commit ff679ee066e52adb09863f1a49396e609c1e3cde
Author: Nick Mathewson <nickm(a)torproject.org>
Date: Tue Feb 27 17:11:16 2018 -0500
Create initial 0.3.1.10 changelog.
---
ChangeLog | 196 +++++++++++++++++++++++++++++++++++++++++++++
changes/bug21074_downgrade | 4 -
changes/bug23318 | 11 ---
changes/bug23817 | 3 -
changes/bug23862 | 5 --
changes/bug23985 | 9 ---
changes/bug24086 | 7 --
changes/bug24099 | 4 -
changes/bug24167 | 7 --
changes/bug24170 | 3 -
changes/bug24198 | 4 -
changes/bug24480 | 3 -
changes/bug24633 | 5 --
changes/bug24666 | 7 --
changes/bug24736 | 6 --
changes/bug24826_031 | 4 -
changes/bug24859 | 4 -
changes/bug24895 | 8 --
changes/bug24898 | 8 --
changes/bug24898-029 | 6 --
changes/bug24952 | 5 --
changes/bug24978 | 7 --
changes/bug25070 | 3 -
changes/bug25223 | 4 -
changes/geoip-2017-12-06 | 4 -
changes/geoip-2018-01-05 | 4 -
changes/geoip-2018-02-07 | 4 -
changes/ticket23856 | 4 -
changes/ticket24315 | 3 -
changes/ticket24681 | 6 --
changes/ticket24902 | 13 ---
changes/ticket25122 | 4 -
changes/ticket25170 | 5 --
changes/ticket25202 | 4 -
changes/ticket25323 | 4 -
changes/ticket_24801 | 5 --
36 files changed, 196 insertions(+), 187 deletions(-)
diff --git a/ChangeLog b/ChangeLog
index 0e3a738e3..59fd32a8c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,199 @@
+Changes in version 0.3.1.10 - 2018-03-??
+ Tor 0.3.1.10 backports a number of bugfixes, including important fixes for
+ security issues.
+
+ BLURB HERE.
+
+ o Major features (denial-of-service mitigation, backport from 0.3.3.2-alpha):
+ - Give relays some defenses against the recent network overload. We
+ start with three defenses (default parameters in parentheses).
+ First: if a single client address makes too many concurrent
+ connections (>100), hang up on further connections. Second: if a
+ single client address makes circuits too quickly (more than 3 per
+ second, with an allowed burst of 90) while also having too many
+ connections open (3), refuse new create cells for the next while
+ (1-2 hours). Third: if a client asks to establish a rendezvous
+ point to you directly, ignore the request. These defenses can be
+ manually controlled by new torrc options, but relays will also
+ take guidance from consensus parameters, so there's no need to
+ configure anything manually. Implements ticket 24902.
+
+ o Minor features (linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
+ - Update the sandbox rules so that they should now work correctly
+ with Glibc 2.26. Closes ticket 24315.
+
+ o Major bugfixes (onion services, retry behavior, backport from 0.3.3.1-alpha):
+ - Fix an "off by 2" error in counting rendezvous failures on the
+ onion service side. While we thought we would stop the rendezvous
+ attempt after one failed circuit, we were actually making three
+ circuit attempts before giving up. Now switch to a default of 2,
+ and allow the consensus parameter "hs_service_max_rdv_failures" to
+ override. Fixes bug 24895; bugfix on 0.0.6.
+
+ o Major bugfixes (protocol versions, backport from 0.3.3.2-alpha):
+ - Add Link protocol version 5 to the supported protocols list. Fixes
+ bug 25070; bugfix on 0.3.1.1-alpha.
+
+ o Major bugfixes (relay, backport from 0.3.3.1-alpha):
+ - Fix a set of false positives where relays would consider
+ connections to other relays as being client-only connections (and
+ thus e.g. deserving different link padding schemes) if those
+ relays fell out of the consensus briefly. Now we look only at the
+ initial handshake and whether the connection authenticated as a
+ relay. Fixes bug 24898; bugfix on 0.3.1.1-alpha.
