ChangeLog

+Changes in version 0.2.5.12 - 2015-04-06
+  Tor 0.2.5.12 backports two fixes from 0.2.6.7 for security issues that
+  could be used by an attacker to crash hidden services, or crash clients
+  visiting hidden services. Hidden services should upgrade as soon as
+  possible; clients should upgrade whenever packages become available.
+
+  This release also backports a simple improvement to make hidden
+  services a bit less vulnerable to denial-of-service attacks.
+
+  o Major bugfixes (security, hidden service):
+    - Fix an issue that would allow a malicious client to trigger an
+      assertion failure and halt a hidden service. Fixes bug 15600;
+      bugfix on 0.2.1.6-alpha. Reported by "disgleirio".
+    - Fix a bug that could cause a client to crash with an assertion
+      failure when parsing a malformed hidden service descriptor. Fixes
+      bug 15601; bugfix on 0.2.1.5-alpha. Found by "DonnchaC".
+
+  o Minor features (DoS-resistance, hidden service):
+    - Introduction points no longer allow multiple INTRODUCE1 cells to
+      arrive on the same circuit. This should make it more expensive for
+      attackers to overwhelm hidden services with introductions.
+      Resolves ticket 15515.
+
+
+Changes in version 0.2.5.11 - 2015-03-17
+  Tor 0.2.5.11 is the second stable release in the 0.2.5 series.
+
+  It backports several bugfixes from the 0.2.6 branch, including a
+  couple of medium-level security fixes for relays and exit nodes.
+  It also updates the list of directory authorities.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (crash, OSX, security):
+    - Fix a remote denial-of-service opportunity caused by a bug in
+      OSX's _strlcat_chk() function. Fixes bug 15205; bug first appeared
+      in OSX 10.9.
+
+  o Major bugfixes (relay, stability, possible security):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Major bugfixes (exit node stability):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (Linux seccomp2 sandbox):
+    - Upon receiving sighup with the seccomp2 sandbox enabled, do not
+      crash during attempts to call wait4. Fixes bug 15088; bugfix on
+      0.2.5.1-alpha. Patch from "sanic".
+
+  o Minor features (controller):
+    - New "GETINFO bw-event-cache" to get information about recent
+      bandwidth events. Closes ticket 14128. Useful for controllers to
+      get recent bandwidth history after the fix for ticket 13988.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (client, automapping):
+    - Avoid crashing on torrc lines for VirtualAddrNetworkIPv[4|6] when
+      no value follows the option. Fixes bug 14142; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+    - Fix a memory leak when using AutomapHostsOnResolve. Fixes bug
+      14195; bugfix on 0.1.0.1-rc.
+
+  o Minor bugfixes (compilation):
+    - Build without warnings with the stock OpenSSL srtp.h header, which
+      has a duplicate declaration of SSL_get_selected_srtp_profile().
+      Fixes bug 14220; this is OpenSSL's bug, not ours.
+
+  o Minor bugfixes (directory authority):
+    - Allow directory authorities to fetch more data from one another if
+      they find themselves missing lots of votes. Previously, they had
+      been bumping against the 10 MB queued data limit. Fixes bug 14261;
+      bugfix on 0.1.2.5-alpha.
+    - Enlarge the buffer to read bwauth generated files to avoid an
+      issue when parsing the file in dirserv_read_measured_bandwidths().
+      Fixes bug 14125; bugfix on 0.2.2.1-alpha.
+
+  o Minor bugfixes (statistics):
+    - Increase period over which bandwidth observations are aggregated
+      from 15 minutes to 4 hours. Fixes bug 13988; bugfix on 0.0.8pre1.
+
+  o Minor bugfixes (preventative security, C safety):
+    - When reading a hexadecimal, base-32, or base-64 encoded value from
+      a string, always overwrite the whole output buffer. This prevents
+      some bugs where we would look at (but fortunately, not reveal)
+      uninitialized memory on the stack. Fixes bug 14013; bugfix on all
+      versions of Tor.
+
+
+Changes in version 0.2.4.26 - 2015-03-17
+  Tor 0.2.4.26 includes an updated list of directory authorities.  It
+  also backports a couple of stability and security bugfixes from 0.2.5
+  and beyond.
+
+  o Directory authority changes:
+    - Remove turtles as a directory authority.
+    - Add longclaw as a new (v3) directory authority. This implements
+      ticket 13296. This keeps the directory authority count at 9.
+    - The directory authority Faravahar has a new IP address. This
+      closes ticket 14487.
+
+  o Major bugfixes (exit node stability, also in 0.2.6.3-alpha):
+    - Fix an assertion failure that could occur under high DNS load.
+      Fixes bug 14129; bugfix on Tor 0.0.7rc1. Found by "jowr";
+      diagnosed and fixed by "cypherpunks".
+
+  o Major bugfixes (relay, stability, possible security, also in 0.2.6.4-rc):
+    - Fix a bug that could lead to a relay crashing with an assertion
