.3.3.8 - 2018-07-09
  Tor 0.3.3.8 backports several changes from the 0.3.4.x series, including
  fixes for a memory leak affecting directory authorities.

  o Major bugfixes (directory authority, backport from 0.3.4.3-alpha):
    - Stop leaking memory on directory authorities when planning to
      vote. This bug was crashing authorities by exhausting their
      memory. Fixes bug 26435; bugfix on 0.3.3.6.

  o Major bugfixes (rust, testing, backport from 0.3.4.3-alpha):
    - Make sure that failing tests in Rust will actually cause the build
      to fail: previously, they were ignored. Fixes bug 26258; bugfix
      on 0.3.3.4-alpha.

  o Minor features (compilation, backport from 0.3.4.4-rc):
    - When building Tor, prefer to use Python 3 over Python 2, and more
      recent (contemplated) versions over older ones. Closes
      ticket 26372.

  o Minor features (geoip):
    - Update geoip and geoip6 to the July 3 2018 Maxmind GeoLite2
      Country database. Closes ticket 26674.

  o Minor features (relay, diagnostic, backport from 0.3.4.3-alpha):
    - Add several checks to detect whether Tor relays are uploading
      their descriptors without specifying why they regenerated them.
      Diagnostic for ticket 25686.

  o Minor bugfixes (circuit path selection, backport from 0.3.4.1-alpha):
    - Don't count path selection failures as circuit build failures.
      This change should eliminate cases where Tor blames its guard or
      the network for situations like insufficient microdescriptors
      and/or overly restrictive torrc settings. Fixes bug 25705; bugfix
      on 0.3.3.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.4.4-rc):
    - Fix a compilation warning on some versions of GCC when building
      code that calls routerinfo_get_my_routerinfo() twice, assuming
      that the second call will succeed if the first one did. Fixes bug
      26269; bugfix on 0.2.8.2-alpha.

  o Minor bugfixes (control port, backport from 0.3.4.4-rc):
    - Handle the HSADDRESS= argument to the HSPOST command properly.
      (Previously, this argument was misparsed and thus ignored.) Fixes
      bug 26523; bugfix on 0.3.3.1-alpha. Patch by "akwizgran".

  o Minor bugfixes (memory, correctness, backport from 0.3.4.4-rc):
    - Fix a number of small memory leaks identified by coverity. Fixes
      bug 26467; bugfix on numerous Tor versions.

  o Minor bugfixes (relay, backport from 0.3.4.3-alpha):
    - Relays now correctly block attempts to re-extend to the previous
      relay by Ed25519 identity. Previously they would warn in this
      case, but not actually reject the attempt. Fixes bug 26158; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (restart-in-process, backport from 0.3.4.1-alpha):
    - When shutting down, Tor now clears all the flags in the control.c
      module. This should prevent a bug where authentication cookies are
      not generated on restart. Fixes bug 25512; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (testing, compatibility, backport from 0.3.4.4-rc):
    - When running the hs_ntor_ref.py test, make sure only to pass
      strings (rather than "bytes" objects) to the Python subprocess
      module. Python 3 on Windows seems to require this. Fixes bug
      26535; bugfix on 0.3.1.1-alpha.
    - When running the ntor_ref.py test, make sure only to pass strings
      (rather than "bytes" objects) to the Python subprocess module.
      Python 3 on Windows seems to require this. Fixes bug 26535; bugfix
      on 0.2.5.5-alpha.


Changes in version 0.3.3.7 - 2018-06-12
  Tor 0.3.3.7 backports several changes from the 0.3.4.x series, including
  fixes for bugs affecting compatibility and stability.

  o Directory authority changes:
    - Add an IPv6 address for the "dannenberg" directory authority.
      Closes ticket 26343.

  o Minor features (geoip):
    - Update geoip and geoip6 to the June 7 2018 Maxmind GeoLite2
      Country database. Closes ticket 26351.

  o Minor bugfixes (compatibility, openssl, backport from 0.3.4.2-alpha):
    - Work around a change in OpenSSL 1.1.1 where return values that
      would previously indicate "no password" now indicate an empty
      password. Without this workaround, Tor instances running with
      OpenSSL 1.1.1 would accept descriptors that other Tor instances
      would reject. Fixes bug 26116; bugfix on 0.2.5.16.

  o Minor bugfixes (compilation, backport from 0.3.4.2-alpha):
    - Silence unused-const-variable warnings in zstd.h with some GCC
      versions. Fixes bug 26272; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (controller, backport from 0.3.4.2-alpha):
    - Improve accuracy of the BUILDTIMEOUT_SET control port event's
      TIMEOUT_RATE and CLOSE_RATE fields. (We were previously
      miscounting the total number of circuits for these field values.)
      Fixes bug 26121; bugfix on 0.3.3.1-alpha.

  o Minor bugfixes (hardening, backport from 0.3.4.2-alpha):
    - Prevent a possible out-of-bounds smartlist read in
      protover_compute_vote(). Fixes bug 26196; bugfix on 0.2.9.4-alpha.

  o Minor bugfixes (path selection, backport from 0.3.4.1-alpha):
    - Only select relays when they have the descriptors we prefer to use
      for them. This change fixes a bug where we could select a relay
      because it had _some_ descriptor, but reject it later with a
      nonfatal assertion error because it didn't have the exact one we
      wanted. Fixes bugs 25691 and 25692; bugfix on 0.3.3.4-alpha.


Changes in version 0.3.3.6 - 2018-05-22
  Tor 0.3.3.6 is the first stable release in the 0.3.3 series. It
  backports several important fixes from the 0.3.4.1-alpha.

  The Tor 0.3.3 series includes controller support and other
  improvements for v3 onion services, official support for embedding Tor
  within other applications, and our first non-trivial module written in
  the Rust programming language. (Rust is still not enabled by default
  when building Tor.) And as usual, there are numerous other smaller
  bugfixes, features, and improvements.

  Below are the changes since 0.3.2.10. For a list of only the changes
  since 0.3.3.5-rc, see the ChangeLog file.

  o New system requirements:
    - When built with Rust, Tor now depends on version 0.2.39 of the
      libc crate. Closes tickets 25310 and 25664.

  o Major features (embedding):
    - There is now a documented stable API for programs that need to
      embed Tor. See tor_api.h for full documentation and known bugs.
      Closes ticket 23684.
    - Tor now has support for restarting in the same process.
      Controllers that run Tor using the "tor_api.h" interface can now
      restart Tor after Tor has exited. This support is incomplete,
      however: we fixed crash bugs that prevented it from working at
      all, but many bugs probably remain, including a possibility of
      security issues. Implements ticket 24581.

  o Major features (IPv6, directory documents):
    - Add consensus method 27, which adds IPv6 ORPorts to the microdesc
      consensus. This information makes it easier for IPv6 clients to
      bootstrap and choose reachable entry guards. Implements
      ticket 23826.
    - Add consensus method 28, which removes IPv6 ORPorts from
      microdescriptors. Now that the consensus contains IPv6 ORPorts,
      they are redundant in microdescs. This change will be used by Tor
      clients on 0.2.8.x and later. (That is to say, with all Tor
      clients that have IPv6 bootstrap and guard support.) Implements
      ticket 23828.
    - Expand the documentation for AuthDirHasIPv6Connectivity when it is
      set by different numbers of authorities. Fixes 23870
      on 0.2.4.1-alpha.

  o Major features (onion service v3, control port):
    - The control port now supports commands and events for v3 onion
      services. It is now possible to create ephemeral v3 services using
      ADD_ONION. Additionally, several events (HS_DESC, HS_DESC_CONTENT,
      CIRC and CIRC_MINOR) and commands (GETINFO, HSPOST, ADD_ONION and
      DEL_ONION) have been extended to support v3 onion services. Closes
      ticket 20699; implements proposal 284.

  o Major features (onion services):
    - Provide torrc options to pin the second and third hops of onion
      service circuits to a list of nodes. The option HSLayer2Guards
      pins the second hop, and the option HSLayer3Guards pins the third
      hop. These options are for use in conjunction with experiments
      with "vanguards" for preventing guard enumeration attacks. Closes
      ticket 13837.
    - When v3 onion service clients send introduce cells, they now
      include the IPv6 address of the rendezvous point, if it has one.
      Current v3 onion services running 0.3.2 ignore IPv6 addresses, but
      in future Tor versions, IPv6-only v3 single onion services will be
      able to use IPv6 addresses to connect directly to the rendezvous
      point. Closes ticket 23577. Patch by Neel Chauhan.

  o Major features (relay):
    - Implement an option, ReducedExitPolicy, to allow an Tor exit relay
      operator to use a more reasonable ("reduced") exit policy, rather
      than the default one. If you want to run an exit node without
      thinking too hard about which ports to allow, this one is for you.
      Closes ticket 13605. Patch from Neel Chauhan.

  o Major features (rust, portability, experimental):
    - Tor now ships with an optional implementation of one of its
      smaller modules (protover.c) in the Rust programming language. To
      try it out, install a Rust build environment, and configure Tor
      with "--enable-rust --enable-cargo-online-mode". This should not
      cause any user-visible changes, but should help us gain more
      experience with Rust, and plan future Rust integration work.
      Implementation by Chelsea Komlo. Closes ticket 22840.

  o Major bugfixes (directory authorities, security, backport from 0.3.4.1-alpha):
    - When directory authorities read a zero-byte bandwidth file, they
      would previously log a warning with the contents of an
      uninitialised buffer. They now log a warning about the empty file
      instead. Fixes bug 26007; bugfix on 0.2.2.1-alpha.

  o Major bugfixes (security, directory authority, denial-of-service):
    - Fix a bug that could have allowed an attacker to force a directory
      authority to use up all its RAM by passing it a maliciously
      crafted protocol versions string. Fixes bug 25517; bugfix on
      0.2.9.4-alpha. This issue is also tracked as TROVE-2018-005.

  o Major bugfixes (crash, backport from 0.3.4.1-alpha):
    - Avoid a rare assertion failure in the circuit build timeout code
      if we fail to allow any circuits to actually complete. Fixes bug
      25733; bugfix on 0.2.2.2-alpha.

  o Major bugfixes (netflow padding):
    - Stop adding unneeded channel padding right after we finish
      flushing to a connection that has been trying to flush for many
      seconds. Instead, treat all partial or complete flushes as
      activity on the channel, which will defer the time until we need
      to add padding. This fix should resolve confusing and scary log
      messages like "Channel padding timeout scheduled 221453ms in the
      past." Fixes bug 22212; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (networking):
    - Tor will no longer reject IPv6 address strings from Tor Browser
      when they are passed as hostnames in SOCKS5 requests. Fixes bug
      25036, bugfix on Tor 0.3.1.2.

  o Major bugfixes (onion service, backport from 0.3.4.1-alpha):
    - Correctly detect when onion services get disabled after HUP. Fixes
      bug 25761; bugfix on 0.3.2.1.

  o Major bugfixes (performance, load balancing):
    - Directory authorities no longer vote in favor of the Guard flag
      for relays without directory support. Starting in Tor
      0.3.0.1-alpha, clients have been avoiding using such relays in the
      Guard position, leading to increasingly broken load balancing for
      the 5%-or-so of Guards that don't advertise directory support.
      Fixes bug 22310; bugfix on 0.3.0.6.

  o Major bugfixes (relay):
    - If we have failed to connect to a relay and received a connection
      refused, timeout, or similar error (at the TCP level), do not try
      that same address/port again for 60 seconds after the failure has
      occurred. Fixes bug 24767; bugfix on 0.0.6.

  o Major bugfixes (relay, denial of service, backport from 0.3.4.1-alpha):
    - Impose a limit on circuit cell queue size. The limit can be
      controlled by a consensus parameter. Fixes bug 25226; bugfix
      on 0.2.4.14-alpha.

  o Minor features (cleanup):
    - Tor now deletes the CookieAuthFile and ExtORPortCookieAuthFile
      when it stops. Closes ticket 23271.

  o Minor features (compatibility, backport from 0.3.4.1-alpha):
    - Avoid some compilation warnings with recent versions of LibreSSL.
      Closes ticket 26006.

  o Minor features (config options):
    - Change the way the default value for MaxMemInQueues is calculated.
      We now use 40% of the hardware RAM if the system has 8 GB RAM or
      more. Otherwise we use the former value of 75%. Closes
      ticket 24782.

  o Minor features (continuous integration):
    - Update the Travis CI configuration to use the stable Rust channel,
      now that we have decided to require that. Closes ticket 25714.

  o Minor features (continuous integration, backport from 0.3.4.1-alpha):
    - Our .travis.yml configuration now includes support for testing the
      results of "make distcheck". (It's not uncommon for "make check"
      to pass but "make distcheck" to fail.) Closes ticket 25814.
    - Our Travis CI configuration now integrates with the Coveralls
      coverage analysis tool. Closes ticket 25818.

  o Minor features (defensive programming):
    - Most of the functions in Tor that free objects have been replaced
      with macros that free the objects and set the corresponding
      pointers to NULL. This change should help prevent a large class of
      dangling pointer bugs. Closes ticket 24337.
    - Where possible, the tor_free() macro now only evaluates its input
      once. Part of ticket 24337.
    - Check that microdesc ed25519 ids are non-zero in
      node_get_ed25519_id() before returning them. Implements ticket
      24001, patch by "aruna1234".

  o Minor features (directory authority):
    - When directory authorities are unable to add signatures to a
      pending consensus, log the reason why. Closes ticket 24849.