+
+ o Minor features (denial-of-service avoidance, backport from 0.3.3.2-alpha):
+ - Make our OOM handler aware of the geoip client history cache so it
+ doesn't fill up the memory. This check is important for IPv6 and
+ our DoS mitigation subsystem. Closes ticket 25122.
+
+ o Minor feature (relay statistics, backport from 0.3.2.6-alpha):
+ - Change relay bandwidth reporting stats interval from 4 hours to 24
+ hours in order to reduce the efficiency of guard discovery
+ attacks. Fixes ticket 23856.
+
+ o Minor features (compatibility, OpenSSL, backport from 0.3.3.3-alpha):
+ - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
+ Previous versions of Tor would not have worked with OpenSSL 1.1.1,
+ since they neither disabled TLS 1.3 nor enabled any of the
+ ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites.
+ Closes ticket 24978.
+
+ o Minor features (fallback directory mirrors, backport from 0.3.2.9):
+ - The fallback directory list has been re-generated based on the
+ current status of the network. Tor uses fallback directories to
+ bootstrap when it doesn't yet have up-to-date directory
+ information. Closes ticket 24801.
+ - Make the default DirAuthorityFallbackRate 0.1, so that clients
+ prefer to bootstrap from fallback directory mirrors. This is a
+ follow-up to 24679, which removed weights from the default
+ fallbacks. Implements ticket 24681.
+
+ o Minor features (geoip):
+ - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
+ Country database.
+
+ o Minor bugfix (channel connection, backport from 0.3.3.2-alpha):
+ - Use the actual observed address of an incoming relay connection,
+ not the canonical address of the relay from its descriptor, when
+ making decisions about how to handle the incoming connection.
+ Fixes bug 24952; bugfix on 0.2.4.11-alpha. Patch by "ffmancera".
+
+ o Minor bugfix (directory authority, backport from 0.3.3.2-alpha):
+ - Directory authorities, when refusing a descriptor from a rejected
+ relay, now explicitly tell the relay (in its logs) to set a valid
+ ContactInfo address and contact the bad-relays@ mailing list.
+ Fixes bug 25170; bugfix on 0.2.9.1.
+
+ o Minor bugfixes (address selection, backport from 0.3.2.9):
+ - When the fascist_firewall_choose_address_ functions don't find a
+ reachable address, set the returned address to the null address
+ and port. This is a precautionary measure, because some callers do
+ not check the return value. Fixes bug 24736; bugfix
+ on 0.2.8.2-alpha.
+
+ o Major bugfixes (bootstrapping, backport from 0.3.2.5-alpha):
+ - Fetch descriptors aggressively whenever we lack enough to build
+ circuits, regardless of how many descriptors we are missing.
+ Previously, we would delay launching the fetch when we had fewer
+ than 15 missing descriptors, even if some of those descriptors
+ were blocking circuits from building. Fixes bug 23985; bugfix on
+ 0.1.1.11-alpha. The effects of this bug became worse in
+ 0.3.0.3-alpha, when we began treating missing descriptors from our
+ primary guards as a reason to delay circuits.
+ - Don't try fetching microdescriptors from relays that have failed
+ to deliver them in the past. Fixes bug 23817; bugfix
+ on 0.3.0.1-alpha.
+
+ o Minor bugfixes (compilation, backport from 0.3.2.7-rc):
+ - Fix a signed/unsigned comparison warning introduced by our fix to
+ TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
+
+ o Minor bugfixes (control port, linux seccomp2 sandbox, backport from 0.3.2.5-alpha):
+ - Avoid a crash when attempting to use the seccomp2 sandbox together
+ with the OwningControllerProcess feature. Fixes bug 24198; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (directory cache, backport from 0.3.2.5-alpha):
+ - Recover better from empty or corrupt files in the consensus cache
+ directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
+ - When a consensus diff calculation is only partially successful,
+ only record the successful parts as having succeeded. Partial
+ success can happen if (for example) one compression method fails
+ but the others succeed. Previously we misrecorded all the
+ calculations as having succeeded, which would later cause a
+ nonfatal assertion failure. Fixes bug 24086; bugfix
+ on 0.3.1.1-alpha.
