* commit 'tor-0.2.2.12-alpha':
  merge in the bug 1364 fix
  Demote a warning about missing client ciphers
  bump to 0.2.2.12-alpha
  prepare for 0.2.2.12-alpha
  fetch descriptors from the authority that told us about them
  fetch unknown descriptors if we see them in a vote
  minor cleanups
  Switch geoip_get_request_history to asprintf; fix bug 1365
  fix "Got a certificate for ?? that we already have"
  Fix a compilation warning on compat_libevent.c on some versions of windows libevent
  Move the declaration of bandwidth_rate_rule_to_string
  Fix two compile-blockers in tor_vasprintf().
  bump to 0.2.2.11-alpha-dev
  parameterize update_consensus_router_descriptor_downloads

what's happening here is that we're fetching certs for obsolete
authorities -- probably legacy signers in this case. but try to
remain general in the log message.

It's natural for the definition of bandwidth_rule_t to be with the functions
that actually care about its values.  Unfortunately, this means declaring
bandwidth_rate_rule_to_string() out of sequence.  Someday we'll just rename
reasons.c to strings.c, and put it at the end of or.h, and this will all be
better.

1) mingw doesn't have _vscprintf(); mingw instead has a working snprintf.

2) windows compilers that _do_ have a working _vscprintf spell it so; they do
   not spell it _vcsprintf().

* debian-merge: (31 commits)
  New upstream version
  bump to 0.2.2.11-alpha
  gather together the 0.2.2.11-alpha changelog
  simplify a path in networkstatus
  Add --enable-static-zlib option
  Fix renegotiation on OpenSSL versions that backport RFC5746.
  Rename CircPriorityHalflifeMsec to CircuitPriorityHalflifeMsec
  testsuite: Prevent the main thread from starving the worker threads
  testsuite: Only free the main mutex when and if all the worker threads are done
  Log bandwidth_weight_rule_t as a string, not an integer.
  Fix a bug in reading CircPriorityHalflife from consensus
  fetch relay descriptors from v3 authorities
  Fix a segfault when a client is hup'd.
  fold in the recent changelog entries
  Mention libxml2-utils in our asciidoc dependencies
  Segfault less during consensus generation without params
  Add a missing NL to dir-spec.
  In the glorious future, all relays cache dir info.
  give us a blurb; add stanza to the releasenotes
  bump to 0.2.1.25
  ...

* commit 'tor-0.2.2.11-alpha': (30 commits)
  bump to 0.2.2.11-alpha
  gather together the 0.2.2.11-alpha changelog
  simplify a path in networkstatus
  Add --enable-static-zlib option
  Fix renegotiation on OpenSSL versions that backport RFC5746.
  Rename CircPriorityHalflifeMsec to CircuitPriorityHalflifeMsec
  testsuite: Prevent the main thread from starving the worker threads
  testsuite: Only free the main mutex when and if all the worker threads are done
  Log bandwidth_weight_rule_t as a string, not an integer.
  Fix a bug in reading CircPriorityHalflife from consensus
  fetch relay descriptors from v3 authorities
  Fix a segfault when a client is hup'd.
  fold in the recent changelog entries
  Mention libxml2-utils in our asciidoc dependencies
  Segfault less during consensus generation without params
  Add a missing NL to dir-spec.
  In the glorious future, all relays cache dir info.
  give us a blurb; add stanza to the releasenotes
  bump to 0.2.1.25
  fix some dangling refs in dirspec
  ...

Works like the --enable-static-openssl/libevent options. Requires
--with-zlib-dir to be set. Note that other dependencies might still
pull in a dynamicly linked zlib, if you don't link them in statically
too.

Our code assumed that any version of OpenSSL before 0.9.8l could not
possibly require SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION.  This is
so... except that many vendors have backported the flag from later
versions of openssl when they backported the RFC5476 renegotiation
feature.

The new behavior is particularly annoying to detect.  Previously,
leaving SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION unset meant that
clients would fail to renegotiate.  People noticed that one fast!
Now, OpenSSL's RFC5476 support means that clients will happily talk to
any servers there are, but servers won't accept renegotiation requests
from unpatched clients unless SSL_OP_ALLOW_etc is set.  More fun:
servers send back a "no renegotiation for you!" error, which unpatched
clients respond to by stalling, and generally producing no useful
error message.

This might not be _the_ cause of bug 1346, but it is quite likely _a_
cause for bug 1346.

Everything that accepted the 'Circ' name handled it wrong, so even now
that we fixed the handling of the parameter, we wouldn't be able to
set it without making all the 0.2.2.7..0.2.2.10 relays act wonky.
This patch makes Tors accept the 'Circuit' name instead, so we can
turn on circuit priorities without confusing the versions that treated
the 'Circ' name as occasion to act weird.

Conflicts:
	src/or/test.c

I'm adding this because I can never remember what stuff like 'rule 3'
means.  That's the one where if somebody goes limp or taps out, the
fight is over, right?

When you mean (a=b(c,d)) >= 0, you had better not say (a=b(c,d)>=0).
We did the latter, and so whenever CircPriorityHalflife was in the
consensus, it was treated as having a value of 1 msec (that is,
boolean true).

Conflicts:

	ChangeLog
	configure.in
	contrib/tor-mingw.nsi.in
	src/win32/orconfig.h

People who have vidalia installed might not want to run Tor as a system
service. The vidalia .deb can ask them that and then set run-daemon
to no.
(cherry picked from commit 03b45a6f)

(cherry picked from commit e40d12aa)

We need to make sure we have an event_base in dns.c before we call
anything that wants one. Make sure we always have one in dns_reset()
when we're a client. Fixes bug 1341.