  o Minor features (embedding):
    - Tor can now start with a preauthenticated control connection
      created by the process that launched it. This feature is meant for
      use by programs that want to launch and manage a Tor process
      without allowing other programs to manage it as well. For more
      information, see the __OwningControllerFD option documented in
      control-spec.txt. Closes ticket 23900.
    - On most errors that would cause Tor to exit, it now tries to
      return from the tor_main() function, rather than calling the
      system exit() function. Most users won't notice a difference here,
      but it should be significant for programs that run Tor inside a
      separate thread: they should now be able to survive Tor's exit
      conditions rather than having Tor shut down the entire process.
      Closes ticket 23848.
    - Applications that want to embed Tor can now tell Tor not to
      register any of its own POSIX signal handlers, using the
      __DisableSignalHandlers option. Closes ticket 24588.

  o Minor features (fallback directory list):
    - Avoid selecting fallbacks that change their IP addresses too
      often. Select more fallbacks by ignoring the Guard flag, and
      allowing lower cutoffs for the Running and V2Dir flags. Also allow
      a lower bandwidth, and a higher number of fallbacks per operator
      (5% of the list). Implements ticket 24785.
    - Update the fallback whitelist and blacklist based on opt-ins and
      relay changes. Closes tickets 22321, 24678, 22527, 24135,
      and 24695.

  o Minor features (fallback directory mirror configuration):
    - Add a nickname to each fallback in a C comment. This makes it
      easier for operators to find their relays, and allows stem to use
      nicknames to identify fallbacks. Implements ticket 24600.
    - Add a type and version header to the fallback directory mirror
      file. Also add a delimiter to the end of each fallback entry. This
      helps external parsers like stem and Relay Search. Implements
      ticket 24725.
    - Add an extrainfo cache flag for each fallback in a C comment. This
      allows stem to use fallbacks to fetch extra-info documents, rather
      than using authorities. Implements ticket 22759.
    - Add the generateFallbackDirLine.py script for automatically
      generating fallback directory mirror lines from relay fingerprints.
      No more typos! Add the lookupFallbackDirContact.py script for
      automatically looking up operator contact info from relay
      fingerprints. Implements ticket 24706, patch by teor and atagar.
    - Reject any fallback directory mirror that serves an expired
      consensus. Implements ticket 20942, patch by "minik".
    - Remove commas and equals signs from external string inputs to the
      fallback list. This avoids format confusion attacks. Implements
      ticket 24726.
    - Remove the "weight=10" line from fallback directory mirror
      entries. Ticket 24681 will maintain the current fallback weights
      by changing Tor's default fallback weight to 10. Implements
      ticket 24679.
    - Stop logging excessive information about fallback netblocks.
      Implements ticket 24791.

  o Minor features (forward-compatibility):
    - If a relay supports some link authentication protocol that we do
      not recognize, then include that relay's ed25519 key when telling
      other relays to extend to it. Previously, we treated future
      versions as if they were too old to support ed25519 link
      authentication. Closes ticket 20895.

  o Minor features (geoip):
    - Update geoip and geoip6 to the May 1 2018 Maxmind GeoLite2 Country
      database. Closes ticket 26104.

  o Minor features (heartbeat):
    - Add onion service information to our heartbeat logs, displaying
      stats about the activity of configured onion services. Closes
      ticket 24896.

  o Minor features (instrumentation, development):
    - Add the MainloopStats option to allow developers to get
      instrumentation information from the main event loop via the
      heartbeat messages. We hope to use this to improve Tor's behavior
      when it's trying to sleep. Closes ticket 24605.

  o Minor features (IPv6):
    - Make IPv6-only clients wait for microdescs for relays, even if we
      were previously using descriptors (or were using them as a bridge)
      and have a cached descriptor for them. Implements ticket 23827.
    - When a consensus has IPv6 ORPorts, make IPv6-only clients use
      them, rather than waiting to download microdescriptors. Implements
      ticket 23827.

  o Minor features (log messages):
    - Improve log message in the out-of-memory handler to include
      information about memory usage from the different compression
      backends. Closes ticket 25372.
    - Improve a warning message that happens when we fail to re-parse an
      old router because of an expired certificate. Closes ticket 20020.
    - Make the log more quantitative when we hit MaxMemInQueues
      threshold exposing some values. Closes ticket 24501.

  o Minor features (logging):
    - Clarify the log messages produced when getrandom() or a related
      entropy-generation mechanism gives an error. Closes ticket 25120.
    - Added support for the Android logging subsystem. Closes
      ticket 24362.

  o Minor features (performance):
    - Support predictive circuit building for onion service circuits
      with multiple layers of guards. Closes ticket 23101.
    - Use stdatomic.h where available, rather than mutexes, to implement
      atomic_counter_t. Closes ticket 23953.

  o Minor features (performance, 32-bit):
    - Improve performance on 32-bit systems by avoiding 64-bit division
      when calculating the timestamp in milliseconds for channel padding
      computations. Implements ticket 24613.
    - Improve performance on 32-bit systems by avoiding 64-bit division
      when timestamping cells and buffer chunks for OOM calculations.
      Implements ticket 24374.

  o Minor features (performance, OSX, iOS):
    - Use the mach_approximate_time() function (when available) to
      implement coarse monotonic time. Having a coarse time function
      should avoid a large number of system calls, and improve
      performance slightly, especially under load. Closes ticket 24427.

  o Minor features (performance, windows):
    - Improve performance on Windows Vista and Windows 7 by adjusting
      TCP send window size according to the recommendation from
      SIO_IDEAL_SEND_BACKLOG_QUERY. Closes ticket 22798. Patch
      from Vort.

  o Minor features (sandbox):
    - Explicitly permit the poll() system call when the Linux
      seccomp2-based sandbox is enabled: apparently, some versions of
      libc use poll() when calling getpwnam(). Closes ticket 25313.

  o Minor features (storage, configuration):
    - Users can store cached directory documents somewhere other than
      the DataDirectory by using the CacheDirectory option. Similarly,
      the storage location for relay's keys can be overridden with the
      KeyDirectory option. Closes ticket 22703.

  o Minor features (testing):
    - Add a "make test-rust" target to run the rust tests only. Closes
      ticket 25071.

  o Minor features (testing, debugging, embedding):
    - For development purposes, Tor now has a mode in which it runs for
      a few seconds, then stops, and starts again without exiting the
      process. This mode is meant to help us debug various issues with
      ticket 23847. To use this feature, compile with
      --enable-restart-debugging, and set the TOR_DEBUG_RESTART
      environment variable. This is expected to crash a lot, and is
      really meant for developers only. It will likely be removed in a
      future release. Implements ticket 24583.

  o Minor bugfixes (build, rust):
    - Fix output of autoconf checks to display success messages for Rust
      dependencies and a suitable rustc compiler version. Fixes bug
      24612; bugfix on 0.3.1.3-alpha.
    - Don't pass the --quiet option to cargo: it seems to suppress some
      errors, which is not what we want to do when building. Fixes bug
      24518; bugfix on 0.3.1.7.
    - Build correctly when building from outside Tor's source tree with
      the TOR_RUST_DEPENDENCIES option set. Fixes bug 22768; bugfix
      on 0.3.1.7.

  o Minor bugfixes (C correctness):
    - Fix a very unlikely (impossible, we believe) null pointer
      dereference. Fixes bug 25629; bugfix on 0.2.9.15. Found by
      Coverity; this is CID 1430932.

  o Minor bugfixes (channel, client):
    - Better identify client connection when reporting to the geoip
      client cache. Fixes bug 24904; bugfix on 0.3.1.7.

  o Minor bugfixes (circuit, cannibalization):
    - Don't cannibalize preemptively-built circuits if we no longer
      recognize their first hop. This situation can happen if our Guard
      relay went off the consensus after the circuit was created. Fixes
      bug 24469; bugfix on 0.0.6.

  o Minor bugfixes (client, backport from 0.3.4.1-alpha):
    - Don't consider Tor running as a client if the ControlPort is open,
      but no actual client ports are open. Fixes bug 26062; bugfix
      on 0.2.9.4-alpha.

  o Minor bugfixes (compilation):
    - Fix a C99 compliance issue in our configuration script that caused
      compilation issues when compiling Tor with certain versions of
      xtools. Fixes bug 25474; bugfix on 0.3.2.5-alpha.

  o Minor bugfixes (controller):
    - Restore the correct operation of the RESOLVE command, which had
      been broken since we added the ability to enable/disable DNS on
      specific listener ports. Fixes bug 25617; bugfix on 0.2.9.3-alpha.
    - Avoid a (nonfatal) assertion failure when extending a one-hop
      circuit from the controller to become a multihop circuit. Fixes
      bug 24903; bugfix on 0.2.5.2-alpha.

  o Minor bugfixes (correctness):
    - Remove a nonworking, unnecessary check to see whether a circuit
      hop's identity digest was set when the circuit failed. Fixes bug
      24927; bugfix on 0.2.4.4-alpha.

  o Minor bugfixes (correctness, client, backport from 0.3.4.1-alpha):
    - Upon receiving a malformed connected cell, stop processing the
      cell immediately. Previously we would mark the connection for
      close, but continue processing the cell as if the connection were
      open. Fixes bug 26072; bugfix on 0.2.4.7-alpha.

  o Minor bugfixes (directory authorities, IPv6):
    - When creating a routerstatus (vote) from a routerinfo (descriptor),
      set the IPv6 address to the unspecified IPv6 address, and
      explicitly initialize the port to zero. Fixes bug 24488; bugfix
      on 0.2.4.1-alpha.

  o Minor bugfixes (documentation):
    - Document that the PerConnBW{Rate,Burst} options will fall back to
      their corresponding consensus parameters only if those parameters
      are set. Previously we had claimed that these values would always
      be set in the consensus. Fixes bug 25296; bugfix on 0.2.2.7-alpha.

  o Minor bugfixes (documentation, backport from 0.3.4.1-alpha):
    - Stop saying in the manual that clients cache ipv4 dns answers from
      exit relays. We haven't used them since 0.2.6.3-alpha, and in
      ticket 24050 we stopped even caching them as of 0.3.2.6-alpha, but
      we forgot to say so in the man page. Fixes bug 26052; bugfix
      on 0.3.2.6-alpha.

  o Minor bugfixes (exit relay DNS retries):
    - Re-attempt timed-out DNS queries 3 times before failure, since our
      timeout is 5 seconds for them, but clients wait 10-15. Also allow
      slightly more timeouts per resolver when an exit has multiple
      resolvers configured. Fixes bug 21394; bugfix on 0.3.1.9.

  o Minor bugfixes (fallback directory mirrors):
    - Make updateFallbackDirs.py search harder for python. (Some OSs
      don't put it in /usr/bin.) Fixes bug 24708; bugfix
      on 0.2.8.1-alpha.

  o Minor bugfixes (hibernation, bandwidth accounting, shutdown):
    - When hibernating, close connections normally and allow them to
      flush. Fixes bug 23571; bugfix on 0.2.4.7-alpha. Also fixes
      bug 7267.
    - Do not attempt to launch self-reachability tests when entering
      hibernation. Fixes a case of bug 12062; bugfix on 0.0.9pre5.
    - Resolve several bugs related to descriptor fetching on bridge
      clients with bandwidth accounting enabled. (This combination is
      not recommended!) Fixes a case of bug 12062; bugfix
      on 0.2.0.3-alpha.
    - When hibernating, do not attempt to launch DNS checks. Fixes a
      case of bug 12062; bugfix on 0.1.2.2-alpha.
    - When hibernating, do not try to upload or download descriptors.
      Fixes a case of bug 12062; bugfix on 0.0.9pre5.

  o Minor bugfixes (IPv6, bridges):
    - Tor now always sets IPv6 preferences for bridges. Fixes bug 24573;
      bugfix on 0.2.8.2-alpha.
    - Tor now sets IPv6 address in the routerstatus as well as in the
      router descriptors when updating addresses for a bridge. Closes
      ticket 24572; bugfix on 0.2.4.5-alpha. Patch by "ffmancera".

  o Minor bugfixes (Linux seccomp2 sandbox):
    - When running with the sandbox enabled, reload configuration files
      correctly even when %include was used. Previously we would crash.
      Fixes bug 22605; bugfix on 0.3.1. Patch from Daniel Pinto.

  o Minor bugfixes (Linux seccomp2 sandbox, backport from 0.3.4.1-alpha):
    - Allow the nanosleep() system call, which glibc uses to implement
      sleep() and usleep(). Fixes bug 24969; bugfix on 0.2.5.1-alpha.

  o Minor bugfixes (logging):
    - Fix a (mostly harmless) race condition when invoking
      LOG_PROTOCOL_WARN message from a subthread while the torrc options
      are changing. Fixes bug 23954; bugfix on 0.1.1.9-alpha.

  o Minor bugfixes (man page, SocksPort):
    - Remove dead code from the old "SocksSocket" option, and rename
      SocksSocketsGroupWritable to UnixSocksGroupWritable. The old
      option still works, but is deprecated. Fixes bug 24343; bugfix
      on 0.2.6.3.

  o Minor bugfixes (memory leaks):
    - Avoid possible at-exit memory leaks related to use of Libevent's
      event_base_once() function. (This function tends to leak memory if
      the event_base is closed before the event fires.) Fixes bug 24584;
      bugfix on 0.2.8.1-alpha.
    - Fix a harmless memory leak in tor-resolve. Fixes bug 24582; bugfix
      on 0.2.1.1-alpha.

  o Minor bugfixes (network IPv6 test):
    - Tor's test scripts now check if "ping -6 ::1" works when the user
      runs "make test-network-all". Fixes bug 24677; bugfix on
      0.2.9.3-alpha. Patch by "ffmancera".

