Add a changes file.

Fixes bug 16248. Patch from cypherpunks.  Bugfix on 0.2.0.1-alpha.

"ours" merge to avoid reverting 17354, which was already fixed in
0.2.7.4-rc.

Reverting this in 0.2.6 only -- we're no backporting
seccomp2-loosening fixes to 0.2.6.

This reverts commit 2ec5e24c.

junglefowl authored 8 years ago and Nick Mathewson committed 8 years ago

If a hostname is supplied to tor-resolve which is too long, it will be
silently truncated, resulting in a different hostname lookup:

$ tor-resolve $(python -c 'print("google.com" + "m" * 256)')

If tor-resolve uses SOCKS5, the length is stored in an unsigned char,
which overflows in this case and leads to the hostname "google.com".
As this one is a valid hostname, it returns an address instead of giving
an error due to the invalid supplied hostname.

This is an "ours" merge to avoid conflicts on the authority list:
the 0.2.7 branch already has the tonga->bifroest merge.