We don't use subversion or src/*/makefile.am any longer

This should prevent crashes on further recurrence of 8065, and help
diagnose such if they occur

This patch moves the measured_bw field and the has_measured_bw field
into vote_routerstatus_t, since only votes have 'Measured=XX' set on
their weight line.

I also added a new bw_is_unmeasured flag to routerstatus_t to
represent the Unmeasured=1 flag on a w line.  Previously, I was using
has_measured_bw for this, which was quite incorrect: has_measured_bw
means that the measured_bw field is set, and it's probably a mistake
to have it serve double duty as meaning that 'baandwidth' represents a
measured value.

While making this change,I also found a harmless but stupid bug in
dirserv_read_measured_bandwidths: It assumes that it's getting a
smartlist of routerstatus_t, when really it's getting a smartlist of
vote_routerstatus_t.  C's struct layout rules mean that we could never
actually get an error because of that, but it's still quite incorrect.
I fixed that, and in the process needed to add two more sorting and
searching helpers.

Finally, I made the Unmeasured=1 flag get parsed.  We don't use it for
anything yet, but someday we might.

This isn't complete yet -- the new 2286 unit test doesn't build.

Instead of capping whenever a router has fewer than 3 measurements,
we cap whenever a router has fewer than 3 measurements *AND* there
are at least 3 authorities publishing measured bandwidths.

We also generate bandwidth lines with a new "Unmeasured=1" flag,
meaning that we didn't have enough observations for a node to use
measured bandwidth values in the authority's input, whether we capped
it or not.

Avoid the phrase "legally valid" (as opposed to valid but not legal)?
And document what functions really do.

Fix for bug 6935.

Apparently there is a compiler that believes this is something to
warn about.

Stop marking every relay as having been down for one hour every
time we restart a directory authority. These artificial downtimes
were messing with our Stable and Guard flag calculations.

Fixes bug 8218 (introduced by the fix for 1035). Bugfix on 0.2.2.23-alpha.

This will get it building on systems that lack stdint.h

We shouldn't be calling choose_random_entry() for directory
conncetions; that's what choose_random_dirguard() is for.

(Cherry-picked from fc35ee49)

and replace it with the good old-fashioned two functions approach

now that both timers are on the same schedule, there's no point
tracking separate timers.

Relays used to check every 10 to 60 seconds, as an accidental side effect
of calling directory_fetches_from_authorities() when considering doing
a directory fetch. The fix for bug 1992 removes that side effect. At the
same time, bridge relays never had the side effect, leading to confused
bridge operators who tried crazy tricks to get their bridges to notice
IP address changes (see ticket 1913).

The new behavior is to reinstate an every-60-seconds check for both
public relays and bridge relays, now that the side effect is gone.

For example, we were doing a resolve every time we think about doing a
directory fetch. Now we reuse the cached answer in some cases.

Fixes bugs 1992 (bugfix on 0.2.0.20-rc) and 2410 (bugfix on
0.1.2.2-alpha).

Bugfix on 96b1bd4f.  Not in any released Tor.

I didn't make any of the callers use this feature yet.

One is a probably-impossible leak if we fail to sign a consensus;
another occurs when we can't look up the user we're trying to chown
our sockets to.

Coverity is worried about this (CID 980653).  It hasn't happened in
testing, but we might as well make sure it can't happen.

When we compute the estimated microseconds we need to handle our
pending onionskins, we could (in principle) overflow a uint32_t if
we ever had 4 million pending onionskins before we had any data
about how onionskins take.  Nevertheless, let's compute it properly.

Fixes bug 8210; bugfix on 0.2.4.10. Found by coverity; this is CID
980651.

If geoip_format_bridge_stats() returned NULL when it should have
returned a string, we would have tried to deref NULL, and died.  Not
a big deal in the unit tests, but still worth fixing.

Found by coverity; This is CID 743384.

Fixes bug 8209; bugfix on 0.2.3.1-alpha.

This one occurs when changing configuration options. Found by
coverity.

This fixes a crash bug if we fail to generate an extrainfo
descriptor.

Fixes bug 8208; bugfix on 0.2.3.16-alpha.

Coverity is worried that we're checking entry_conn in some cases,
but not in the case where we set entry_conn->pending_optimistic_data.

This commit should calm it down (CID 718623).

The refactoring in commit 471ab340 wasn't complete enough: we
were checking the auth_len variable, but never actually setting it,
so it would never seem that authentication had been provided.

This commit also removes a bunch of unused variables from
rend_service_introduce, whose unusedness we hadn't noticed because
we were wiping them at the end of the function.

Fix for bug 8207; bugfix on 0.2.4.1-alpha.

Found by coverity

This shouldn't actually matter, since tor-resolve will return soon
after this function exits, but it's nice to be warning-free

Found by coverity, fixes CID 718633

These shouldn't really matter, but it's nice to be leak-free.