+
+ o Minor bugfixes (entry guards, backport from 0.3.2.3-alpha):
+ - Tor now updates its guard state when it reads a consensus
+ regardless of whether it's missing descriptors. That makes tor use
+ its primary guards to fetch descriptors in some edge cases where
+ it would previously have used fallback directories. Fixes bug
+ 23862; bugfix on 0.3.0.1-alpha.
+
+ o Minor bugfixes (logging, backport from 0.3.3.2-alpha):
+ - Don't treat inability to store a cached consensus object as a bug:
+ it can happen normally when we are out of disk space. Fixes bug
+ 24859; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (memory usage, backport from 0.3.2.8-rc):
+ - When queuing DESTROY cells on a channel, only queue the circuit-id
+ and reason fields: not the entire 514-byte cell. This fix should
+ help mitigate any bugs or attacks that fill up these queues, and
+ free more RAM for other uses. Fixes bug 24666; bugfix
+ on 0.2.5.1-alpha.
+
+ o Minor bugfixes (network layer, backport from 0.3.2.5-alpha):
+ - When closing a connection via close_connection_immediately(), we
+ mark it as "not blocked on bandwidth", to prevent later calls from
+ trying to unblock it, and give it permission to read. This fixes a
+ backtrace warning that can happen on relays under various
+ circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
+
+ o Minor bugfixes (path selection, backport from 0.3.2.4-alpha):
+ - When selecting relays by bandwidth, avoid a rounding error that
+ could sometimes cause load to be imbalanced incorrectly.
+ Previously, we would always round upwards; now, we round towards
+ the nearest integer. This had the biggest effect when a relay's
+ weight adjustments should have given it weight 0, but it got
+ weight 1 instead. Fixes bug 23318; bugfix on 0.2.4.3-alpha.
+ - When calculating the fraction of nodes that have descriptors, and
+ all nodes in the network have zero bandwidths, count the number of
+ nodes instead. Fixes bug 23318; bugfix on 0.2.4.10-alpha.
+ - Actually log the total bandwidth in compute_weighted_bandwidths().
+ Fixes bug 24170; bugfix on 0.2.4.3-alpha.
+
+ o Minor bugfixes (performance, fragile-hardening, backport from 0.3.3.1-alpha):
+ - Improve the performance of our consensus-diff application code
+ when Tor is built with the --enable-fragile-hardening option set.
+ Fixes bug 24826; bugfix on 0.3.1.1-alpha.
+
+ o Minor bugfixes (OSX, backport from 0.3.3.1-alpha):
+ - Don't exit the Tor process if setrlimit() fails to change the file
+ limit (which can happen sometimes on some versions of OSX). Fixes
+ bug 21074; bugfix on 0.0.9pre5.
+
+ o Minor bugfixes (portability, msvc, backport from 0.3.2.9):
+ - Fix a bug in the bit-counting parts of our timing-wheel code on
+ MSVC. (Note that MSVC is still not a supported build platform, due
+ to cyptographic timing channel risks.) Fixes bug 24633; bugfix
+ on 0.2.9.1-alpha.
+
+ o Minor bugfixes (relay, partial backport):
+ - Make the internal channel_is_client() function look at what sort
+ of connection handshake the other side used, rather than whether
+ the other side ever sent a create_fast cell to us. Backports part
+ of the fixes from bugs 22805 and 24898.