+      failure if a buffer of exactly the wrong layout was passed to
+      buf_pullup() at exactly the wrong time. Fixes bug 15083; bugfix on
+      0.2.0.10-alpha. Patch from 'cypherpunks'.
+    - Do not assert if the 'data' pointer on a buffer is advanced to the
+      very end of the buffer; log a BUG message instead. Only assert if
+      it is past that point. Fixes bug 15083; bugfix on 0.2.0.10-alpha.
+
+  o Minor features (geoip):
+    - Update geoip to the March 3 2015 Maxmind GeoLite2 Country database.
+    - Update geoip6 to the March 3 2015 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.10 - 2014-10-24
+  Tor 0.2.5.10 is the first stable release in the 0.2.5 series.
+
+  It adds several new security features, including improved
+  denial-of-service resistance for relays, new compiler hardening
+  options, and a system-call sandbox for hardened installations on Linux
+  (requires seccomp2). The controller protocol has several new features,
+  resolving IPv6 addresses should work better than before, and relays
+  should be a little more CPU-efficient. We've added support for more
+  OpenBSD and FreeBSD transparent proxy types. We've improved the build
+  system and testing infrastructure to allow unit testing of more parts
+  of the Tor codebase. Finally, we've addressed several nagging pluggable
+  transport usability issues, and included numerous other small bugfixes
+  and features mentioned below.
+
+  This release marks end-of-life for Tor 0.2.3.x; those Tor versions
+  have accumulated many known flaws; everyone should upgrade.
+
+  o Deprecated versions:
+    - Tor 0.2.3.x has reached end-of-life; it has received no patches or
+      attention for some while.
+
+
+Changes in version 0.2.5.9-rc - 2014-10-20
+  Tor 0.2.5.9-rc is the third release candidate for the Tor 0.2.5.x
+  series. It disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor). It also contains a few miscellaneous fixes.
+
+  o Major security fixes:
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+  o Minor bugfixes:
+    - Disable the sandbox name resolver cache when running tor-resolve:
+      tor-resolve doesn't use the sandbox code, and turning it on was
+      breaking attempts to do tor-resolve on a non-default server on
+      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.
+
+  o Compilation fixes:
+    - Build and run correctly on systems like OpenBSD-current that have
+      patched OpenSSL to remove get_cipher_by_char and/or its
+      implementations. Fixes issue 13325.
+
+  o Downgraded warnings:
+    - Downgrade the severity of the 'unexpected sendme cell from client'
+      from 'warn' to 'protocol warning'. Closes ticket 8093.
+
+
+Changes in version 0.2.4.25 - 2014-10-20
+  Tor 0.2.4.25 disables SSL3 in response to the recent "POODLE" attack
+  (even though POODLE does not affect Tor). It also works around a crash
+  bug caused by some operating systems' response to the "POODLE" attack
+  (which does affect Tor).
+
+  o Major security fixes (also in 0.2.5.9-rc):
+    - Disable support for SSLv3. All versions of OpenSSL in use with Tor
+      today support TLS 1.0 or later, so we can safely turn off support
+      for this old (and insecure) protocol. Fixes bug 13426.
+
+  o Major bugfixes (openssl bug workaround, also in 0.2.5.9-rc):
+    - Avoid crashing when using OpenSSL version 0.9.8zc, 1.0.0o, or
+      1.0.1j, built with the 'no-ssl3' configuration option. Fixes bug
+      13471. This is a workaround for an OpenSSL bug.
+
+
+Changes in version 0.2.5.8-rc - 2014-09-22
+  Tor 0.2.5.8-rc is the second release candidate for the Tor 0.2.5.x
+  series. It fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+
+Changes in version 0.2.4.24 - 2014-09-22
+  Tor 0.2.4.24 fixes a bug that affects consistency and speed when
+  connecting to hidden services, and it updates the location of one of
+  the directory authorities.
+
+  o Major bugfixes:
+    - Clients now send the correct address for their chosen rendezvous
+      point when trying to access a hidden service. They used to send
+      the wrong address, which would still work some of the time because
+      they also sent the identity digest of the rendezvous point, and if
+      the hidden service happened to try connecting to the rendezvous
+      point from a relay that already had a connection open to it,
+      the relay would reuse that connection. Now connections to hidden
+      services should be more robust and faster. Also, this bug meant
+      that clients were leaking to the hidden service whether they were
+      on a little-endian (common) or big-endian (rare) system, which for
+      some users might have reduced their anonymity. Fixes bug 13151;
+      bugfix on 0.2.1.5-alpha.
+
+  o Directory authority changes:
+    - Change IP address for gabelmoo (v3 directory authority).
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+
+Changes in version 0.2.5.7-rc - 2014-09-11
+  Tor 0.2.5.7-rc fixes several regressions from earlier in the 0.2.5.x