  o Minor bugfixes (networking):
    - string_is_valid_hostname() will not consider IP strings to be
      valid hostnames. Fixes bug 25055; bugfix on Tor 0.2.5.5.

  o Minor bugfixes (onion service v3):
    - Avoid an assertion failure when the next onion service descriptor
      rotation type is out of sync with the consensus's valid-after
      time. Instead, log a warning message with extra information, so we
      can better hunt down the cause of this assertion. Fixes bug 25306;
      bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (onion service, backport from 0.3.4.1-alpha):
    - Fix a memory leak when a v3 onion service is configured and gets a
      SIGHUP signal. Fixes bug 25901; bugfix on 0.3.2.1-alpha.
    - When parsing the descriptor signature, look for the token plus an
      extra white-space at the end. This is more correct but also will
      allow us to support new fields that might start with "signature".
      Fixes bug 26069; bugfix on 0.3.0.1-alpha.

  o Minor bugfixes (onion services):
    - If we are configured to offer a single onion service, don't log
      long-term established one hop rendezvous points in the heartbeat.
      Fixes bug 25116; bugfix on 0.2.9.6-rc.

  o Minor bugfixes (performance):
    - Reduce the number of circuits that will be opened at once during
      the circuit build timeout phase. This is done by increasing the
      idle timeout to 3 minutes, and lowering the maximum number of
      concurrent learning circuits to 10. Fixes bug 24769; bugfix
      on 0.3.1.1-alpha.
    - Avoid calling protocol_list_supports_protocol() from inside tight
      loops when running with cached routerinfo_t objects. Instead,
      summarize the relevant protocols as flags in the routerinfo_t, as
      we do for routerstatus_t objects. This change simplifies our code
      a little, and saves a large amount of short-term memory allocation
      operations. Fixes bug 25008; bugfix on 0.2.9.4-alpha.

  o Minor bugfixes (performance, timeouts):
    - Consider circuits for timeout as soon as they complete a hop. This
      is more accurate than applying the timeout in
      circuit_expire_building() because that function is only called
      once per second, which is now too slow for typical timeouts on the
      current network. Fixes bug 23114; bugfix on 0.2.2.2-alpha.
    - Use onion service circuits (and other circuits longer than 3 hops)
      to calculate a circuit build timeout. Previously, Tor only
      calculated its build timeout based on circuits that planned to be
      exactly 3 hops long. With this change, we include measurements
      from all circuits at the point where they complete their third
      hop. Fixes bug 23100; bugfix on 0.2.2.2-alpha.

  o Minor bugfixes (relay, crash, backport from 0.3.4.1-alpha):
    - Avoid a crash when running with DirPort set but ORPort turned off.
      Fixes a case of bug 23693; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (Rust FFI):
    - Fix a minor memory leak which would happen whenever the C code
      would call the Rust implementation of
      protover_get_supported_protocols(). This was due to the C version
      returning a static string, whereas the Rust version newly allocated
      a CString to pass across the FFI boundary. Consequently, the C
      code was not expecting to need to free() what it was given. Fixes
      bug 25127; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (spelling):
    - Use the "misspell" tool to detect and fix typos throughout the
      source code. Fixes bug 23650; bugfix on various versions of Tor.
      Patch from Deepesh Pathak.

  o Minor bugfixes (testing):
    - Avoid intermittent test failures due to a test that had relied on
      onion service introduction point creation finishing within 5
      seconds of real clock time. Fixes bug 25450; bugfix
      on 0.3.1.3-alpha.
    - Give out Exit flags in bootstrapping networks. Fixes bug 24137;
      bugfix on 0.2.3.1-alpha.

  o Minor bugfixes (unit test, monotonic time):
    - Increase a constant (1msec to 10msec) in the monotonic time test
      that makes sure the nsec/usec/msec times read are synchronized.
      This change was needed to accommodate slow systems like armel or
      when the clock_gettime() is not a VDSO on the running kernel.
      Fixes bug 25113; bugfix on 0.2.9.1.

  o Code simplification and refactoring:
    - Move the list of default directory authorities to its own file.
      Closes ticket 24854. Patch by "beastr0".
    - Remove the old (deterministic) directory retry logic entirely:
      We've used exponential backoff exclusively for some time. Closes
      ticket 23814.
    - Remove the unused nodelist_recompute_all_hsdir_indices(). Closes
      ticket 25108.
    - Remove a series of counters used to track circuit extend attempts
      and connection status but that in reality we aren't using for
      anything other than stats logged by a SIGUSR1 signal. Closes
      ticket 25163.
    - Remove /usr/athena from search path in configure.ac. Closes
      ticket 24363.
    - Remove duplicate code in node_has_curve25519_onion_key() and
      node_get_curve25519_onion_key(), and add a check for a zero
      microdesc curve25519 onion key. Closes ticket 23966, patch by
      "aruna1234" and teor.
    - Rewrite channel_rsa_id_group_set_badness to reduce temporary
      memory allocations with large numbers of OR connections (e.g.
      relays). Closes ticket 24119.
    - Separate the function that deletes ephemeral files when Tor
      stops gracefully.
    - Small changes to Tor's buf_t API to make it suitable for use as a
      general-purpose safe string constructor. Closes ticket 22342.
    - Switch -Wnormalized=id to -Wnormalized=nfkc in configure.ac to
      avoid source code identifier confusion. Closes ticket 24467.
    - The tor_git_revision[] constant no longer needs to be redeclared
      by everything that links against the rest of Tor. Done as part of
      ticket 23845, to simplify our external API.
    - We make extend_info_from_node() use node_get_curve25519_onion_key()
      introduced in ticket 23577 to access the curve25519 public keys
      rather than accessing it directly. Closes ticket 23760. Patch by
      Neel Chauhan.
    - Add a function to log channels' scheduler state changes to aid
      debugging efforts. Closes ticket 24531.

  o Documentation:
    - Improved the documentation of AccountingStart parameter. Closes
      ticket 23635.
    - Update the documentation for "Log" to include the current list of
      logging domains. Closes ticket 25378.
    - Add documentation on how to build tor with Rust dependencies
      without having to be online. Closes ticket 22907; bugfix
      on 0.3.0.3-alpha.
    - Clarify the behavior of RelayBandwidth{Rate,Burst} with client
      traffic. Closes ticket 24318.
    - Document that OutboundBindAddress doesn't apply to DNS requests.
      Closes ticket 22145. Patch from Aruna Maurya.

  o Code simplification and refactoring (channels):
    - Remove the incoming and outgoing channel queues. These were never
      used, but still took up a step in our fast path.
    - The majority of the channel unit tests have been rewritten and the
      code coverage has now been raised to 83.6% for channel.c. Closes
      ticket 23709.
    - Remove other dead code from the channel subsystem: All together,
      this cleanup has removed more than 1500 lines of code overall and
      adding very little except for unit test.

  o Code simplification and refactoring (circuit rendezvous):
    - Split the client-side rendezvous circuit lookup into two
      functions: one that returns only established circuits and another
      that returns all kinds of circuits. Closes ticket 23459.

  o Code simplification and refactoring (controller):
    - Make most of the variables in networkstatus_getinfo_by_purpose()
      const. Implements ticket 24489.

  o Documentation (backport from 0.3.4.1-alpha):
    - Correct an IPv6 error in the documentation for ExitPolicy. Closes
      ticket 25857. Patch from "CTassisF".

  o Documentation (man page):
    - The HiddenServiceVersion torrc option accepts only one number:
      either version 2 or 3. Closes ticket 25026; bugfix
      on 0.3.2.2-alpha.

  o Documentation (manpage, denial of service):
    - Provide more detail about the denial-of-service options, by
      listing each mitigation and explaining how they relate. Closes
      ticket 25248.


Changes in version 0.3.1.10 - 2018-03-03
  Tor 0.3.1.10 backports a number of bugfixes, including important fixes for
  security issues.

  It includes an important security fix for a remote crash attack
  against directory authorities, tracked as TROVE-2018-001.

  This release also backports our new system for improved resistance to
  denial-of-service attacks against relays.

  This release also fixes several minor bugs and annoyances from
  earlier releases.

  All directory authorities should upgrade to one of the versions
  released today. Relays running 0.3.1.x may wish to update to one of
  the versions released today, for the DoS mitigations.

  Please note: according to our release calendar, Tor 0.3.1 will no
  longer be supported after 1 July 2018. If you will be running Tor
  after that date, you should make sure to plan to upgrade to the latest
  stable version, or downgrade to 0.2.9 (which will receive long-term
  support).

  o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
    - Fix a protocol-list handling bug that could be used to remotely crash
      directory authorities with a null-pointer exception. Fixes bug 25074;
      bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
      CVE-2018-0490.

  o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
    - Give relays some defenses against the recent network overload. We
      start with three defenses (default parameters in parentheses).
      First: if a single client address makes too many concurrent
      connections (>100), hang up on further connections. Second: if a
      single client address makes circuits too quickly (more than 3 per
      second, with an allowed burst of 90) while also having too many
      connections open (3), refuse new create cells for the next while
      (1-2 hours). Third: if a client asks to establish a rendezvous
      point to you directly, ignore the request. These defenses can be
      manually controlled by new torrc options, but relays will also
      take guidance from consensus parameters, so there's no need to
      configure anything manually. Implements ticket 24902.

  o Minor features (linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
    - Update the sandbox rules so that they should now work correctly
      with Glibc 2.26. Closes ticket 24315.

  o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
    - Fix an "off by 2" error in counting rendezvous failures on the
      onion service side. While we thought we would stop the rendezvous
      attempt after one failed circuit, we were actually making three
      circuit attempts before giving up. Now switch to a default of 2,
      and allow the consensus parameter "hs_service_max_rdv_failures" to
      override. Fixes bug 24895; bugfix on 0.0.6.

  o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
    - Add Link protocol version 5 to the supported protocols list. Fixes
      bug 25070; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (relay, backport from 0.3.3.1-alpha):
    - Fix a set of false positives where relays would consider
      connections to other relays as being client-only connections (and
      thus e.g. deserving different link padding schemes) if those
      relays fell out of the consensus briefly. Now we look only at the
      initial handshake and whether the connection authenticated as a
      relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.

  o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
    - Make our OOM handler aware of the geoip client history cache so it
      doesn't fill up the memory. This check is important for IPv6 and
      our DoS mitigation subsystem. Closes ticket 25122.

  o Minor feature (relay statistics, backport from 0.3.2.6-alpha):
    - Change relay bandwidth reporting stats interval from 4 hours to 24
      hours in order to reduce the efficiency of guard discovery
      attacks. Fixes ticket 23856.

  o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
    - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
      Previous versions of Tor would not have worked with OpenSSL 1.1.1,
      since they neither disabled TLS 1.3 nor enabled any of the
      ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
      Closes ticket 24978.

  o Minor features (fallback directory mirrors, backport from 0.3.2.9):
    - The fallback directory list has been re-generated based on the
      current status of the network. Tor uses fallback directories to
      bootstrap when it doesn't yet have up-to-date directory
      information. Closes ticket 24801.
    - Make the default DirAuthorityFallbackRate 0.1, so that clients
      prefer to bootstrap from fallback directory mirrors. This is a
      follow-up to 24679, which removed weights from the default
      fallbacks. Implements ticket 24681.

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
      Country database.

  o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
    - Use the actual observed address of an incoming relay connection,
      not the canonical address of the relay from its descriptor, when
      making decisions about how to handle the incoming connection.
      Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".

  o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
    - Directory authorities, when refusing a descriptor from a rejected
      relay, now explicitly tell the relay (in its logs) to set a valid
      ContactInfo address and contact the bad-relays@ mailing list.
      Fixes bug 25170; bugfix on 0.2.9.1.

  o Minor bugfixes (address selection, backport from 0.3.2.9):
    - When the fascist_firewall_choose_address_ functions don't find a
      reachable address, set the returned address to the null address
      and port. This is a precautionary measure, because some callers do
      not check the return value. Fixes bug 24736; bugfix
      on 0.2.8.2-alpha.

  o Major bugfixes (bootstrapping, backport from 0.3.2.5-alpha):
    - Fetch descriptors aggressively whenever we lack enough to build
      circuits, regardless of how many descriptors we are missing.
      Previously, we would delay launching the fetch when we had fewer
      than 15 missing descriptors, even if some of those descriptors
      were blocking circuits from building. Fixes bug 23985; bugfix on
      0.1.1.11-alpha. The effects of this bug became worse in
      0.3.0.3-alpha, when we began treating missing descriptors from our
      primary guards as a reason to delay circuits.
    - Don't try fetching microdescriptors from relays that have failed
      to deliver them in the past. Fixes bug 23817; bugfix
      on 0.3.0.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.2.7-rc):
    - Fix a signed/unsigned comparison warning introduced by our fix to
      TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.

  o Minor bugfixes (control port, linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
    - Avoid a crash when attempting to use the seccomp2 sandbox together
      with the OwningControllerProcess feature. Fixes bug 24198; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
    - Fix a possible crash on malformed consensus. If a consensus had
      contained an unparseable protocol line, it could have made clients
      and relays crash with a null-pointer exception. To exploit this
      issue, however, an attacker would need to be able to subvert the
      directory authority system. Fixes bug 25251; bugfix on
      0.2.9.4-alpha. Also tracked as TROVE-2018-004.

  o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha):
    - Recover better from empty or corrupt files in the consensus cache
      directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
    - When a consensus diff calculation is only partially successful,
      only record the successful parts as having succeeded. Partial
      success can happen if (for example) one compression method fails
      but the others succeed. Previously we misrecorded all the
      calculations as having succeeded, which would later cause a
      nonfatal assertion failure. Fixes bug 24086; bugfix
      on 0.3.1.1-alpha.

