Fix all the warnings from lintChanges.py

changes/17573

@@ -1,3 +1,4 @@
-  o Minor bigfixes (IPv6):
+  o Minor bugfixes (IPv6):
     - Update the limits in max_dl_per_request for IPv6 address
-      length. Closes ticket 17573.
+      length. Fixes bug 17573; bugfix on 0.2.1.5-alpha.
+

changes/17926

@@ -1,3 +1,3 @@
-  o Removed code:
+  o Removed features:
     - Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them.
       Closes ticket 17926.

changes/7419

@@ -1,7 +1,6 @@
-  o Minor enhancement (security):
-    - Use explicit_bzero when present
-      from <logan@hackers.mu>.
-    - Use memset_s when present
-      from <selven@hackers.mu>
+  o Minor features (security):
+    - Use explicit_bzero or memset_s when present. Previously, we'd use
+      OpenSSL's OPENSSL_cleanse() function.
+      Closes ticket 7419; patches from <logan@hackers.mu> and <selven@hackers.mu>.
+
 
-    625538405474972d627b26d7a250ea36 (:

changes/bug16651

@@ -1,5 +1,6 @@
   o Minor bugfixes (compilation):
 
     - Fix search for libevent libraries on OpenBSD (and similar systems
-      which install libevent 1 and libevent 2 in parallel). Resolves
-      ticket 16651.  Patch from "rubiate".
+      which install libevent 1 and libevent 2 in parallel). Fixes bug
+      16651; bugfix on 0.1.0.7-rc.
+      Patch from "rubiate".

changes/bug17026

@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (security):
     - Set unused entires in a smartlist to NULL. This helped catch a
       (harmless) bug, and shouldn't affect performance too much.
       Implements ticket 17026.

changes/bug17027-reject-private-bind-port

@@ -1,7 +1,5 @@
-  o Minor bug fixes (security, exit policies):
+  o Minor bugfixes (security, exit policies):
     - ExitPolicyRejectPrivate rejects more private addresses by default:
       * the relay's outbound bind addresses (if configured), and
       * the relay's configured port addresses (such as ORPort and DirPort).
-      Resolves ticket 17027. Patch by "teor".
-      Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha,
-      and on 0.2.7.3-rc.
+      Fixes bug 17027; bugfix on 0.2.0.11-alpha. Patch by "teor".

changes/bug17194

@@ -1,7 +1,7 @@
-  o Minor feature:
+  o Minor feature (logging):
     - When logging to syslog, allow a tag to be added to the syslog
       identity ("Tor"), i.e. the string prepended to every log message.
       The tag can be configured by setting SyslogIdentityTag and defaults
       to none.  Setting it to "foo" will cause logs to be tagged as
-      "Tor-foo".
+      "Tor-foo". Closes ticket 17194.
 

changes/bug17419

@@ -1,4 +1,3 @@
-
-  o Minor bugfixes:
+  o Minor bugfixes (safe logging):
     - When logging a malformed hostname received through socks4, scrub it
       if SafeLogging says we should. Fixes bug 17419; bugfix on 0.1.1.16-rc.

changes/bug17549

@@ -1,3 +1,3 @@
-  o Minor bugfixes (compilation):
-    - Repair compilation with the most recent (unreleased, alpha)
-      vesions of OpenSSL 1.1. Fixes bug 17549.
+  o Minor features (compilation):
+    - Repair some compilation issues with some recent (unreleased, alpha)
+      vesions of OpenSSL 1.1. Closes ticket 17549.

changes/bug17562-DataDirectoryGroupReadable

@@ -1,3 +1,5 @@
-  o Minor bug fixes:
+  o Minor features (unix permissions):
     - Introduce DataDirectoryGroupReadable boolean. If set to 1, the
       DataDirectory will be made readable by the default GID.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+

changes/bug17562-allow-root-group-read

@@ -1,6 +1,7 @@
-  o Minor bug fixes:
+  o Minor features (unix permissions):
     - If any directory created by Tor is marked as group readable, the
       filesystem group is allowed to be either the default GID or the root
       user. Allowing root to read the DataDirectory prevents the need for
       CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or
       dac_read_search when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.

changes/bug17562-defer-unix-socket-creation

@@ -1,4 +1,5 @@
-  o Minor bug fixes:
+  o Minor features (unix permissions):
     - Defer creation of Unix sockets until after setuid. This avoids needing
       CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
       chown and fowner when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.