+
+ o Code simplification and refactoring (backport from 0.3.3.3-alpha):
+ - Update the "rust dependencies" submodule to be a project-level
+ repository, rather than a user repository. Closes ticket 25323.
+
+
+
+
+
Changes in version 0.3.1.9 - 2017-12-01:
Tor 0.3.1.9 backports important security and stability fixes from the
0.3.2 development series. All Tor users should upgrade to this
diff --git a/changes/bug21074_downgrade b/changes/bug21074_downgrade
deleted file mode 100644
index 1bc1f8523..000000000
--- a/changes/bug21074_downgrade
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (portability):
- - Don't exit the Tor process if setrlimit() fails to change the file
- limit (which can happen sometimes on some versions of OSX). Fixes
- bug 21074; bugfix on 0.0.9pre5.
diff --git a/changes/bug23318 b/changes/bug23318
deleted file mode 100644
index 7fcb8d448..000000000
--- a/changes/bug23318
+++ /dev/null
@@ -1,11 +0,0 @@
- o Minor bugfixes (path selection):
- - When selecting relays by bandwidth, avoid a rounding error that
- could sometimes cause load to be imbalanced incorrectly. Previously,
- we would always round upwards; now, we round towards the nearest
- integer. This had the biggest effect when a relay's weight adjustments
- should have given it weight 0, but it got weight 1 instead.
- Fixes bug 23318; bugfix on 0.2.4.3-alpha.
- - When calculating the fraction of nodes that have descriptors, and all
- all nodes in the network have zero bandwidths, count the number of nodes
- instead.
- Fixes bug 23318; bugfix on 0.2.4.10-alpha.
diff --git a/changes/bug23817 b/changes/bug23817
deleted file mode 100644
index 474094279..000000000
--- a/changes/bug23817
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (descriptors):
- - Don't try fetching microdescriptors from relays that have failed to
- deliver them in the past. Fixes bug 23817; bugfix on 0.3.0.1-alpha.
diff --git a/changes/bug23862 b/changes/bug23862
deleted file mode 100644
index 301ce7367..000000000
--- a/changes/bug23862
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (entry guards):
- - Tor now updates its guard state when it reads a consensus regardless of
- whether it's missing descriptors. That makes tor use its primary guards
- to fetch descriptors in some edge cases where it would have used fallback
- directories in the past. Fixes bug 23862; bugfix on 0.3.0.1-alpha.
\ No newline at end of file
diff --git a/changes/bug23985 b/changes/bug23985
deleted file mode 100644
index 9cb593796..000000000
--- a/changes/bug23985
+++ /dev/null
@@ -1,9 +0,0 @@
- o Minor bugfixes (bootstrapping):
- - Fetch descriptors aggressively whenever we lack enough
- to build circuits, regardless of how many descriptors we are missing.
- Previously, we would delay launching the fetch when we had fewer than
- 15 missing descriptors, even if some of those descriptors were
- blocking circuits from building. Fixes bug 23985; bugfix on
- 0.1.1.11-alpha. The effects of this bug became worse in 0.3.0.3-alpha,
- when we began treating missing descriptors from our primary guards
- as a reason to delay circuits.
diff --git a/changes/bug24086 b/changes/bug24086
deleted file mode 100644
index 2ae0b37e6..000000000
--- a/changes/bug24086
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes (directory cache):
- - When a consensus diff calculation is only partially successful, only
- record the successful parts as having succeeded. Partial success
- can happen if (for example) one compression method fails but
- the others succeed. Previously we misrecorded all the calculations as
- having succeeded, which would later cause a nonfatal assertion failure.
- Fixes bug 24086; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug24099 b/changes/bug24099
deleted file mode 100644
index dca399266..000000000
--- a/changes/bug24099
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (directory cache):
- - Recover better from empty or corrupt files in the consensus cache
- directory. Fixes bug 24099; bugfix on 0.3.1.1-alpha.