+  release series, and some long-standing bugs related to ORPort reachability
+  testing and failure to send CREATE cells. It is the first release
+  candidate for the Tor 0.2.5.x series.
+
+  o Major bugfixes (client, startup):
+    - Start making circuits as soon as DisabledNetwork is turned off.
+      When Tor started with DisabledNetwork set, it would correctly
+      conclude that it shouldn't build circuits, but it would mistakenly
+      cache this conclusion, and continue believing it even when
+      DisableNetwork is set to 0. Fixes the bug introduced by the fix
+      for bug 11200; bugfix on 0.2.5.4-alpha.
+    - Resume expanding abbreviations for command-line options. The fix
+      for bug 4647 accidentally removed our hack from bug 586 that
+      rewrote HashedControlPassword to __HashedControlSessionPassword
+      when it appears on the commandline (which allowed the user to set
+      her own HashedControlPassword in the torrc file while the
+      controller generates a fresh session password for each run). Fixes
+      bug 12948; bugfix on 0.2.5.1-alpha.
+    - Warn about attempts to run hidden services and relays in the same
+      process: that's probably not a good idea. Closes ticket 12908.
+
+  o Major bugfixes (relay):
+    - Avoid queuing or sending destroy cells for circuit ID zero when we
+      fail to send a CREATE cell. Fixes bug 12848; bugfix on 0.0.8pre1.
+      Found and fixed by "cypherpunks".
+    - Fix ORPort reachability detection on relays running behind a
+      proxy, by correctly updating the "local" mark on the controlling
+      channel when changing the address of an or_connection_t after the
+      handshake. Fixes bug 12160; bugfix on 0.2.4.4-alpha.
+
+  o Minor features (bridge):
+    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
+      cookie file for the ExtORPort g+r by default.
+
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the August 7 2014 Maxmind GeoLite2
+      Country database.
+
+  o Minor bugfixes (logging):
+    - Reduce the log severity of the "Pluggable transport proxy does not
+      provide any needed transports and will not be launched." message,
+      since Tor Browser includes several ClientTransportPlugin lines in
+      its torrc-defaults file, leading every Tor Browser user who looks
+      at her logs to see these notices and wonder if they're dangerous.
+      Resolves bug 13124; bugfix on 0.2.5.3-alpha.
+    - Downgrade "Unexpected onionskin length after decryption" warning
+      to a protocol-warn, since there's nothing relay operators can do
+      about a client that sends them a malformed create cell. Resolves
+      bug 12996; bugfix on 0.0.6rc1.
+    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS
+      cell on a cannibalized or non-OR circuit. Resolves ticket 12997.
+    - When logging information about an EXTEND2 or EXTENDED2 cell, log
+      their names correctly. Fixes part of bug 12700; bugfix
+      on 0.2.4.8-alpha.
+    - When logging information about a relay cell whose command we don't
+      recognize, log its command as an integer. Fixes part of bug 12700;
+      bugfix on 0.2.1.10-alpha.
+    - Escape all strings from the directory connection before logging
+      them. Fixes bug 13071; bugfix on 0.1.1.15. Patch from "teor".
+
+  o Minor bugfixes (controller):
+    - Restore the functionality of CookieAuthFileGroupReadable. Fixes
+      bug 12864; bugfix on 0.2.5.1-alpha.
+    - Actually send TRANSPORT_LAUNCHED and HS_DESC events to
+      controllers. Fixes bug 13085; bugfix on 0.2.5.1-alpha. Patch
+      by "teor".
+
+  o Minor bugfixes (compilation):
+    - Fix compilation of test.h with MSVC. Patch from Gisle Vanem;
+      bugfix on 0.2.5.5-alpha.
+    - Make the nmake make files work again. Fixes bug 13081. Bugfix on
+      0.2.5.1-alpha. Patch from "NewEraCracker".
+    - In routerlist_assert_ok(), don't take the address of a
+      routerinfo's cache_info member unless that routerinfo is non-NULL.
+      Fixes bug 13096; bugfix on 0.1.1.9-alpha. Patch by "teor".
+    - Fix a large number of false positive warnings from the clang
+      analyzer static analysis tool. This should make real warnings
+      easier for clang analyzer to find. Patch from "teor". Closes
+      ticket 13036.
+
+  o Distribution (systemd):
+    - Verify configuration file via ExecStartPre in the systemd unit
+      file. Patch from intrigeri; resolves ticket 12730.
+    - Explicitly disable RunAsDaemon in the systemd unit file. Our
+      current systemd unit uses "Type = simple", so systemd does not
+      expect tor to fork. If the user has "RunAsDaemon 1" in their
+      torrc, then things won't work as expected. This is e.g. the case
+      on Debian (and derivatives), since there we pass "--defaults-torrc
+      /usr/share/tor/tor-service-defaults-torrc" (that contains
+      "RunAsDaemon 1") by default. Patch by intrigeri; resolves
+      ticket 12731.
+
+  o Documentation:
+    - Adjust the URLs in the README to refer to the new locations of
