Self-testing circuits don't use guards, and nobody uses guards when
UseEntryGuards is disabled.

Fixes bug 21007; bug not in any released Tor.

"Ours" merge to avoid version bump.

"Ours" merge to avoid version bump.

"ours" merge to avoid version bump.

"ours" merge to avoid version bump.

Replace the 81 remaining fallbacks of the 100 originally introduced
in Tor 0.2.8.3-alpha in March 2016, with a list of 177 fallbacks
(123 new, 54 existing, 27 removed) generated in December 2016.

Resolves ticket 20170.

In get_token(), we could read one byte past the end of the
region. This is only a big problem in the case where the region
itself is (a) potentially hostile, and (b) not explicitly
nul-terminated.

This patch fixes the underlying bug, and also makes sure that the
one remaining case of not-NUL-terminated potentially hostile data
gets NUL-terminated.

Fix for bug 21018, TROVE-2016-12-002, and CVE-2016-1254

They broke stem, and breaking application compatibility is usually a
bad idea.

This reverts commit 6e10130e,
commit 78a13df1, and
commit 62f52a88.

We might re-apply this later, if all the downstream tools can handle
it, and it turns out to be useful for some reason.

I got confused when I saw my Tor saying it was opening a file
that doesn't exist. It turns out it isn't opening it, it's just
calling open() on it and then moving on when it's not there.

This is the same as we fixed in 39f45546.

This reverts commit 954eeda6.

Apparently, OpenBSD is what expects you to declare environ
yourself.  So 19142 is a wontfix.

I broke this with 20292ec4 when I
changed the primary guard retry schedule.

(Keeping the code around in case I broke Tor in some unexpected
way.)