-
diff --git a/changes/bug24167 b/changes/bug24167
deleted file mode 100644
index fd0d87eff..000000000
--- a/changes/bug24167
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes (network layer):
- - When closing a connection via close_connection_immediately(), we
- mark it as "not blocked on bandwidth", to prevent later calls
- from trying to unblock it, and give it permission to read. This
- fixes a backtrace warning that can happen on relays under various
- circumstances. Fixes bug 24167; bugfix on 0.1.0.1-rc.
-
diff --git a/changes/bug24170 b/changes/bug24170
deleted file mode 100644
index d3d734769..000000000
--- a/changes/bug24170
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (path selection):
- - Actually log the total bandwidth in compute_weighted_bandwidths().
- Fixes bug 24170; bugfix on 0.2.4.3-alpha.
diff --git a/changes/bug24198 b/changes/bug24198
deleted file mode 100644
index 679070687..000000000
--- a/changes/bug24198
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (controller, linux seccomp2 sandbox):
- - Avoid a crash when attempting to use the seccomp2 sandbox
- together with the OwningControllerProcess feature.
- Fixes bug 24198; bugfix on 0.2.5.1-alpha.
diff --git a/changes/bug24480 b/changes/bug24480
deleted file mode 100644
index 94e5b91a0..000000000
--- a/changes/bug24480
+++ /dev/null
@@ -1,3 +0,0 @@
- o Minor bugfixes (compilation):
- - Fix a signed/unsigned comparison warning introduced by our
- fix to TROVE-2017-009. Fixes bug 24480; bugfix on 0.2.5.16.
diff --git a/changes/bug24633 b/changes/bug24633
deleted file mode 100644
index 028c7cc14..000000000
--- a/changes/bug24633
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfixes (portability, msvc):
- - Fix a bug in the bit-counting parts of our timing-wheel code on
- MSVC. (Note that MSVC is still not a supported build platform,
- due to cyptographic timing channel risks.) Fixes bug 24633;
- bugfix on 0.2.9.1-alpha.
diff --git a/changes/bug24666 b/changes/bug24666
deleted file mode 100644
index 830775f5f..000000000
--- a/changes/bug24666
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor bugfixes (memory usage):
-
- - When queuing DESTROY cells on a channel, only queue the
- circuit-id and reason fields: not the entire 514-byte
- cell. This fix should help mitigate any bugs or attacks that
- fill up these queues, and free more RAM for other uses. Fixes
- bug 24666; bugfix on 0.2.5.1-alpha.
diff --git a/changes/bug24736 b/changes/bug24736
deleted file mode 100644
index 632560932..000000000
--- a/changes/bug24736
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (address selection):
- - When the fascist_firewall_choose_address_ functions don't find a
- reachable address, set the returned address to the null address and port.
- This is a precautionary measure, because some callers do not check the
- return value.
- Fixes bug 24736; bugfix on 0.2.8.2-alpha.
diff --git a/changes/bug24826_031 b/changes/bug24826_031
deleted file mode 100644
index 3d4a66184..000000000
--- a/changes/bug24826_031
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (performance, fragile-hardening):
- - Improve the performance of our consensus-diff application code when Tor
- is built with the --enable-fragile-hardening option set. Fixes bug
- 24826; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug24859 b/changes/bug24859
deleted file mode 100644
index 122109d65..000000000
--- a/changes/bug24859
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (logging):
- - Don't treat inability to store a cached consensus object as a
- bug: it can happen normally when we are out of disk space.
- Fixes bug 24859; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug24895 b/changes/bug24895
deleted file mode 100644
index 7edde94a0..000000000
--- a/changes/bug24895
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (onion services):
- - Fix an "off by 2" error in counting rendezvous failures on the onion
- service side. While we thought we would stop the rendezvous attempt
- after one failed circuit, we were actually making three circuit attempts
- before giving up. Now switch to a default of 2, and allow the consensus
- parameter "hs_service_max_rdv_failures" to override. Fixes bug 24895;
- bugfix on 0.0.6.