  o Minor bugfixes (entry guards, backport from 0.3.2.3-alpha):
    - Tor now updates its guard state when it reads a consensus
      regardless of whether it's missing descriptors. That makes tor use
      its primary guards to fetch descriptors in some edge cases where
      it would previously have used fallback directories. Fixes bug
      23862; bugfix on 0.3.0.1-alpha.

  o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
    - Don't treat inability to store a cached consensus object as a bug:
      it can happen normally when we are out of disk space. Fixes bug
      24859; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (memory usage, backport from 0.3.2.8-rc):
    - When queuing DESTROY cells on a channel, only queue the circuit-id
      and reason fields: not the entire 514-byte cell. This fix should
      help mitigate any bugs or attacks that fill up these queues, and
      free more RAM for other uses. Fixes bug 24666; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (network layer, backport from 0.3.2.5-alpha):
    - When closing a connection via close_connection_immediately(), we
      mark it as "not blocked on bandwidth", to prevent later calls from
      trying to unblock it, and give it permission to read. This fixes a
      backtrace warning that can happen on relays under various
      circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (path selection, backport from 0.3.2.4-alpha):
    - When selecting relays by bandwidth, avoid a rounding error that
      could sometimes cause load to be imbalanced incorrectly.
      Previously, we would always round upwards; now, we round towards
      the nearest integer. This had the biggest effect when a relay's
      weight adjustments should have given it weight 0, but it got
      weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    - When calculating the fraction of nodes that have descriptors, and
      all nodes in the network have zero bandwidths, count the number of
      nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    - Actually log the total bandwidth in compute_weighted_bandwidths().
      Fixes bug 24170; bugfix on 0.2.4.3-alpha.

  o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
    - Improve the performance of our consensus-diff application code
      when Tor is built with the --enable-fragile-hardening option set.
      Fixes bug 24826; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
    - Don't exit the Tor process if setrlimit() fails to change the file
      limit (which can happen sometimes on some versions of OSX). Fixes
      bug 21074; bugfix on 0.0.9pre5.

  o Minor bugfixes (portability, msvc, backport from 0.3.2.9):
    - Fix a bug in the bit-counting parts of our timing-wheel code on
      MSVC. (Note that MSVC is still not a supported build platform, due
      to cyptographic timing channel risks.) Fixes bug 24633; bugfix
      on 0.2.9.1-alpha.

  o Minor bugfixes (relay, partial backport):
    - Make the internal channel_is_client() function look at what sort
      of connection handshake the other side used, rather than whether
      the other side ever sent a create_fast cell to us. Backports part
      of the fixes from bugs 22805 and 24898.

  o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
    - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
      0.2.9.4-alpha.
    - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
      bugfix on 0.2.9.4-alpha.

  o Code simplification and refactoring (backport from 0.3.3.3-alpha):
    - Update the "rust dependencies" submodule to be a project-level
      repository, rather than a user repository. Closes ticket 25323.


Changes in version 0.2.9.15 - 2018-03-03
  Tor 0.2.9.15 backports important security and stability bugfixes from
  later Tor releases.

  It includes an important security fix for a remote crash attack
  against directory authorities, tracked as TROVE-2018-001.

  This release also backports our new system for improved resistance to
  denial-of-service attacks against relays.

  This release also fixes several minor bugs and annoyances from
  earlier releases.

  All directory authorities should upgrade to one of the versions
  released today. Relays running 0.2.9.x may wish to update to one of
  the versions released today, for the DoS mitigations.

  o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
    - Fix a protocol-list handling bug that could be used to remotely crash
      directory authorities with a null-pointer exception. Fixes bug 25074;
      bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
      CVE-2018-0490.

  o Major features (denial-of-service mitigation):
    - Give relays some defenses against the recent network overload. We
      start with three defenses (default parameters in parentheses).
      First: if a single client address makes too many concurrent
      connections (>100), hang up on further connections. Second: if a
      single client address makes circuits too quickly (more than 3 per
      second, with an allowed burst of 90) while also having too many
      connections open (3), refuse new create cells for the next while
      (1-2 hours). Third: if a client asks to establish a rendezvous
      point to you directly, ignore the request. These defenses can be
      manually controlled by new torrc options, but relays will also
      take guidance from consensus parameters, so there's no need to
      configure anything manually. Implements ticket 24902.

  o Major bugfixes (bootstrapping):
    - Fetch descriptors aggressively whenever we lack enough to build
      circuits, regardless of how many descriptors we are missing.
      Previously, we would delay launching the fetch when we had fewer
      than 15 missing descriptors, even if some of those descriptors
      were blocking circuits from building. Fixes bug 23985; bugfix on
      0.1.1.11-alpha. The effects of this bug became worse in
      0.3.0.3-alpha, when we began treating missing descriptors from our
      primary guards as a reason to delay circuits.

  o Major bugfixes (onion services, retry behavior):
    - Fix an "off by 2" error in counting rendezvous failures on the
      onion service side. While we thought we would stop the rendezvous
      attempt after one failed circuit, we were actually making three
      circuit attempts before giving up. Now switch to a default of 2,
      and allow the consensus parameter "hs_service_max_rdv_failures" to
      override. Fixes bug 24895; bugfix on 0.0.6.

  o Minor feature (relay statistics):
    - Change relay bandwidth reporting stats interval from 4 hours to 24
      hours in order to reduce the efficiency of guard discovery
      attacks. Fixes ticket 23856.

  o Minor features (compatibility, OpenSSL):
    - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
      Previous versions of Tor would not have worked with OpenSSL 1.1.1,
      since they neither disabled TLS 1.3 nor enabled any of the
      ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
      Closes ticket 24978.

  o Minor features (denial-of-service avoidance):
    - Make our OOM handler aware of the geoip client history cache so it
      doesn't fill up the memory. This check is important for IPv6 and
      our DoS mitigation subsystem. Closes ticket 25122.

  o Minor features (fallback directory mirrors):
    - The fallback directory list has been re-generated based on the
      current status of the network. Tor uses fallback directories to
      bootstrap when it doesn't yet have up-to-date directory
      information. Closes ticket 24801.
    - Make the default DirAuthorityFallbackRate 0.1, so that clients
      prefer to bootstrap from fallback directory mirrors. This is a
      follow-up to 24679, which removed weights from the default
      fallbacks. Implements ticket 24681.

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
      Country database.

  o Minor features (linux seccomp2 sandbox):
    - Update the sandbox rules so that they should now work correctly
      with Glibc 2.26. Closes ticket 24315.

  o Minor bugfix (channel connection):
    - Use the actual observed address of an incoming relay connection,
      not the canonical address of the relay from its descriptor, when
      making decisions about how to handle the incoming connection.
      Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".

  o Minor bugfix (directory authority):
    - Directory authorities, when refusing a descriptor from a rejected
      relay, now explicitly tell the relay (in its logs) to set a valid
      ContactInfo address and contact the bad-relays@ mailing list.
      Fixes bug 25170; bugfix on 0.2.9.1.

  o Minor bugfixes (address selection):
    - When the fascist_firewall_choose_address_ functions don't find a
      reachable address, set the returned address to the null address
      and port. This is a precautionary measure, because some callers do
      not check the return value. Fixes bug 24736; bugfix
      on 0.2.8.2-alpha.

  o Minor bugfixes (compilation):
    - Fix a signed/unsigned comparison warning introduced by our fix to
      TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.

  o Minor bugfixes (control port, linux seccomp2 sandbox):
    - Avoid a crash when attempting to use the seccomp2 sandbox together
      with the OwningControllerProcess feature. Fixes bug 24198; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
    - Fix a possible crash on malformed consensus. If a consensus had
      contained an unparseable protocol line, it could have made clients
      and relays crash with a null-pointer exception. To exploit this
      issue, however, an attacker would need to be able to subvert the
      directory authority system. Fixes bug 25251; bugfix on
      0.2.9.4-alpha. Also tracked as TROVE-2018-004.

  o Minor bugfixes (memory usage):
    - When queuing DESTROY cells on a channel, only queue the circuit-id
      and reason fields: not the entire 514-byte cell. This fix should
      help mitigate any bugs or attacks that fill up these queues, and
      free more RAM for other uses. Fixes bug 24666; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (network layer):
    - When closing a connection via close_connection_immediately(), we
      mark it as "not blocked on bandwidth", to prevent later calls from
      trying to unblock it, and give it permission to read. This fixes a
      backtrace warning that can happen on relays under various
      circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (OSX):
    - Don't exit the Tor process if setrlimit() fails to change the file
      limit (which can happen sometimes on some versions of OSX). Fixes
      bug 21074; bugfix on 0.0.9pre5.

  o Minor bugfixes (path selection):
    - When selecting relays by bandwidth, avoid a rounding error that
      could sometimes cause load to be imbalanced incorrectly.
      Previously, we would always round upwards; now, we round towards
      the nearest integer. This had the biggest effect when a relay's
      weight adjustments should have given it weight 0, but it got
      weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    - When calculating the fraction of nodes that have descriptors, and
      all nodes in the network have zero bandwidths, count the number of
      nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    - Actually log the total bandwidth in compute_weighted_bandwidths().
      Fixes bug 24170; bugfix on 0.2.4.3-alpha.

  o Minor bugfixes (portability, msvc):
    - Fix a bug in the bit-counting parts of our timing-wheel code on
      MSVC. (Note that MSVC is still not a supported build platform, due
      to cryptographic timing channel risks.) Fixes bug 24633; bugfix
      on 0.2.9.1-alpha.

  o Minor bugfixes (relay):
    - Make the internal channel_is_client() function look at what sort
      of connection handshake the other side used, rather than whether
      the other side ever sent a create_fast cell to us. Backports part
      of the fixes from bugs 22805 and 24898.

  o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
    - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
      0.2.9.4-alpha.
    - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
      bugfix on 0.2.9.4-alpha.


Changes in version 0.3.2.10 - 2018-03-03
  Tor 0.3.2.10 is the second stable release in the 0.3.2 series. It
  backports a number of bugfixes, including important fixes for security
  issues.

  It includes an important security fix for a remote crash attack
  against directory authorities, tracked as TROVE-2018-001.

  Additionally, it backports a fix for a bug whose severity we have
  upgraded: Bug 24700, which was fixed in 0.3.3.2-alpha, can be remotely
  triggered in order to crash relays with a use-after-free pattern. As
  such, we are now tracking that bug as TROVE-2018-002 and
  CVE-2018-0491, and backporting it to earlier releases. This bug
  affected versions 0.3.2.1-alpha through 0.3.2.9, as well as version
  0.3.3.1-alpha.

  This release also backports our new system for improved resistance to
  denial-of-service attacks against relays.

  This release also fixes several minor bugs and annoyances from
  earlier releases.

  Relays running 0.3.2.x SHOULD upgrade to one of the versions released
  today, for the fix to TROVE-2018-002. Directory authorities should
  also upgrade. (Relays on earlier versions might want to update too for
  the DoS mitigations.)

  o Major bugfixes (denial-of-service, directory authority, backport from 0.3.3.3-alpha):
    - Fix a protocol-list handling bug that could be used to remotely crash
      directory authorities with a null-pointer exception. Fixes bug 25074;
      bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2018-001 and
      CVE-2018-0490.

  o Major bugfixes (scheduler, KIST, denial-of-service, backport from 0.3.3.2-alpha):
    - Avoid adding the same channel twice in the KIST scheduler pending
      list, which could lead to remote denial-of-service use-after-free
      attacks against relays. Fixes bug 24700; bugfix on 0.3.2.1-alpha.

  o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
    - Give relays some defenses against the recent network overload. We
      start with three defenses (default parameters in parentheses).
      First: if a single client address makes too many concurrent
      connections (>100), hang up on further connections. Second: if a
      single client address makes circuits too quickly (more than 3 per
      second, with an allowed burst of 90) while also having too many
      connections open (3), refuse new create cells for the next while
      (1-2 hours). Third: if a client asks to establish a rendezvous
      point to you directly, ignore the request. These defenses can be
      manually controlled by new torrc options, but relays will also
      take guidance from consensus parameters, so there's no need to
      configure anything manually. Implements ticket 24902.

  o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
    - Fix an "off by 2" error in counting rendezvous failures on the
      onion service side. While we thought we would stop the rendezvous
      attempt after one failed circuit, we were actually making three
      circuit attempts before giving up. Now switch to a default of 2,
      and allow the consensus parameter "hs_service_max_rdv_failures" to
      override. Fixes bug 24895; bugfix on 0.0.6.
    - New-style (v3) onion services now obey the "max rendezvous circuit
      attempts" logic. Previously they would make as many rendezvous
      circuit attempts as they could fit in the MAX_REND_TIMEOUT second
      window before giving up. Fixes bug 24894; bugfix on 0.3.2.1-alpha.

  o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
    - Add Link protocol version 5 to the supported protocols list. Fixes
      bug 25070; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (relay, backport from 0.3.3.1-alpha):
    - Fix a set of false positives where relays would consider
      connections to other relays as being client-only connections (and
      thus e.g. deserving different link padding schemes) if those
      relays fell out of the consensus briefly. Now we look only at the
      initial handshake and whether the connection authenticated as a
      relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.

  o Major bugfixes (scheduler, consensus, backport from 0.3.3.2-alpha):
    - The scheduler subsystem was failing to promptly notice changes in
      consensus parameters, making it harder to switch schedulers
      network-wide. Fixes bug 24975; bugfix on 0.3.2.1-alpha.

