it's perfect, let's ship it

now's your chance to destabilize it

From http://archives.seul.org/tor/relays/Mar-2010/msg00006.html :

   As I understand it, the bug should show up on relays that don't set
   Address to an IP address (so they need to resolve their Address
   line or their hostname to guess their IP address), and their
   hostname or Address line fails to resolve -- at that point they'll
   pick a random 4 bytes out of memory and call that their address. At
   the same time, relays that *do* successfully resolve their address
   will ignore the result, and only come up with a useful address if
   their interface address happens to be a public IP address.

Also break the build if that switch isn't used and asciidoc isn't
available.

We don't need sed for our string manipulation, so let's get rid of
it. Suggested by weasel.

Otherwise, the build process breaks when one of the .1.txt gets
a new mtime. Suggested by weasel.

When the bandwidth-weights branch added the "directory-footer"
token, and began parsing the directory footer at the first
occurrence of "directory-footer", it made it possible to fool the
parsing algorithm into accepting unsigned data at the end of a
consensus or vote.  This patch fixes that bug by treating the footer
as starting with the first "directory-footer" or the first
"directory-signature", whichever comes first.

Treat strings returned from signed_descriptor_get_body_impl() as not
NUL-terminated. Since the length of the strings is available, this is
not a big problem.

Discovered by rieo.

Another dereference-then-NULL-check sequence. No reports of this bug
triggered in the wild. Fixes bugreport 1256.

Thanks to ekir for discovering and reporting this bug.

Fix a dereference-then-NULL-check sequence. This bug wasn't triggered
in the wild, but we should fix it anyways in case it ever happens.
Also make sure users get a note about this being a bug when they
see it in their log.

Thanks to ekir for discovering and reporting this bug.

We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.

All other bandwidthrate settings are restricted to INT32_MAX, but
this check was forgotten for PerConnBWRate and PerConnBWBurst. Also
update the manpage to reflect the fact that specifying a bandwidth
in terabytes does not make sense, because that value will be too
large.

Fix a dereference-then-NULL-check sequence. This bug wasn't triggered
in the wild, but we should fix it anyways in case it ever happens.
Also make sure users get a note about this being a bug when they
see it in their log.

Thanks to ekir for discovering and reporting this bug.

This is so that coverity stops complaining about using a user-supplied
string with the open() syscall. Let's see if it works.

We used to only zero the first ptrsize bytes of the cipher. Since
cipher is large enough, we didn't zero too many bytes. Discovered
and fixed by ekir. Fixes bug 1254.

Spec conformance issue: The code didn't force the network-status-version
token to be the first token in a v3 vote or consensus.

Problem discovered by Parakeep.

We need to use evdns_add_server_port_with_base() when configuring
our DNS listener, because libevent segfaults otherwise. Add a macro
in compat_libevent.h to pick the correct implementation depending
on the libevent version.

Fixes bug 1143, found by SwissTorExit