-
diff --git a/changes/bug24898 b/changes/bug24898
deleted file mode 100644
index f64340d71..000000000
--- a/changes/bug24898
+++ /dev/null
@@ -1,8 +0,0 @@
- o Major bugfixes (relays):
- - Fix a set of false positives where relays would consider connections
- to other relays as being client-only connections (and thus e.g.
- deserving different link padding schemes) if those relays fell out
- of the consensus briefly. Now we look only at the initial handshake
- and whether the connection authenticated as a relay. Fixes bug
- 24898; bugfix on 0.3.1.1-alpha.
-
diff --git a/changes/bug24898-029 b/changes/bug24898-029
deleted file mode 100644
index b33f09384..000000000
--- a/changes/bug24898-029
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor bugfixes (relay):
- - Make the internal channel_is_client() function look at what sort
- of connection handshake the other side used, rather than whether
- the other side ever sent a create_fast cell to us. Backports part
- of the fixes from bugs 22805 and 24898.
-
diff --git a/changes/bug24952 b/changes/bug24952
deleted file mode 100644
index 93174c04f..000000000
--- a/changes/bug24952
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfix (channel connection):
- - The accurate address of a connection is real_addr, not the addr member.
- TLS Channel remote address is now real_addr content instead of addr
- member. Fixes bug 24952; bugfix on 707c1e2e26 in 0.2.4.11-alpha.
- Patch by "ffmancera".
diff --git a/changes/bug24978 b/changes/bug24978
deleted file mode 100644
index 5dc45c744..000000000
--- a/changes/bug24978
+++ /dev/null
@@ -1,7 +0,0 @@
- o Minor features (compatibility, OpenSSL):
- - Tor will now support TLS1.3 once OpenSSL 1.1.1 is released.
- Previous versions of Tor would not have worked with OpenSSL
- 1.1.1, since they neither disabled TLS 1.3 nor enabled any of the
- ciphersuites it requires. Here we enable the TLS 1.3 ciphersuites.
- Closes ticket 24978.
-
diff --git a/changes/bug25070 b/changes/bug25070
deleted file mode 100644
index c2f4e58c4..000000000
--- a/changes/bug25070
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major bugfixes (protocol versions):
- - Add Link protocol version 5 to the supported protocols list.
- Fixes bug 25070; bugfix on 0.3.1.1-alpha.
diff --git a/changes/bug25223 b/changes/bug25223
deleted file mode 100644
index fdd556350..000000000
--- a/changes/bug25223
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (DoS mitigation):
- - Make sure we don't modify consensus parameters if we aren't a public
- relay when a new consensus arrives. Fixes bug 25223; bugfix on
- 0.3.3.2-alpha.
diff --git a/changes/geoip-2017-12-06 b/changes/geoip-2017-12-06
deleted file mode 100644
index ae4fb1149..000000000
--- a/changes/geoip-2017-12-06
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (geoip):
- - Update geoip and geoip6 to the December 6 2017 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-2018-01-05 b/changes/geoip-2018-01-05
deleted file mode 100644
index 59aba02d0..000000000
--- a/changes/geoip-2018-01-05
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (geoip):
- - Update geoip and geoip6 to the January 5 2018 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/geoip-2018-02-07 b/changes/geoip-2018-02-07
deleted file mode 100644
index f45228fd7..000000000
--- a/changes/geoip-2018-02-07
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor features (geoip):
- - Update geoip and geoip6 to the February 7 2018 Maxmind GeoLite2
- Country database.