  o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
    - Make our OOM handler aware of the geoip client history cache so it
      doesn't fill up the memory. This check is important for IPv6 and
      our DoS mitigation subsystem. Closes ticket 25122.

  o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
    - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
      Previous versions of Tor would not have worked with OpenSSL 1.1.1,
      since they neither disabled TLS 1.3 nor enabled any of the
      ciphersuites it requires. Now we enable the TLS 1.3 ciphersuites.
      Closes ticket 24978.

  o Minor features (geoip):
    - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
      Country database.

  o Minor features (logging, diagnostic, backport from 0.3.3.2-alpha):
    - When logging a failure to create an onion service's descriptor,
      also log what the problem with the descriptor was. Diagnostic
      for ticket 24972.

  o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
    - Use the actual observed address of an incoming relay connection,
      not the canonical address of the relay from its descriptor, when
      making decisions about how to handle the incoming connection.
      Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".

  o Minor bugfixes (denial-of-service, backport from 0.3.3.3-alpha):
    - Fix a possible crash on malformed consensus. If a consensus had
      contained an unparseable protocol line, it could have made clients
      and relays crash with a null-pointer exception. To exploit this
      issue, however, an attacker would need to be able to subvert the
      directory authority system. Fixes bug 25251; bugfix on
      0.2.9.4-alpha. Also tracked as TROVE-2018-004.

  o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
    - Directory authorities, when refusing a descriptor from a rejected
      relay, now explicitly tell the relay (in its logs) to set a valid
      ContactInfo address and contact the bad-relays@ mailing list.
      Fixes bug 25170; bugfix on 0.2.9.1.

  o Minor bugfixes (build, rust, backport from 0.3.3.1-alpha):
    - When building with Rust on OSX, link against libresolv, to work
      around the issue at https://github.com/rust-lang/rust/issues/46797.
      Fixes bug 24652; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (onion services, backport from 0.3.3.2-alpha):
    - Remove a BUG() statement when a client fetches an onion descriptor
      that has a lower revision counter than the one in its cache. This
      can happen in normal circumstances due to HSDir desync. Fixes bug
      24976; bugfix on 0.3.2.1-alpha.

  o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
    - Don't treat inability to store a cached consensus object as a bug:
      it can happen normally when we are out of disk space. Fixes bug
      24859; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
    - Improve the performance of our consensus-diff application code
      when Tor is built with the --enable-fragile-hardening option set.
      Fixes bug 24826; bugfix on 0.3.1.1-alpha.

  o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
    - Don't exit the Tor process if setrlimit() fails to change the file
      limit (which can happen sometimes on some versions of OSX). Fixes
      bug 21074; bugfix on 0.0.9pre5.

  o Minor bugfixes (spec conformance, backport from 0.3.3.3-alpha):
    - Forbid "-0" as a protocol version. Fixes part of bug 25249; bugfix on
      0.2.9.4-alpha.
    - Forbid UINT32_MAX as a protocol version. Fixes part of bug 25249;
      bugfix on 0.2.9.4-alpha.

  o Minor bugfixes (testing, backport from 0.3.3.1-alpha):
    - Fix a memory leak in the scheduler/loop_kist unit test. Fixes bug
      25005; bugfix on 0.3.2.7-rc.

  o Minor bugfixes (v3 onion services, backport from 0.3.3.2-alpha):
    - Look at the "HSRend" protocol version, not the "HSDir" protocol
      version, when deciding whether a consensus entry can support the
      v3 onion service protocol as a rendezvous point. Fixes bug 25105;
      bugfix on 0.3.2.1-alpha.

  o Code simplification and refactoring (backport from 0.3.3.3-alpha):
    - Update the "rust dependencies" submodule to be a project-level
      repository, rather than a user repository. Closes ticket 25323.

  o Documentation (backport from 0.3.3.1-alpha)
    - Document that operators who run more than one relay or bridge are
      expected to set MyFamily and ContactInfo correctly. Closes
      ticket 24526.


Changes in version 0.3.2.9 - 2018-01-09
  Tor 0.3.2.9 is the first stable release in the 0.3.2 series.

  The 0.3.2 series includes our long-anticipated new onion service
  design, with numerous security features. (For more information, see
  our blog post at https://blog.torproject.org/fall-harvest.) We also
  have a new circuit scheduler algorithm for improved performance on
  relays everywhere (see https://blog.torproject.org/kist-and-tell),
  along with many smaller features and bugfixes.

  Per our stable release policy, we plan to support each stable release
  series for at least the next nine months, or for three months after
  the first stable release of the next series: whichever is longer. If
  you need a release with long-term support, we recommend that you stay
  with the 0.2.9 series.

  Below is a list of the changes since 0.3.1.7. For a list of all
  changes since 0.3.2.8-rc, see the ChangeLog file.

  o Directory authority changes:
    - Add "Bastet" as a ninth directory authority to the default list.
      Closes ticket 23910.
    - The directory authority "Longclaw" has changed its IP address.
      Closes ticket 23592.
    - Remove longclaw's IPv6 address, as it will soon change. Authority
      IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
      3/8 directory authorities with IPv6 addresses, but there are also
      52 fallback directory mirrors with IPv6 addresses. Resolves 19760.
    - Add an IPv6 address for the "bastet" directory authority. Closes
      ticket 24394.

  o Major features (next-generation onion services):
    - Tor now supports the next-generation onion services protocol for
      clients and services! As part of this release, the core of
      proposal 224 has been implemented and is available for
      experimentation and testing by our users. This newer version of
      onion services ("v3") features many improvements over the legacy
      system, including:

      a) Better crypto (replaced SHA1/DH/RSA1024
      with SHA3/ed25519/curve25519)

      b) Improved directory protocol, leaking much less information to
      directory servers.

      c) Improved directory protocol, with smaller surface for
      targeted attacks.

      d) Better onion address security against impersonation.

      e) More extensible introduction/rendezvous protocol.

      f) A cleaner and more modular codebase.

      You can identify a next-generation onion address by its length:
      they are 56 characters long, as in
      "4acth47i6kxnvkewtm6q7ib2s3ufpo5sqbsnzjpbi7utijcltosqemad.onion".

      In the future, we will release more options and features for v3
      onion services, but we first need a testing period, so that the
      current codebase matures and becomes more robust. Planned features
      include: offline keys, advanced client authorization, improved
      guard algorithms, and statistics. For full details, see
      proposal 224.

      Legacy ("v2") onion services will still work for the foreseeable
      future, and will remain the default until this new codebase gets
      tested and hardened. Service operators who want to experiment with
      the new system can use the 'HiddenServiceVersion 3' torrc
      directive along with the regular onion service configuration
      options. For more information, see our blog post at
      "https://blog.torproject.org/fall-harvest". Enjoy!

  o Major feature (scheduler, channel):
    - Tor now uses new schedulers to decide which circuits should
      deliver cells first, in order to improve congestion at relays. The
      first type is called "KIST" ("Kernel Informed Socket Transport"),
      and is only available on Linux-like systems: it uses feedback from
      the kernel to prevent the kernel's TCP buffers from growing too
      full. The second new scheduler type is called "KISTLite": it
      behaves the same as KIST, but runs on systems without kernel
      support for inspecting TCP implementation details. The old
      scheduler is still available, under the name "Vanilla". To change
      the default scheduler preference order, use the new "Schedulers"
      option. (The default preference order is "KIST,KISTLite,Vanilla".)

      Matt Traudt implemented KIST, based on research by Rob Jansen,
      John Geddes, Christ Wacek, Micah Sherr, and Paul Syverson. For
      more information, see the design paper at
      http://www.robgjansen.com/publications/kist-sec2014.pdf and the
      followup implementation paper at https://arxiv.org/abs/1709.01044.
      Closes ticket 12541. For more information, see our blog post at
      "https://blog.torproject.org/kist-and-tell".

  o Major bugfixes (security, general):
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.

  o Major bugfixes (security, directory authority):
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.

  o Major bugfixes (security, onion service v2):
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.

  o Major bugfixes (security, relay):
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.

  o Major bugfixes (bootstrapping):
    - Fetch descriptors aggressively whenever we lack enough to build
      circuits, regardless of how many descriptors we are missing.
      Previously, we would delay launching the fetch when we had fewer
      than 15 missing descriptors, even if some of those descriptors
      were blocking circuits from building. Fixes bug 23985; bugfix on
      0.1.1.11-alpha. The effects of this bug became worse in
      0.3.0.3-alpha, when we began treating missing descriptors from our
      primary guards as a reason to delay circuits.
    - Don't try fetching microdescriptors from relays that have failed
      to deliver them in the past. Fixes bug 23817; bugfix
      on 0.3.0.1-alpha.

  o Major bugfixes (circuit prediction):
    - Fix circuit prediction logic so that a client doesn't treat a port
      as being "handled" by a circuit if that circuit already has
      isolation settings on it. This change should make Tor clients more
      responsive by improving their chances of having a pre-created
      circuit ready for use when a request arrives. Fixes bug 18859;
      bugfix on 0.2.3.3-alpha.

  o Major bugfixes (exit relays, DNS):
    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
      identifying and finding a workaround to this bug and to Moritz,
      Arthur Edelstein, and Roger for helping to track it down and
      analyze it.

  o Major bugfixes (relay, crash, assertion failure):
    - Fix a timing-based assertion failure that could occur when the
      circuit out-of-memory handler freed a connection's output buffer.
      Fixes bug 23690; bugfix on 0.2.6.1-alpha.

  o Major bugfixes (usability, control port):
    - Report trusted clock skew indications as bootstrap errors, so
      controllers can more easily alert users when their clocks are
      wrong. Fixes bug 23506; bugfix on 0.1.2.6-alpha.

  o Minor features (bridge):
    - Bridge relays can now set the BridgeDistribution config option to
      add a "bridge-distribution-request" line to their bridge
      descriptor, which tells BridgeDB how they'd like their bridge
      address to be given out. (Note that as of Oct 2017, BridgeDB does
      not yet implement this feature.) As a side benefit, this feature
      provides a way to distinguish bridge descriptors from non-bridge
      descriptors. Implements tickets 18329.
    - When handling the USERADDR command on an ExtOrPort, warn when the
      transports provides a USERADDR with no port. In a future version,
      USERADDR commands of this format may be rejected. Detects problems
      related to ticket 23080.

  o Minor features (bug detection):
    - Log a warning message with a stack trace for any attempt to call
      get_options() during option validation. This pattern has caused
      subtle bugs in the past. Closes ticket 22281.

  o Minor features (build, compilation):
    - The "check-changes" feature is now part of the "make check" tests;
      we'll use it to try to prevent misformed changes files from
      accumulating. Closes ticket 23564.
    - Tor builds should now fail if there are any mismatches between the
      C type representing a configuration variable and the C type the
      data-driven parser uses to store a value there. Previously, we
      needed to check these by hand, which sometimes led to mistakes.
      Closes ticket 23643.

  o Minor features (client):
    - You can now use Tor as a tunneled HTTP proxy: use the new
      HTTPTunnelPort option to open a port that accepts HTTP CONNECT
      requests. Closes ticket 22407.
    - Add an extra check to make sure that we always use the newer guard
      selection code for picking our guards. Closes ticket 22779.
    - When downloading (micro)descriptors, don't split the list into
      multiple requests unless we want at least 32 descriptors.
      Previously, we split at 4, not 32, which led to significant
      overhead in HTTP request size and degradation in compression
      performance. Closes ticket 23220.
    - Improve log messages when missing descriptors for primary guards.
      Resolves ticket 23670.

  o Minor features (command line):
    - Add a new commandline option, --key-expiration, which prints when
      the current signing key is going to expire. Implements ticket
      17639; patch by Isis Lovecruft.

  o Minor features (control port):
    - If an application tries to use the control port as an HTTP proxy,
      respond with a meaningful "This is the Tor control port" message,
      and log the event. Closes ticket 1667. Patch from Ravi
      Chandra Padmala.
    - Provide better error message for GETINFO desc/(id|name) when not
      fetching router descriptors. Closes ticket 5847. Patch by
      Kevin Butler.
    - Add GETINFO "{desc,md}/download-enabled", to inform the controller
      whether Tor will try to download router descriptors and
      microdescriptors respectively. Closes ticket 22684.
    - Added new GETINFO targets "ip-to-country/{ipv4,ipv6}-available",
      so controllers can tell whether the geoip databases are loaded.
      Closes ticket 23237.
    - Adds a timestamp field to the CIRC_BW and STREAM_BW bandwidth
      events. Closes ticket 19254. Patch by "DonnchaC".

  o Minor features (development support):
    - Developers can now generate a call-graph for Tor using the
      "calltool" python program, which post-processes object dumps. It
      should work okay on many Linux and OSX platforms, and might work
      elsewhere too. To run it, install calltool from
      https://gitweb.torproject.org/user/nickm/calltool.git and run
      "make callgraph". Closes ticket 19307.

  o Minor features (directory authority):
    - Make the "Exit" flag assignment only depend on whether the exit
      policy allows connections to ports 80 and 443. Previously relays
      would get the Exit flag if they allowed connections to one of
      these ports and also port 6667. Resolves ticket 23637.

  o Minor features (ed25519):
    - Add validation function to checks for torsion components in
      ed25519 public keys, used by prop224 client-side code. Closes
      ticket 22006. Math help by Ian Goldberg.

  o Minor features (exit relay, DNS):
    - Improve the clarity and safety of the log message from evdns when
      receiving an apparently spoofed DNS reply. Closes ticket 3056.