changes/bug17589

@@ -1,4 +1,4 @@
-  o Code simplificiation and refactoring:
+  o Code simplification and refactoring:
     - When a direct directory request fails immediately on launch,
       instead of relaunching that request from inside the code that
       launches it, instead mark the connection for teardown. This

changes/bug17632-no-ipv4-no-localhost

@@ -1,7 +1,5 @@
   o Minor bugfix (unit tests):
     - Make unit tests pass on IPv6-only systems, and systems without
       localhost addresses (like some FreeBSD jails).
-      Fixes bug #17632; bugfix on unit tests in 0.2.7.3-rc.
-      c464a367728d was a partial fix for this issue in #17255;
-      it was released in unit tests in 0.2.7.4-rc.
+      Fixes bug 17632; bugfix on 0.2.7.3-rc.
       Patch by "teor".

changes/bug17638-ipv6-ersatz-socketpair

@@ -1,5 +1,5 @@
   o Minor bugfix (IPv6 compatibility, unit tests):
     - Make tor_ersatz_socketpair work on IPv6-only systems.
-      Fixes bug #17638; bugfix on a very early tor version,
-      earlier than 22dba27d8dd5 (23 Nov 2004) / svn:r2943.
+      Fixes bug 17638; bugfix on 0.0.2pre8.
       Patch by "teor".
+

changes/bug17686

@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (security):
     - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
       positively are not allowed to fail. Previously we depended on
       internals about OpenSSL behavior. Closes ticket 17686.

changes/bug17753

@@ -1,4 +1,4 @@
-  o Minor bugfixes (code correctness)
+  o Minor bugfixes (code correctness):
     - Assert that allocated memory held by the reputation code is freed
       according to its internal counters. Fixes bug 17753; bugfix on
       tor-0.1.1.1-alpha.

changes/bug17876

@@ -1,4 +1,4 @@
-  o Minor bugfixes:
+  o Minor bugfixes (client, correctness):
     - When closing an entry connection, generate a warning if we should
       have sent an end cell for it but we haven't.  Fixes bug 17876;
       bugfix on 0.2.3.2-alpha.

changes/bug17923

@@ -1,4 +1,4 @@
-  o Minor bugfixes:
+  o Minor bugfixes (portability):
     - Remove an #endif from configure.ac so that we correctly detect
       the presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix on
       0.2.0.13-alpha.

changes/bug18050

@@ -1,7 +1,7 @@
-  o Minor fixes (relays):
+  o Minor bugfixes (relays):
     - Check that both the ORPort and DirPort (if present) are reachable
       before publishing a relay descriptor. Otherwise, relays publish a
       descriptor with DirPort 0 when the DirPort reachability test takes
       longer than the ORPort reachability test.
-      Closes bug #18050. Reported by "starlight", patch by "teor".
-      Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
+      Fixes bug 18050; bugfix on 0.1.0.1-rc.
+      Reported by "starlight", patch by "teor".

changes/bug18089

@@ -1,6 +1,5 @@
-  o Minor fixes (security):
+  o Minor bugfixes (security):
     - Make memwipe() do nothing when passed a NULL pointer
       or zero size. Check size argument to memwipe() for underflow.
-      Closes bug #18089. Reported by "gk", patch by "teor".
-      Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
-      commit 49dd5ef3 on 7 Nov 2012.
+      Fixes bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha.
+      Reported by "gk", patch by "teor".

changes/bug4483-multiple-consensus-downloads

@@ -2,8 +2,8 @@
     - Schedule multiple in-progress consensus downloads during client
       bootstrap. Use the first one that starts downloading, close the
       rest. This reduces failures when authorities are slow or down.
-      With #15775, it reduces failures due to fallback churn.
-      Implements #4483 (reduce failures when authorities are down).
+      Together with the code for feature 15775, it reduces failures due to fallback churn.
+      Implements ticket 4483 (reduce failures when authorities are down).
       Patch by "teor".
-      Implements IPv4 portions of proposal #210 by "mikeperry" and
+      Implements IPv4 portions of proposal 210 by "mikeperry" and
       "teor".

changes/bug6027

@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (IPv6 support):
     - Allow users to configure directory authorities and fallback
       directory servers with IPv6 addresses and ORPorts.  Resolves
       ticket 6027.

changes/check-crypto-errors

@@ -1,5 +1,4 @@
   o Minor bugfix (crypto):
     - Check the return value of HMAC and assert on failure.
-      Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011)
-      in tor version 0.2.3.5-alpha-dev.
+      Fixes bug 17658; bugfix on 0.2.3.6-alpha.
       Patch by "teor".

changes/cleanup_17587

@@ -1,3 +1,3 @@
-  o Code simplifications and refactorings:
+  o Code simplification and refactoring:
     - Clean up a little duplicated code in crypto_expand_key_material_TAP.
       Closes ticket 17587; patch from "pfrankw".

changes/decouple_circuit_mark

@@ -3,4 +3,4 @@
        a new function run periodically before connections are freed.
        This change removes more than half of the functions currently
        in the "blob".
-       Closes ticket #17218.
+       Closes ticket 17218.

