Start a changelog for 0.3.5.1-alpha

changes/27186

-  o Minor features (UI):
-    - Log each included configuration file or directory as we read it, to
-      provide more visibility about where Tor is reading from.
-      Patch from Unto Sten; closes ticket 27186.

changes/NSS

-  o Major features (portability, cryptography, experimental, TLS):
-    - Tor now has the option to compile with the NSS library instead of
-      OpenSSL. This feature is experimental, and we expect that bugs may
-      remain. It is mainly intended for environments where Tor's performance
-      is not CPU-bound, and where NSS is already known to be installed.
-      To try it out, configure Tor with the --enable-nss flag.
-      Closes ticket 26631.

changes/bug15518

-  o Minor bugfixes (ipv6):
-    - In addrs_in_same_network_family(), we choose the subnet size based
-      on the IP version (IPv4 or IPv6). Previously, we chose a fixed subnet
-      size of /16 for both IPv4 and IPv6 addresses. Fixes bug 15518; bugfix
-      on 0.3.5.1-alpha. Patch by Neel Chauhan.
-

changes/bug17873

-  o Minor bugfixes (OS compatibility):
-    - On Linux and Windows properly handle configuration change that
-      moves a listener to/from wildcard IP address. In case first
-      attempt to bind a socket fails, close the old listener and
-      try binding a socket again. Fixes bug 17873; bugfix on
-      0.0.8pre-1.

changes/bug18642

-  o Minor features (denial-of-service avoidance):
-    - Make our OOM handler aware of the DNS cache so that it doesn't fill up
-      the memory. This check is important for our DoS mitigation subsystem.
-      Closes ticket 18642. Patch by Neel Chauhan
-

changes/bug20874

-  o Minor bugfixes (client, reachableaddresses):
-    - Instead of adding an "reject *:*" line to ReachableAddresses when
-      loading the configuration, add one to the policy after parsing it
-      in parse_reachable_addresses(). This prevents extra "reject *.*"
-      lines from accumulating on reloads. Fixes bug 20874; bugfix on
-      0.3.5.1-alpha. Patch by Neel Chauhan.
-

changes/bug21530

-  o Major features (relay):
-    - Relays no longer run as exits by default. If the "ExitRelay" option is
-      auto (or unset), and no exit policy is specified with ExitPolicy or
-      ReducedExitPolicy, we now treat ExitRelay as 0. Previously in this
-      case, we allowed exit
-      traffic and logged a warning message. Closes ticket
-      21530. Patch by Neel Chauhan.

changes/bug22156

-  o Minor features (development):
-    - Tor's makefile now supports running the "clippy" Rust style tool
-      on our Rust code. Closes ticket 22156.

changes/bug24104

-  o Minor bugfix (relay statistics):
-    - Update relay descriptor on bandwidth changes only when the uptime is
-      smaller than 24h in order to reduce the efficiency of guard discovery
-      attacks. Fixes bug 24104; bugfix on 0.1.1.6-alpha.

changes/bug24312

-  o Minor bugfixes (relays):
-    - Since 0.3.3.5-rc, authorities require DirCache (V2Dir) for the Guard
-      flag. Update the message logged on relays when DirCache is disabled.
-      Fixes bug 24312; bugfix on 0.3.3.5-rc.

changes/bug25477

-  o Minor bugfixes (logging):
-    - Refrain from mentioning bug 21018, as it is already fixed.
-      Fixes bug 25477; bugfix on 0.2.9.8.

changes/bug25505

-  o Minor bugfixes (netflow padding):
-    - Ensure circuitmux queues are empty before scheduling or sending padding.
-      Fixes bug 25505; bugfix on 0.3.1.1-alpha.

changes/bug25552

-  o Major feature (onion services):
-    - Improve revision counter generation in next-gen onion services. Onion
-      services can now scale by hosting multiple instances on different hosts
-      without synchronization between them, which was previously impossible
-      because descriptors would get rejected by HSDirs. Addresses ticket 25552.

changes/bug25886

-  o Minor bugfixes (relay):
-    - In frac_nodes_with_descriptors(), add for_direct_connect, and replace
-      node_has_any_descriptor() with node_has_preferred_descriptor(). Also,
-      if we are using bridges and there is at least one bridge with a full
-      descriptor, set f_guard in compute_frac_paths_available() to 1.0.
-      Fixes bug 25886; bugfix on 0.3.5.1-alpha. Patch by Neel Chauhan.
-

changes/bug26152

-  o Minor bugfixes (testing):
-    - When logging a version mismatch in our openssl_version tests,
-      report the actual offending version strings. Fixes bug 26152; bugfix on
-      0.2.9.1-alpha.

changes/bug26223

-  o Minor features (directory authority):
-    - There is no longer an artificial upper limit on the length of bandwidth
-      lines. Closes ticket 26223.

changes/bug26282

-  o Minor bugfixes (C correctness):
-    - Avoid casting smartlist index to int implicitly, as it may trigger
-      a warning (-Wshorten-64-to-32). Fixes bug 26282; bugfix on
-      0.2.3.13-alpha, 0.2.7.1-alpha and 0.2.1.1-alpha.

changes/bug26367

-  o Removed features (hidden service, tor2web):
-    - Remove Tor2web functionalities. The Tor2webMode and
-      Tor2webRendezvousPoints options are now obsolete. Note that this feature
-      was never shipped in vanilla Tor and it was only possible to use this
-      feature by building the support at compile time. Closes ticket 26367.

changes/bug26437

-  o Testing:
-    - Fix forking tests on Windows when there is a space somewhere in the path.
-      Fixes bug 26437; bugfix on 0.2.2.4-alpha.