  o Minor features (fallback directory mirrors):
    - The fallback directory list has been re-generated based on the
      current status of the network. Tor uses fallback directories to
      bootstrap when it doesn't yet have up-to-date directory
      information. Closes ticket 24801.
    - Make the default DirAuthorityFallbackRate 0.1, so that clients
      prefer to bootstrap from fallback directory mirrors. This is a
      follow-up to 24679, which removed weights from the default
      fallbacks. Implements ticket 24681.

  o Minor features (geoip):
    - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
      Country database.

  o Minor features (integration, hardening):
    - Add a new NoExec option to prevent Tor from running other
      programs. When this option is set to 1, Tor will never try to run
      another program, regardless of the settings of
      PortForwardingHelper, ClientTransportPlugin, or
      ServerTransportPlugin. Once NoExec is set, it cannot be disabled
      without restarting Tor. Closes ticket 22976.

  o Minor features (linux seccomp2 sandbox):
    - Update the sandbox rules so that they should now work correctly
      with Glibc 2.26. Closes ticket 24315.

  o Minor features (logging):
    - Provide better warnings when the getrandom() syscall fails. Closes
      ticket 24500.
    - Downgrade a pair of log messages that could occur when an exit's
      resolver gave us an unusual (but not forbidden) response. Closes
      ticket 24097.
    - Improve the message we log when re-enabling circuit build timeouts
      after having received a consensus. Closes ticket 20963.
    - Log more circuit information whenever we are about to try to
      package a relay cell on a circuit with a nonexistent n_chan.
      Attempt to diagnose ticket 8185.
    - Improve info-level log identification of particular circuits, to
      help with debugging. Closes ticket 23645.
    - Improve the warning message for specifying a relay by nickname.
      The previous message implied that nickname registration was still
      part of the Tor network design, which it isn't. Closes
      ticket 20488.
    - If the sandbox filter fails to load, suggest to the user that
      their kernel might not support seccomp2. Closes ticket 23090.

  o Minor features (onion service, circuit, logging):
    - Improve logging of many callsite in the circuit subsystem to print
      the circuit identifier(s).
    - Log when we cleanup an intro point from a service so we know when
      and for what reason it happened. Closes ticket 23604.

  o Minor features (portability):
    - Tor now compiles correctly on arm64 with libseccomp-dev installed.
      (It doesn't yet work with the sandbox enabled.) Closes
      ticket 24424.
    - Check at configure time whether uint8_t is the same type as
      unsigned char. Lots of existing code already makes this
      assumption, and there could be strict aliasing issues if the
      assumption is violated. Closes ticket 22410.

  o Minor features (relay):
    - When choosing which circuits can be expired as unused, consider
      circuits from clients even if those clients used regular CREATE
      cells to make them; and do not consider circuits from relays even
      if they were made with CREATE_FAST. Part of ticket 22805.
    - Reject attempts to use relative file paths when RunAsDaemon is
      set. Previously, Tor would accept these, but the directory-
      changing step of RunAsDaemon would give strange and/or confusing
      results. Closes ticket 22731.

  o Minor features (relay statistics):
    - Change relay bandwidth reporting stats interval from 4 hours to 24
      hours in order to reduce the efficiency of guard discovery
      attacks. Fixes ticket 23856.

  o Minor features (reverted deprecations):
    - The ClientDNSRejectInternalAddresses flag can once again be set in
      non-testing Tor networks, so long as they do not use the default
      directory authorities. This change also removes the deprecation of
      this flag from 0.2.9.2-alpha. Closes ticket 21031.

  o Minor features (robustness):
    - Change several fatal assertions when flushing buffers into non-
      fatal assertions, to prevent any recurrence of 23690.

  o Minor features (startup, safety):
    - When configured to write a PID file, Tor now exits if it is unable
      to do so. Previously, it would warn and continue. Closes
      ticket 20119.

  o Minor features (static analysis):
    - The BUG() macro has been changed slightly so that Coverity no
      longer complains about dead code if the bug is impossible. Closes
      ticket 23054.

  o Minor features (testing):
    - Our fuzzing tests now test the encrypted portions of v3 onion
      service descriptors. Implements more of 21509.
    - Add a unit test to make sure that our own generated platform
      string will be accepted by directory authorities. Closes
      ticket 22109.
    - The default chutney network tests now include tests for the v3
      onion service design. Make sure you have the latest version of
      chutney if you want to run these. Closes ticket 22437.
    - Add a unit test to verify that we can parse a hardcoded v2 onion
      service descriptor. Closes ticket 15554.

  o Minor bugfixes (address selection):
    - When the fascist_firewall_choose_address_ functions don't find a
      reachable address, set the returned address to the null address
      and port. This is a precautionary measure, because some callers do
      not check the return value. Fixes bug 24736; bugfix
      on 0.2.8.2-alpha.

  o Minor bugfixes (bootstrapping):
    - When warning about state file clock skew, report the correct
      direction for the detected skew. Fixes bug 23606; bugfix
      on 0.2.8.1-alpha.

  o Minor bugfixes (bridge clients, bootstrap):
    - Retry directory downloads when we get our first bridge descriptor
      during bootstrap or while reconnecting to the network. Keep
      retrying every time we get a bridge descriptor, until we have a
      reachable bridge. Fixes part of bug 24367; bugfix on 0.2.0.3-alpha.
    - Stop delaying bridge descriptor fetches when we have cached bridge
      descriptors. Instead, only delay bridge descriptor fetches when we
      have at least one reachable bridge. Fixes part of bug 24367;
      bugfix on 0.2.0.3-alpha.
    - Stop delaying directory fetches when we have cached bridge
      descriptors. Instead, only delay bridge descriptor fetches when
      all our bridges are definitely unreachable. Fixes part of bug
      24367; bugfix on 0.2.0.3-alpha.

  o Minor bugfixes (bridge):
    - Overwrite the bridge address earlier in the process of retrieving
      its descriptor, to make sure we reach it on the configured
      address. Fixes bug 20532; bugfix on 0.2.0.10-alpha.

  o Minor bugfixes (build, compilation):
    - Fix a compilation warning when building with zstd support on
      32-bit platforms. Fixes bug 23568; bugfix on 0.3.1.1-alpha. Found
      and fixed by Andreas Stieger.
    - When searching for OpenSSL, don't accept any OpenSSL library that
      lacks TLSv1_1_method(): Tor doesn't build with those versions.
      Additionally, look in /usr/local/opt/openssl, if it's present.
      These changes together repair the default build on OSX systems
      with Homebrew installed. Fixes bug 23602; bugfix on 0.2.7.2-alpha.
    - Fix a signed/unsigned comparison warning introduced by our fix to
      TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
    - Fix a memory leak warning in one of the libevent-related
      configuration tests that could occur when manually specifying
      -fsanitize=address. Fixes bug 24279; bugfix on 0.3.0.2-alpha.
      Found and patched by Alex Xu.
    - Fix unused-variable warnings in donna's Curve25519 SSE2 code.
      Fixes bug 22895; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (certificate handling):
    - Fix a time handling bug in Tor certificates set to expire after
      the year 2106. Fixes bug 23055; bugfix on 0.3.0.1-alpha. Found by
      Coverity as CID 1415728.

  o Minor bugfixes (client):
    - By default, do not enable storage of client-side DNS values. These
      values were unused by default previously, but they should not have
      been cached at all. Fixes bug 24050; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (client, usability):
    - Refrain from needlessly rejecting SOCKS5-with-hostnames and
      SOCKS4a requests that contain IP address strings, even when
      SafeSocks in enabled, as this prevents user from connecting to
      known IP addresses without relying on DNS for resolving. SafeSocks
      still rejects SOCKS connections that connect to IP addresses when
      those addresses are _not_ encoded as hostnames. Fixes bug 22461;
      bugfix on Tor 0.2.6.2-alpha.

  o Minor bugfixes (code correctness):
    - Call htons() in extend_cell_format() for encoding a 16-bit value.
      Previously we used ntohs(), which happens to behave the same on
      all the platforms we support, but which isn't really correct.
      Fixes bug 23106; bugfix on 0.2.4.8-alpha.
    - For defense-in-depth, make the controller's write_escaped_data()
      function robust to extremely long inputs. Fixes bug 19281; bugfix
      on 0.1.1.1-alpha. Reported by Guido Vranken.
    - Fix several places in our codebase where a C compiler would be
      likely to eliminate a check, based on assuming that undefined
      behavior had not happened elsewhere in the code. These cases are
      usually a sign of redundant checking or dubious arithmetic. Found
      by Georg Koppen using the "STACK" tool from Wang, Zeldovich,
      Kaashoek, and Solar-Lezama. Fixes bug 24423; bugfix on various
      Tor versions.

  o Minor bugfixes (compression):
    - Handle a pathological case when decompressing Zstandard data when
      the output buffer size is zero. Fixes bug 23551; bugfix
      on 0.3.1.1-alpha.

  o Minor bugfixes (consensus expiry):
    - Check for adequate directory information correctly. Previously, Tor
      would reconsider whether it had sufficient directory information
      every 2 minutes. Fixes bug 23091; bugfix on 0.2.0.19-alpha.

  o Minor bugfixes (control port, linux seccomp2 sandbox):
    - Avoid a crash when attempting to use the seccomp2 sandbox together
      with the OwningControllerProcess feature. Fixes bug 24198; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (control port, onion services):
    - Report "FAILED" instead of "UPLOAD_FAILED" "FAILED" for the
      HS_DESC event when a service is not able to upload a descriptor.
      Fixes bug 24230; bugfix on 0.2.7.1-alpha.

  o Minor bugfixes (directory cache):
    - Recover better from empty or corrupt files in the consensus cache
      directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
    - When a consensus diff calculation is only partially successful,
      only record the successful parts as having succeeded. Partial
      success can happen if (for example) one compression method fails
      but the others succeed. Previously we misrecorded all the
      calculations as having succeeded, which would later cause a
      nonfatal assertion failure. Fixes bug 24086; bugfix
      on 0.3.1.1-alpha.

  o Minor bugfixes (directory client):
    - On failure to download directory information, delay retry attempts
      by a random amount based on the "decorrelated jitter" algorithm.
      Our previous delay algorithm tended to produce extra-long delays
      too easily. Fixes bug 23816; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (directory protocol):
    - Directory servers now include a "Date:" http header for response
      codes other than 200. Clients starting with a skewed clock and a
      recent consensus were getting "304 Not modified" responses from
      directory authorities, so without the Date header, the client
      would never hear about a wrong clock. Fixes bug 23499; bugfix
      on 0.0.8rc1.
    - Make clients wait for 6 seconds before trying to download a
      consensus from an authority. Fixes bug 17750; bugfix
      on 0.2.8.1-alpha.

  o Minor bugfixes (documentation):
    - Document better how to read gcov, and what our gcov postprocessing
      scripts do. Fixes bug 23739; bugfix on 0.2.9.1-alpha.
    - Fix manpage to not refer to the obsolete (and misspelled)
      UseEntryGuardsAsDirectoryGuards parameter in the description of
      NumDirectoryGuards. Fixes bug 23611; bugfix on 0.2.4.8-alpha.

  o Minor bugfixes (DoS-resistance):
    - If future code asks if there are any running bridges, without
      checking if bridges are enabled, log a BUG warning rather than
      crashing. Fixes bug 23524; bugfix on 0.3.0.1-alpha.

  o Minor bugfixes (entry guards):
    - Tor now updates its guard state when it reads a consensus
      regardless of whether it's missing descriptors. That makes tor use
      its primary guards to fetch descriptors in some edge cases where
      it would previously have used fallback directories. Fixes bug
      23862; bugfix on 0.3.0.1-alpha.

  o Minor bugfixes (format strictness):
    - Restrict several data formats to decimal. Previously, the
      BuildTimeHistogram entries in the state file, the "bw=" entries in
      the bandwidth authority file, and the process IDs passed to the
      __OwningControllerProcess option could all be specified in hex or
      octal as well as in decimal. This was not an intentional feature.
      Fixes bug 22802; bugfixes on 0.2.2.1-alpha, 0.2.2.2-alpha,
      and 0.2.2.28-beta.

  o Minor bugfixes (heartbeat):
    - If we fail to write a heartbeat message, schedule a retry for the
      minimum heartbeat interval number of seconds in the future. Fixes
      bug 19476; bugfix on 0.2.3.1-alpha.

  o Minor bugfixes (logging):
    - Suppress a log notice when relay descriptors arrive. We already
      have a bootstrap progress for this so no need to log notice
      everytime tor receives relay descriptors. Microdescriptors behave
      the same. Fixes bug 23861; bugfix on 0.2.8.2-alpha.
    - Remove duplicate log messages regarding opening non-local
      SocksPorts upon parsing config and opening listeners at startup.
      Fixes bug 4019; bugfix on 0.2.3.3-alpha.
    - Use a more comprehensible log message when telling the user
      they've excluded every running exit node. Fixes bug 7890; bugfix
      on 0.2.2.25-alpha.
    - When logging the number of descriptors we intend to download per
      directory request, do not log a number higher than then the number
      of descriptors we're fetching in total. Fixes bug 19648; bugfix
      on 0.1.1.8-alpha.
    - When warning about a directory owned by the wrong user, log the
      actual name of the user owning the directory. Previously, we'd log
      the name of the process owner twice. Fixes bug 23487; bugfix
      on 0.2.9.1-alpha.
    - Fix some messages on unexpected errors from the seccomp2 library.
      Fixes bug 22750; bugfix on 0.2.5.1-alpha. Patch from "cypherpunks".
    - The tor specification says hop counts are 1-based, so fix two log
      messages that mistakenly logged 0-based hop counts. Fixes bug
      18982; bugfix on 0.2.6.2-alpha and 0.2.4.5-alpha. Patch by teor.
      Credit to Xiaofan Li for reporting this issue.