-
diff --git a/changes/ticket23856 b/changes/ticket23856
deleted file mode 100644
index 049da18d0..000000000
--- a/changes/ticket23856
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (relay statistics):
- - Change relay bandwidth reporting stats interval from 4 hours to 24 hours
- in order to reduce the efficiency of guard discovery attacks. Fixes
- ticket 23856.
diff --git a/changes/ticket24315 b/changes/ticket24315
deleted file mode 100644
index df34dbf41..000000000
--- a/changes/ticket24315
+++ /dev/null
@@ -1,3 +0,0 @@
- o Major features (linux seccomp2 sandbox):
- - Update the sandbox rules so that they should now work correctly with
- Glibc 2.26. Closes ticket 24315.
diff --git a/changes/ticket24681 b/changes/ticket24681
deleted file mode 100644
index cc0a42b2e..000000000
--- a/changes/ticket24681
+++ /dev/null
@@ -1,6 +0,0 @@
- o Minor features (fallback directory mirrors):
- - Make the default DirAuthorityFallbackRate 0.1, so that clients on the
- public tor network prefer to bootstrap off fallback directory mirrors.
- This is a follow-up to 24679, which removed weights from the default
- fallbacks.
- Implements ticket 24681.
diff --git a/changes/ticket24902 b/changes/ticket24902
deleted file mode 100644
index 1a2ef95cc..000000000
--- a/changes/ticket24902
+++ /dev/null
@@ -1,13 +0,0 @@
- o Major features (denial of service mitigation):
- - Give relays some defenses against the recent network overload. We start
- with three defenses (default parameters in parentheses). First: if a
- single client address makes too many concurrent connections (>100), hang
- up on further connections. Second: if a single client address makes
- circuits too quickly (more than 3 per second, with an allowed burst of
- 90) while also having too many connections open (3), refuse new create
- cells for the next while (1-2 hours). Third: if a client asks to
- establish a rendezvous point to you directly, ignore the request. These
- defenses can be manually controlled by new torrc options, but relays
- will also take guidance from consensus parameters, so there's no need to
- configure anything manually. Implements ticket 24902.
-
diff --git a/changes/ticket25122 b/changes/ticket25122
deleted file mode 100644
index 2921811b2..000000000
--- a/changes/ticket25122
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor feature (geoip cache):
- - Make our OOM handler aware of the geoip client history cache so it
- doesn't fill up the memory which is especially important for IPv6 and
- our DoS mitigation subsystem. Closes ticket 25122.
diff --git a/changes/ticket25170 b/changes/ticket25170
deleted file mode 100644
index 065213940..000000000
--- a/changes/ticket25170
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor bugfix (directory authority, documentation):
- - When a fingerprint or network address is marked as rejected, the
- returned message by the authority now explicitly mention to set a valid
- ContactInfo address and contact the bad-relays@ mailing list. Fixes bug
- 25170; bugfix on 0.2.9.1.
diff --git a/changes/ticket25202 b/changes/ticket25202
deleted file mode 100644
index ba64abad7..000000000
--- a/changes/ticket25202
+++ /dev/null
@@ -1,4 +0,0 @@
- o Minor bugfixes (DoS mitigation):
- - Add extra safety checks when refilling the circuit creation bucket to
- ensure we never set a value that is above the allowed burst. Fixes
- bug 25202; bugfix on 0.3.3.2-alpha.
diff --git a/changes/ticket25323 b/changes/ticket25323
deleted file mode 100644
index 836825de5..000000000
--- a/changes/ticket25323
+++ /dev/null
@@ -1,4 +0,0 @@
- o Code simplification and refactoring:
- - Update the "rust dependencies" submodule to be an project-level
- repository, rather than a user repository. Closes ticket 25323.
-
diff --git a/changes/ticket_24801 b/changes/ticket_24801
deleted file mode 100644
index f5f6c831a..000000000
--- a/changes/ticket_24801
+++ /dev/null
@@ -1,5 +0,0 @@
- o Minor features (new fallback directories):
- - The fallback directory list has been re-generated based on the
- current status of the network. Tor uses fallback directories to
- bootstrap it doesn't yet have up-to-date directory
- information. Closes ticket 24801.