+      several documents on the website. Fixes bug 12830. Patch from
+      Matt Pagan.
+    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves
+      ticket 12878.
+
+
+Changes in version 0.2.5.6-alpha - 2014-07-28
+  Tor 0.2.5.6-alpha brings us a big step closer to slowing down the
+  risk from guard rotation, and fixes a variety of other issues to get
+  us closer to a release candidate.
+
+  o Major features (also in 0.2.4.23):
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes (also in 0.2.4.23):
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Major bugfixes:
+    - Perform circuit cleanup operations even when circuit
+      construction operations are disabled (because the network is
+      disabled, or because there isn't enough directory information).
+      Previously, when we were not building predictive circuits, we
+      were not closing expired circuits either. Fixes bug 8387; bugfix on
+      0.1.1.11-alpha. This bug became visible in 0.2.4.10-alpha when we
+      became more strict about when we have "enough directory information
+      to build circuits".
+
+  o Minor features:
+    - Authorities now assign the Guard flag to the fastest 25% of the
+      network (it used to be the fastest 50%). Also raise the consensus
+      weight that guarantees the Guard flag from 250 to 2000. For the
+      current network, this results in about 1100 guards, down from 2500.
+      This step paves the way for moving the number of entry guards
+      down to 1 (proposal 236) while still providing reasonable expected
+      performance for most users. Implements ticket 12690.
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+    - Slightly enhance the diagnostic message for bug 12184.
+
+  o Minor bugfixes (also in 0.2.4.23):
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+
+  o Minor bugfixes:
+    - Fix compilation when building with bufferevents enabled. (This
+      configuration is still not expected to work, however.)
+      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
+      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
+      Gunasekaran.
+    - Compile correctly with builds and forks of OpenSSL (such as
+      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
+      0.2.1.1-alpha. Patch from "dhill".
+
+
+Changes in version 0.2.4.23 - 2014-07-28
+  Tor 0.2.4.23 brings us a big step closer to slowing down the risk from
+  guard rotation, and also backports several important fixes from the
+  Tor 0.2.5 alpha release series.
+
+  o Major features:
+    - Clients now look at the "usecreatefast" consensus parameter to
+      decide whether to use CREATE_FAST or CREATE cells for the first hop
+      of their circuit. This approach can improve security on connections
+      where Tor's circuit handshake is stronger than the available TLS
+      connection security levels, but the tradeoff is more computational
+      load on guard relays. Implements proposal 221. Resolves ticket 9386.
+    - Make the number of entry guards configurable via a new
+      NumEntryGuards consensus parameter, and the number of directory
+      guards configurable via a new NumDirectoryGuards consensus
+      parameter. Implements ticket 12688.
+
+  o Major bugfixes:
+    - Fix a bug in the bounds-checking in the 32-bit curve25519-donna
+      implementation that caused incorrect results on 32-bit
+      implementations when certain malformed inputs were used along with
+      a small class of private ntor keys. This bug does not currently
+      appear to allow an attacker to learn private keys or impersonate a
+      Tor server, but it could provide a means to distinguish 32-bit Tor
+      implementations from 64-bit Tor implementations. Fixes bug 12694;
+      bugfix on 0.2.4.8-alpha. Bug found by Robert Ransom; fix from
+      Adam Langley.
+
+  o Minor bugfixes:
+    - Warn and drop the circuit if we receive an inbound 'relay early'
+      cell. Those used to be normal to receive on hidden service circuits
+      due to bug 1038, but the buggy Tor versions are long gone from
+      the network so we can afford to resume watching for them. Resolves
+      the rest of bug 1038; bugfix on 0.2.1.19.
+    - Correct a confusing error message when trying to extend a circuit
+      via the control protocol but we don't know a descriptor or
+      microdescriptor for one of the specified relays. Fixes bug 12718;
+      bugfix on 0.2.3.1-alpha.
+    - Avoid an illegal read from stack when initializing the TLS
+      module using a version of OpenSSL without all of the ciphers
+      used by the v2 link handshake. Fixes bug 12227; bugfix on
+      0.2.4.8-alpha.  Found by "starlight".
+
+  o Minor features:
+    - Update geoip and geoip6 to the July 10 2014 Maxmind GeoLite2
+      Country database.
+
+
 Changes in version 0.2.5.5-alpha - 2014-06-18
   Tor 0.2.5.5-alpha fixes a wide variety of remaining issues in the Tor
   0.2.5.x release series, including a couple of DoS issues, some