  o Minor bugfixes (logging, relay shutdown, annoyance):
    - When a circuit is marked for close, do not attempt to package any
      cells for channels on that circuit. Previously, we would detect
      this condition lower in the call stack, when we noticed that the
      circuit had no attached channel, and log an annoying message.
      Fixes bug 8185; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (memory safety, defensive programming):
    - Clear the target address when node_get_prim_orport() returns
      early. Fixes bug 23874; bugfix on 0.2.8.2-alpha.

  o Minor bugfixes (memory usage):
    - When queuing DESTROY cells on a channel, only queue the circuit-id
      and reason fields: not the entire 514-byte cell. This fix should
      help mitigate any bugs or attacks that fill up these queues, and
      free more RAM for other uses. Fixes bug 24666; bugfix
      on 0.2.5.1-alpha.

  o Minor bugfixes (network layer):
    - When closing a connection via close_connection_immediately(), we
      mark it as "not blocked on bandwidth", to prevent later calls from
      trying to unblock it, and give it permission to read. This fixes a
      backtrace warning that can happen on relays under various
      circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.

  o Minor bugfixes (onion services):
    - The introduction circuit was being timed out too quickly while
      waiting for the rendezvous circuit to complete. Keep the intro
      circuit around longer instead of timing out and reopening new ones
      constantly. Fixes bug 23681; bugfix on 0.2.4.8-alpha.
    - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
      so it matches dir-spec.txt. Fixes bug 24262; bugfix
      on 0.3.1.1-alpha.
    - When handling multiple SOCKS request for the same .onion address,
      only fetch the service descriptor once.
    - Avoid a possible double close of a circuit by the intro point on
      error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
      bugfix on 0.3.0.1-alpha.
    - When reloading configured onion services, copy all information
      from the old service object. Previously, some data was omitted,
      causing delays in descriptor upload, and other bugs. Fixes bug
      23790; bugfix on 0.2.1.9-alpha.

  o Minor bugfixes (path selection):
    - When selecting relays by bandwidth, avoid a rounding error that
      could sometimes cause load to be imbalanced incorrectly.
      Previously, we would always round upwards; now, we round towards
      the nearest integer. This had the biggest effect when a relay's
      weight adjustments should have given it weight 0, but it got
      weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
    - When calculating the fraction of nodes that have descriptors, and
      all nodes in the network have zero bandwidths, count the number of
      nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
    - Actually log the total bandwidth in compute_weighted_bandwidths().
      Fixes bug 24170; bugfix on 0.2.4.3-alpha.

  o Minor bugfixes (portability):
    - Stop using the PATH_MAX variable, which is not defined on GNU
      Hurd. Fixes bug 23098; bugfix on 0.3.1.1-alpha.
    - Fix a bug in the bit-counting parts of our timing-wheel code on
      MSVC. (Note that MSVC is still not a supported build platform, due
      to cryptographic timing channel risks.) Fixes bug 24633; bugfix
      on 0.2.9.1-alpha.

  o Minor bugfixes (relay):
    - When uploading our descriptor for the first time after startup,
      report the reason for uploading as "Tor just started" rather than
      leaving it blank. Fixes bug 22885; bugfix on 0.2.3.4-alpha.
    - Avoid unnecessary calls to directory_fetches_from_authorities() on
      relays, to prevent spurious address resolutions and descriptor
      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
      bugfix on in 0.2.8.1-alpha.
    - Avoid a crash when transitioning from client mode to bridge mode.
      Previously, we would launch the worker threads whenever our
      "public server" mode changed, but not when our "server" mode
      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (testing):
    - Fix a spurious fuzzing-only use of an uninitialized value. Found
      by Brian Carpenter. Fixes bug 24082; bugfix on 0.3.0.3-alpha.
    - Test that IPv6-only clients can use microdescriptors when running
      "make test-network-all". Requires chutney master 61c28b9 or later.
      Closes ticket 24109.
    - Prevent scripts/test/coverage from attempting to move gcov output
      to the root directory. Fixes bug 23741; bugfix on 0.2.5.1-alpha.
    - Capture and detect several "Result does not fit" warnings in unit
      tests on platforms with 32-bit time_t. Fixes bug 21800; bugfix
      on 0.2.9.3-alpha.
    - Fix additional channelpadding unit test failures by using mocked
      time instead of actual time for all tests. Fixes bug 23608; bugfix
      on 0.3.1.1-alpha.
    - Fix a bug in our fuzzing mock replacement for crypto_pk_checksig(),
      to correctly handle cases where a caller gives it an RSA key of
      under 160 bits. (This is not actually a bug in Tor itself, but
      rather in our fuzzing code.) Fixes bug 24247; bugfix on
      0.3.0.3-alpha. Found by OSS-Fuzz as issue 4177.
    - Fix a broken unit test for the OutboundAddress option: the parsing
      function was never returning an error on failure. Fixes bug 23366;
      bugfix on 0.3.0.3-alpha.
    - Fix a signed-integer overflow in the unit tests for
      dir/download_status_random_backoff, which was untriggered until we
      fixed bug 17750. Fixes bug 22924; bugfix on 0.2.9.1-alpha.

  o Minor bugfixes (usability, control port):
    - Stop making an unnecessary routerlist check in NETINFO clock skew
      detection; this was preventing clients from reporting NETINFO clock
      skew to controllers. Fixes bug 23532; bugfix on 0.2.4.4-alpha.

  o Code simplification and refactoring:
    - Remove various ways of testing circuits and connections for
      "clientness"; instead, favor channel_is_client(). Part of
      ticket 22805.
    - Extract the code for handling newly-open channels into a separate
      function from the general code to handle channel state
      transitions. This change simplifies our callgraph, reducing the
      size of the largest strongly connected component by roughly a
      factor of two. Closes ticket 22608.
    - Remove dead code for largely unused statistics on the number of
      times we've attempted various public key operations. Fixes bug
      19871; bugfix on 0.1.2.4-alpha. Fix by Isis Lovecruft.
    - Remove several now-obsolete functions for asking about old
      variants directory authority status. Closes ticket 22311; patch
      from "huyvq".
    - Remove some of the code that once supported "Named" and "Unnamed"
      routers. Authorities no longer vote for these flags. Closes
      ticket 22215.
    - Rename the obsolete malleable hybrid_encrypt functions used in TAP
      and old hidden services, to indicate that they aren't suitable for
      new protocols or formats. Closes ticket 23026.
    - Replace our STRUCT_OFFSET() macro with offsetof(). Closes ticket
      22521. Patch from Neel Chauhan.
    - Split the enormous circuit_send_next_onion_skin() function into
      multiple subfunctions. Closes ticket 22804.
    - Split the portions of the buffer.c module that handle particular
      protocols into separate modules. Part of ticket 23149.
    - Use our test macros more consistently, to produce more useful
      error messages when our unit tests fail. Add coccinelle patches to
      allow us to re-check for test macro uses. Closes ticket 22497.

  o Deprecated features:
    - The ReachableDirAddresses and ClientPreferIPv6DirPort options are
      now deprecated; they do not apply to relays, and they have had no
      effect on clients since 0.2.8.x. Closes ticket 19704.
    - Deprecate HTTPProxy/HTTPProxyAuthenticator config options. They
      only applies to direct unencrypted HTTP connections to your
      directory server, which your Tor probably isn't using. Closes
      ticket 20575.

  o Documentation:
    - Add notes in man page regarding OS support for the various
      scheduler types. Attempt to use less jargon in the scheduler
      section. Closes ticket 24254.
    - Clarify that the Address option is entirely about setting an
      advertised IPv4 address. Closes ticket 18891.
    - Clarify the manpage's use of the term "address" to clarify what
      kind of address is intended. Closes ticket 21405.
    - Document that onion service subdomains are allowed, and ignored.
      Closes ticket 18736.
    - Clarify in the manual that "Sandbox 1" is only supported on Linux
      kernels. Closes ticket 22677.
    - Document all values of PublishServerDescriptor in the manpage.
      Closes ticket 15645.
    - Improve the documentation for the directory port part of the
      DirAuthority line. Closes ticket 20152.
    - Restore documentation for the authorities' "approved-routers"
      file. Closes ticket 21148.

  o Removed features:
    - The AllowDotExit option has been removed as unsafe. It has been
      deprecated since 0.2.9.2-alpha. Closes ticket 23426.
    - The ClientDNSRejectInternalAddresses flag can no longer be set on
      non-testing networks. It has been deprecated since 0.2.9.2-alpha.
      Closes ticket 21031.
    - The controller API no longer includes an AUTHDIR_NEWDESCS event:
      nobody was using it any longer. Closes ticket 22377.


Changes in version 0.3.1.9 - 2017-12-01:
  Tor 0.3.1.9 backports important security and stability fixes from the
  0.3.2 development series. All Tor users should upgrade to this
  release, or to another of the releases coming out today.

  o Major bugfixes (security, backport from 0.3.2.6-alpha):
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.

  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.

  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.

  o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
      identifying and finding a workaround to this bug and to Moritz,
      Arthur Edelstein, and Roger for helping to track it down and
      analyze it.

  o Minor features (bridge):
    - Bridges now include notice in their descriptors that they are
      bridges, and notice of their distribution status, based on their
      publication settings. Implements ticket 18329. For more fine-
      grained control of how a bridge is distributed, upgrade to 0.3.2.x
      or later.

  o Minor features (directory authority, backport from 0.3.2.6-alpha):
    - Add an IPv6 address for the "bastet" directory authority. Closes
      ticket 24394.

  o Minor features (geoip):
    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
    - Avoid unnecessary calls to directory_fetches_from_authorities() on
      relays, to prevent spurious address resolutions and descriptor
      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
      bugfix on in 0.2.8.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
      Fixes bug 22895; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
    - When a circuit is marked for close, do not attempt to package any
      cells for channels on that circuit. Previously, we would detect
      this condition lower in the call stack, when we noticed that the
      circuit had no attached channel, and log an annoying message.
      Fixes bug 8185; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (onion service, backport from 0.3.2.5-alpha):
    - Rename the consensus parameter "hsdir-interval" to "hsdir_interval"
      so it matches dir-spec.txt. Fixes bug 24262; bugfix
      on 0.3.1.1-alpha.

  o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
    - Avoid a crash when transitioning from client mode to bridge mode.
      Previously, we would launch the worker threads whenever our
      "public server" mode changed, but not when our "server" mode
      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.


Changes in version 0.3.0.13 - 2017-12-01
  Tor 0.3.0.13 backports important security and stability bugfixes from
  later Tor releases. All Tor users should upgrade to this release, or
  to another of the releases coming out today.

  Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
  2018. If you need a release with long-term support, please stick with
  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.

  o Major bugfixes (security, backport from 0.3.2.6-alpha):
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.

  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.

  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.
    - When running as a relay, make sure that we never choose ourselves
      as a guard. Fixes part of bug 21534; bugfix on 0.3.0.1-alpha. This
      issue is also tracked as TROVE-2017-012 and CVE-2017-8822.

  o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
      identifying and finding a workaround to this bug and to Moritz,
      Arthur Edelstein, and Roger for helping to track it down and
      analyze it.

  o Minor features (security, windows, backport from 0.3.1.1-alpha):
    - Enable a couple of pieces of Windows hardening: one
      (HeapEnableTerminationOnCorruption) that has been on-by-default
      since Windows 8, and unavailable before Windows 7; and one
      (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
      affect us, but shouldn't do any harm. Closes ticket 21953.

  o Minor features (bridge, backport from 0.3.1.9):
    - Bridges now include notice in their descriptors that they are
      bridges, and notice of their distribution status, based on their
      publication settings. Implements ticket 18329. For more fine-
      grained control of how a bridge is distributed, upgrade to 0.3.2.x
      or later.

  o Minor features (directory authority, backport from 0.3.2.6-alpha):
    - Add an IPv6 address for the "bastet" directory authority. Closes
      ticket 24394.

  o Minor features (geoip):
    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
    - Avoid unnecessary calls to directory_fetches_from_authorities() on
      relays, to prevent spurious address resolutions and descriptor
      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
      bugfix on in 0.2.8.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
      Fixes bug 22895; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
    - When a circuit is marked for close, do not attempt to package any
      cells for channels on that circuit. Previously, we would detect
      this condition lower in the call stack, when we noticed that the
      circuit had no attached channel, and log an annoying message.
      Fixes bug 8185; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
    - Avoid a crash when transitioning from client mode to bridge mode.
      Previously, we would launch the worker threads whenever our
      "public server" mode changed, but not when our "server" mode
      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (testing, backport from 0.3.1.6-rc):
    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
      bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.


Changes in version 0.2.9.14 - 2017-12-01
  Tor 0.3.0.13 backports important security and stability bugfixes from
  later Tor releases. All Tor users should upgrade to this release, or
  to another of the releases coming out today.

  o Major bugfixes (exit relays, DNS, backport from 0.3.2.4-alpha):
    - Fix an issue causing DNS to fail on high-bandwidth exit nodes,
      making them nearly unusable. Fixes bugs 21394 and 18580; bugfix on
      0.1.2.2-alpha, which introduced eventdns. Thanks to Dhalgren for
      identifying and finding a workaround to this bug and to Moritz,
      Arthur Edelstein, and Roger for helping to track it down and
      analyze it.

  o Major bugfixes (security, backport from 0.3.2.6-alpha):
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - Fix a denial of service issue where an attacker could crash a
      directory authority using a malformed router descriptor. Fixes bug
      24245; bugfix on 0.2.9.4-alpha. Also tracked as TROVE-2017-010
      and CVE-2017-8820.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.