changes/13295

-  o Minor bugfixes:
-    - Disable sandbox name resolver cache when running tor-resolve:
-      tor-resolve doesn't use the sandbox code, and turning it on was
-      breaking attempts to do tor-resolve on a non-default server on
-      Linux. Fixes bug 13295; bugfix on 0.2.5.3-alpha.

changes/bufferevent_compilation

-  o Minor bugfixes:
-    - Fix compilation when building with bufferevents enabled. (This
-      configuration is still not expected to work, however.)
-      Fixes bugs 12438, 12474, 11578; bugfixes on 0.2.5.1-alpha and
-      0.2.5.3-alpha. Patches from Anthony G. Basile and Sathyanarayanan
-      Gunasekaran.

changes/bug1038-3

-  o Minor bugfixes:
-    - Warn and drop the circuit if we receive an inbound 'relay early'
-      cell. Those used to be normal to receive on hidden service circuits
-      due to bug 1038, but the buggy Tor versions are long gone from
-      the network so we can afford to resume watching for them. Resolves
-      the rest of bug 1038; bugfix on 0.2.1.19.

changes/bug11200-caching

-  o Major bugfixes:
-    - When Tor starts with DisabledNetwork set, it would correctly
-      conclude that it shouldn't try making circuits, but it would
-      mistakenly cache this conclusion and continue believing it even
-      when DisableNetwork is set to 0. Fixes the bug introduced by the
-      fix for bug 11200; bugfix on 0.2.5.4-alpha.
-

changes/bug12160

- o Bugfixes
-   - Correctly update the local mark on the controlling channel when changing
-     the address of an or_connection_t after the handshake.  Fixes bug #12160;
-     bugfix on 0.2.4.4-alpha.

changes/bug12602

-  o Minor bugfixes (portability):
-    - Compile correctly with builds and forks of OpenSSL (such as
-      LibreSSL) that disable compression. Fixes bug 12602; bugfix on
-      0.2.1.1-alpha. Patch from "dhill".
-

changes/bug12700

-  o Minor bugfixes:
-    - When logging information about an EXTEND2 or EXTENDED2 cell, log
-      their names correctly. Fixes part of bug 12700; bugfix on
-      0.2.4.8-alpha.
-
-  o Minor bugfixes:
-    - When logging information about a relay cell whose command we
-      don't recognize, log its command as an integer. Fixes part of
-      bug 12700; bugfix on 0.2.1.10-alpha.
-

changes/bug12718

-  o Minor bugfixes:
-    - Correct a confusing error message when trying to extend a circuit
-      via the control protocol but we don't know a descriptor or
-      microdescriptor for one of the specified relays. Fixes bug 12718;
-      bugfix on 0.2.3.1-alpha.

changes/bug12730-systemd-verify-config

-  o Distribution:
-    - Verify configuration file via ExecStartPre in the systemd unit file.
-      Patch from intrigeri; resolves ticket 12730.

changes/bug12731-systemd-no-run-as-daemon

-  o Distribution:
-    - Explicitly disable RunAsDaemon in the systemd unit file.
-      Our current systemd unit uses "Type = simple", so systemd does
-      not expect tor to fork. If the user has "RunAsDaemon 1" in their
-      torrc, then things won't work as expected. This is e.g. the case
-      on Debian (and derivatives), since there we pass
-      "--defaults-torrc /usr/share/tor/tor-service-defaults-torrc"
-      (that contains "RunAsDaemon 1") by default.
-      Patch by intrigeri; resolves ticket 12731.

changes/bug12830

-  o Documentation:
-    - Adjust the URLs in the README to refer to the new locations of
-      several documents on the website. Patch from Matt Pagan. Fixes
-      bug 12830.

changes/bug12848

-  o Major bugfixes (relay):
-    - Avoid queuing or sending destroy cells for circuit ID zero when
-      we fail to send a CREATE cell. Fixes bug 12848; bugfix on
-      0.0.8pre1. Found and fixed by "cypherpunks".

changes/bug12864

-  o Minor bugfixes:
-    - Restore the functionality of CookieAuthFileGroupReadable. Fixes bug
-      12864; bugfix on 0.2.5.1-alpha.
-
-  o Minor features:
-    - Add an ExtORPortCookieAuthFileGroupReadable option to make the
-      cookie file for the ExtORPort g+r by default.

changes/bug12878

-  o Documentation:
-    - Document 'reject6' and 'accept6' ExitPolicy entries. Resolves 
-      ticket 12878.

changes/bug12908

-  o Minor features:
-    - Warn about attempts to run hidden services and relays in the
-      same process: that's probably not a good idea. Closes ticket
-      12908.

changes/bug12948

-  o Major bugfixes:
-    - Resume expanding abbreviations for command-line options. The fix
-      for bug 4647 accidentally removed our hack from bug 586 that rewrote
-      HashedControlPassword to __HashedControlSessionPassword when it
-      appears on the commandline (which allowed the user to set her
-      own HashedControlPassword in the torrc file while the controller
-      generates a fresh session password for each run). Fixes bug 12948;
-      bugfix on 0.2.5.1-alpha.

changes/bug12996

-  o Minor bugfixes:
-    - Downgrade "Unexpected onionskin length after decryption" warning
-      to a protocol-warn, since there's nothing relay operators can do
-      about a client that sends them a malformed create cell. Resolves
-      bug 12996; bugfix on 0.0.6rc1.

changes/bug12997

-  o Minor features:
-    - Log more specific warnings when we get an ESTABLISH_RENDEZVOUS cell
-      on a cannibalized or non-OR circuit. Resolves ticket 12997.