  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.

  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.

  o Minor features (bridge, backport from 0.3.1.9):
    - Bridges now include notice in their descriptors that they are
      bridges, and notice of their distribution status, based on their
      publication settings. Implements ticket 18329. For more fine-
      grained control of how a bridge is distributed, upgrade to 0.3.2.x
      or later.

  o Minor features (directory authority, backport from 0.3.2.6-alpha):
    - Add an IPv6 address for the "bastet" directory authority. Closes
      ticket 24394.

  o Minor features (geoip):
    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
      Country database.

  o Minor features (security, windows, backport from 0.3.1.1-alpha):
    - Enable a couple of pieces of Windows hardening: one
      (HeapEnableTerminationOnCorruption) that has been on-by-default
      since Windows 8, and unavailable before Windows 7; and one
      (PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION) which we believe doesn't
      affect us, but shouldn't do any harm. Closes ticket 21953.

  o Minor bugfix (relay address resolution, backport from 0.3.2.1-alpha):
    - Avoid unnecessary calls to directory_fetches_from_authorities() on
      relays, to prevent spurious address resolutions and descriptor
      rebuilds. This is a mitigation for bug 21789. Fixes bug 23470;
      bugfix on in 0.2.8.1-alpha.

  o Minor bugfixes (compilation, backport from 0.3.2.1-alpha):
    - Fix unused variable warnings in donna's Curve25519 SSE2 code.
      Fixes bug 22895; bugfix on 0.2.7.2-alpha.

  o Minor bugfixes (logging, relay shutdown, annoyance, backport from 0.3.2.2-alpha):
    - When a circuit is marked for close, do not attempt to package any
      cells for channels on that circuit. Previously, we would detect
      this condition lower in the call stack, when we noticed that the
      circuit had no attached channel, and log an annoying message.
      Fixes bug 8185; bugfix on 0.2.5.4-alpha.

  o Minor bugfixes (relay, crash, backport from 0.3.2.4-alpha):
    - Avoid a crash when transitioning from client mode to bridge mode.
      Previously, we would launch the worker threads whenever our
      "public server" mode changed, but not when our "server" mode
      changed. Fixes bug 23693; bugfix on 0.2.6.3-alpha.

  o Minor bugfixes (testing, backport from 0.3.1.6-rc):
    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
      bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.


Changes in version 0.2.8.17 - 2017-12-01
  Tor 0.2.8.17 backports important security and stability bugfixes from
  later Tor releases. All Tor users should upgrade to this release, or
  to another of the releases coming out today.

  Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
  2018. If you need a release with long-term support, please upgrade with
  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.

  o Major bugfixes (security, backport from 0.3.2.6-alpha):
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.

  o Major bugfixes (security, onion service v2, backport from 0.3.2.6-alpha):
    - Fix a use-after-free error that could crash v2 Tor onion services
      when they failed to open circuits while expiring introduction
      points. Fixes bug 24313; bugfix on 0.2.7.2-alpha. This issue is
      also tracked as TROVE-2017-013 and CVE-2017-8823.

  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    - When running as a relay, make sure that we never build a path through
      ourselves, even in the case where we have somehow lost the version of
      our descriptor appearing in the consensus. Fixes part of bug 21534;
      bugfix on 0.2.0.1-alpha. This issue is also tracked as TROVE-2017-012
      and CVE-2017-8822.

  o Minor features (bridge, backport from 0.3.1.9):
    - Bridges now include notice in their descriptors that they are
      bridges, and notice of their distribution status, based on their
      publication settings. Implements ticket 18329. For more fine-
      grained control of how a bridge is distributed, upgrade to 0.3.2.x
      or later.

  o Minor features (directory authority, backport from 0.3.2.6-alpha):
    - Add an IPv6 address for the "bastet" directory authority. Closes
      ticket 24394.

  o Minor features (geoip):
    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (testing, backport from 0.3.1.6-rc):
    - Fix an undersized buffer in test-memwipe.c. Fixes bug 23291;
      bugfix on 0.2.7.2-alpha. Found and patched by Ties Stuij.


Changes in version 0.2.5.16 - 2017-12-01
  Tor 0.2.5.13 backports important security and stability bugfixes from
  later Tor releases. All Tor users should upgrade to this release, or
  to another of the releases coming out today.

  Note: the Tor 0.2.5 series will no longer be supported after 1 May
  2018. If you need a release with long-term support, please upgrade to
  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.

  o Major bugfixes (security, backport from 0.3.2.6-alpha):
    - Fix a denial of service bug where an attacker could use a
      malformed directory object to cause a Tor instance to pause while
      OpenSSL would try to read a passphrase from the terminal. (Tor
      instances run without a terminal, which is the case for most Tor
      packages, are not impacted.) Fixes bug 24246; bugfix on every
      version of Tor. Also tracked as TROVE-2017-011 and CVE-2017-8821.
      Found by OSS-Fuzz as testcase 6360145429790720.
    - When checking for replays in the INTRODUCE1 cell data for a
      (legacy) onion service, correctly detect replays in the RSA-
      encrypted part of the cell. We were previously checking for
      replays on the entire cell, but those can be circumvented due to
      the malleability of Tor's legacy hybrid encryption. This fix helps
      prevent a traffic confirmation attack. Fixes bug 24244; bugfix on
      0.2.4.1-alpha. This issue is also tracked as TROVE-2017-009
      and CVE-2017-8819.

  o Major bugfixes (security, relay, backport from 0.3.2.6-alpha):
    - When running as a relay, make sure that we never build a path
      through ourselves, even in the case where we have somehow lost the
      version of our descriptor appearing in the consensus. Fixes part
      of bug 21534; bugfix on 0.2.0.1-alpha. This issue is also tracked
      as TROVE-2017-012 and CVE-2017-8822.

  o Minor features (bridge, backport from 0.3.1.9):
    - Bridges now include notice in their descriptors that they are
      bridges, and notice of their distribution status, based on their
      publication settings. Implements ticket 18329. For more fine-
      grained control of how a bridge is distributed, upgrade to 0.3.2.x
      or later.

  o Minor features (geoip):
    - Update geoip and geoip6 to the November 6 2017 Maxmind GeoLite2
      Country database.


Changes in version 0.2.5.15 - 2017-10-25
  Tor 0.2.5.15 backports a collection of bugfixes from later Tor release
  series. It also adds a new directory authority, Bastet.

  Note: the Tor 0.2.5 series will no longer be supported after 1 May
  2018. If you need a release with long-term support, please upgrade to
  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.

  o Directory authority changes:
    - Add "Bastet" as a ninth directory authority to the default list.
      Closes ticket 23910.
    - The directory authority "Longclaw" has changed its IP address.
      Closes ticket 23592.

  o Major bugfixes (openbsd, denial-of-service, backport from 0.3.1.5-alpha):
    - Avoid an assertion failure bug affecting our implementation of
      inet_pton(AF_INET6) on certain OpenBSD systems whose strtol()
      handling of "0xx" differs from what we had expected. Fixes bug
      22789; bugfix on 0.2.3.8-alpha. Also tracked as TROVE-2017-007.

  o Minor features (geoip):
    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (defensive programming, undefined behavior, backport from 0.3.1.4-alpha):
    - Fix a memset() off the end of an array when packing cells. This
      bug should be harmless in practice, since the corrupted bytes are
      still in the same structure, and are always padding bytes,
      ignored, or immediately overwritten, depending on compiler
      behavior. Nevertheless, because the memset()'s purpose is to make
      sure that any other cell-handling bugs can't expose bytes to the
      network, we need to fix it. Fixes bug 22737; bugfix on
      0.2.4.11-alpha. Fixes CID 1401591.

  o Build features (backport from 0.3.1.5-alpha):
    - Tor's repository now includes a Travis Continuous Integration (CI)
      configuration file (.travis.yml). This is meant to help new
      developers and contributors who fork Tor to a Github repository be
      better able to test their changes, and understand what we expect
      to pass. To use this new build feature, you must fork Tor to your
      Github account, then go into the "Integrations" menu in the
      repository settings for your fork and enable Travis, then push
      your changes. Closes ticket 22636.


Changes in version 0.2.8.16 - 2017-10-25
  Tor 0.2.8.16 backports a collection of bugfixes from later Tor release
  series, including a bugfix for a crash issue that had affected relays
  under memory pressure. It also adds a new directory authority, Bastet.

  Note: the Tor 0.2.8 series will no longer be supported after 1 Jan
  2018. If you need a release with long-term support, please stick with
  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.

  o Directory authority changes:
    - Add "Bastet" as a ninth directory authority to the default list.
      Closes ticket 23910.
    - The directory authority "Longclaw" has changed its IP address.
      Closes ticket 23592.

  o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
    - Fix a timing-based assertion failure that could occur when the
      circuit out-of-memory handler freed a connection's output buffer.
      Fixes bug 23690; bugfix on 0.2.6.1-alpha.

  o Minor features (directory authorities, backport from 0.3.2.2-alpha):
    - Remove longclaw's IPv6 address, as it will soon change. Authority
      IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
      3/8 directory authorities with IPv6 addresses, but there are also
      52 fallback directory mirrors with IPv6 addresses. Resolves 19760.

  o Minor features (geoip):
    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
      Country database.


Changes in version 0.2.9.13 - 2017-10-25
  Tor 0.2.9.13 backports a collection of bugfixes from later Tor release
  series, including a bugfix for a crash issue that had affected relays
  under memory pressure. It also adds a new directory authority, Bastet.

  o Directory authority changes:
    - Add "Bastet" as a ninth directory authority to the default list.
      Closes ticket 23910.
    - The directory authority "Longclaw" has changed its IP address.
      Closes ticket 23592.

  o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
    - Fix a timing-based assertion failure that could occur when the
      circuit out-of-memory handler freed a connection's output buffer.
      Fixes bug 23690; bugfix on 0.2.6.1-alpha.

  o Minor features (directory authorities, backport from 0.3.2.2-alpha):
    - Remove longclaw's IPv6 address, as it will soon change. Authority
      IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
      3/8 directory authorities with IPv6 addresses, but there are also
      52 fallback directory mirrors with IPv6 addresses. Resolves 19760.

  o Minor features (geoip):
    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
    - When a directory authority rejects a descriptor or extrainfo with
      a given digest, mark that digest as undownloadable, so that we do
      not attempt to download it again over and over. We previously
      tried to avoid downloading such descriptors by other means, but we
      didn't notice if we accidentally downloaded one anyway. This
      behavior became problematic in 0.2.7.2-alpha, when authorities
      began pinning Ed25519 keys. Fixes bug 22349; bugfix
      on 0.2.1.19-alpha.

  o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
    - Clear the address when node_get_prim_orport() returns early.
      Fixes bug 23874; bugfix on 0.2.8.2-alpha.

  o Minor bugfixes (Windows service, backport from 0.3.1.6-rc):
    - When running as a Windows service, set the ID of the main thread
      correctly. Failure to do so made us fail to send log messages to
      the controller in 0.2.1.16-rc, slowed down controller event
      delivery in 0.2.7.3-rc and later, and crash with an assertion
      failure in 0.3.1.1-alpha. Fixes bug 23081; bugfix on 0.2.1.6-alpha.
      Patch and diagnosis from "Vort".


Changes in version 0.3.0.12 - 2017-10-25
  Tor 0.3.0.12 backports a collection of bugfixes from later Tor release
  series, including a bugfix for a crash issue that had affected relays
  under memory pressure. It also adds a new directory authority, Bastet.

  Note: the Tor 0.3.0 series will no longer be supported after 26 Jan
  2018. If you need a release with long-term support, please stick with
  the 0.2.9 series. Otherwise, please upgrade to 0.3.1 or later.

  o Directory authority changes:
    - Add "Bastet" as a ninth directory authority to the default list.
      Closes ticket 23910.
    - The directory authority "Longclaw" has changed its IP address.
      Closes ticket 23592.

  o Major bugfixes (relay, crash, assertion failure, backport from 0.3.2.2-alpha):
    - Fix a timing-based assertion failure that could occur when the
      circuit out-of-memory handler freed a connection's output buffer.
      Fixes bug 23690; bugfix on 0.2.6.1-alpha.

  o Minor features (directory authorities, backport from 0.3.2.2-alpha):
    - Remove longclaw's IPv6 address, as it will soon change. Authority
      IPv6 addresses were originally added in 0.2.8.1-alpha. This leaves
      3/8 directory authorities with IPv6 addresses, but there are also
      52 fallback directory mirrors with IPv6 addresses. Resolves 19760.

  o Minor features (geoip):
    - Update geoip and geoip6 to the October 4 2017 Maxmind GeoLite2
      Country database.

  o Minor bugfixes (directory authority, backport from 0.3.1.5-alpha):
    - When a directory authority rejects a descriptor or extrainfo with
      a given digest, mark that digest as undownloadable, so that we do
      not attempt to download it again over and over. We previously
      tried to avoid downloading such descriptors by other means, but we
      didn't notice if we accidentally downloaded one anyway. This
      behavior became problematic in 0.2.7.2-alpha, when authorities
      began pinning Ed25519 keys. Fixes bug 22349; bugfix
      on 0.2.1.19-alpha.

  o Minor bugfixes (hidden service, relay, backport from 0.3.2.2-alpha):
    - Avoid a possible double close of a circuit by the intro point on
      error of sending the INTRO_ESTABLISHED cell. Fixes bug 23610;
      bugfix on 0.3.0.1-alpha.

  o Minor bugfixes (memory safety, backport from 0.3.2.3-alpha):
    - Clear the address when node_get_prim_orport() returns early.
      Fixes bug 23874; bugfix o