changes/decouple_conn_attach

@@ -1,4 +1,4 @@
-  o Code simplification and refactorings:
+  o Code simplification and refactoring:
     - Decouple the list of streams needing to be attached to circuits
       from the overall connection list. This change makes it possible to
       attach streams quickly while both simplifying Tor's callgraph and

changes/feature15775-fallback

@@ -11,9 +11,9 @@
        and port for a while now (120 days), and have been running, a guard,
        and a v2 directory mirror for most of that time."
       We exclude BadExits and tor versions that aren't recommended.
-      We include an IPv6 address for each FallbackDir (#8374).
-      (Tor might not use IPv6 fallbacks until #6027 is merged.)
+      We include an IPv6 address for each FallbackDir (see ticket 8374).
+      (Tor might not use IPv6 fallbacks until ticket the code for ticket6027 is merged.)
       The unit test ensures that we successfully load all included
       default fallback directories.
-      Closes ticket #15775. Patch by "teor".
+      Closes ticket 15775. Patch by "teor".
       OnionOO script by "weasel", "teor", "gsathya", and "karsten".

changes/feature16774

@@ -1,3 +1,3 @@
-  o Minor enhancement:
-    - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes ticket
-      #16774 and 17817. Patch by George Tankersley.
+  o Minor features (controller):
+    - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes tickets
+      16774 and 17817. Patch by George Tankersley.

changes/feature17950

@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (relay, address discovery):
     - Add a family argument to get_interface_addresses_raw() and
       subfunctions to make network interface address interogation more
       efficient. Now Tor can specifically ask for IPv4, IPv6 or both

changes/feature17951

@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (relay, address discovery):
     - When get_interface_address6_list(.,AF_UNSPEC,.) is called and fails
       to enumerate interface addresses using the platform-specific API,
       have it rely on the UDP socket fallback technique to try and find

changes/feature17986

@@ -1,3 +1,3 @@
-  o Minor features:
+  o Minor features (security):
     - Use SecureMemoryWipe() function to securely clean memory on
       Windows. Implements feature 17986.

changes/feature8195

@@ -1,4 +1,4 @@
-  o Major features:
+  o Major features (relay):
     - When Tor is started as root on Linux and told to switch user ID, it
       can now retain the capabilitity to bind to low ports.  By default,
       Tor will do this only when it's switching user ID and some low

changes/feature8961-replaycache-sha256

@@ -1,4 +1,4 @@
-  o Minor enhancement (replaycache):
+  o Minor features (replaycache):
     - The replay cache now uses SHA256 instead of SHA1.
-      Implements feature #8961.
+      Implements feature 8961.
       Patch by "teor", issue reported by "rransom".

changes/first-hop-no-private

@@ -2,7 +2,5 @@
     - Refuse connection requests to private OR addresses unless
       ExtendAllowPrivateAddresses is set. Previously, tor would
       connect, then refuse to send any cells to a private address.
-      Fixes bugs 17674 and 8976; bugfix on b7c172c9ec76 (28 Aug 2012)
-      Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
-      release.
+      Fixes bugs 17674 and 8976; bugfix on 0.2.3.21-rc.
       Patch by "teor".

changes/geoip-january2016

@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (geoip):
     - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
       Country database.
 

changes/getinfo-private-exitpolicy

@@ -3,4 +3,4 @@
       for the reject rules added by ExitPolicyRejectPrivate. This makes
       it easier for stem to display exit policies.
     - Add unit tests for getinfo exit-policy/*.
-      Completes ticket #17183. Patch by "teor".
+      Finishes implementation for ticket 17183. Patch by "teor".

changes/laplace-edge-cases

@@ -1,8 +1,9 @@
-  o Code simplifications and unit tests:
+  o Minor bugfixes (statistics code):
     - Handle edge cases in the laplace functions: avoid division by zero,
       avoid taking the log of zero, and silence clang type conversion
       warnings using round and trunc.  Add unit tests for edge cases with
-      maximal values.
+      maximal values. Fixes part of bug 13192; bugfix on 0.2.6.2-alpha.
     - Consistently check for overflow in round_*_to_next_multiple_of
       functions, and add unit tests with additional and maximal values.
+      Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
 

changes/log_heartbeat_test

@@ -3,4 +3,4 @@
       with non-integer offsets. Instead of comparing the end of the
       time string against a constant, compare it to the output of
       format_local_iso_time when given the correct input.
-      Fixes bug 18039.
+      Fixes bug 18039; bugfix on 0.2.5.4-alpha.

changes/routerset-parse-IPv6-literals

@@ -1,5 +1,3 @@
-  o Minor bug fixes (routersets, IPv6):
+  o Minor bugfixes (routersets, IPv6):
     - routerset_parse now accepts IPv6 literal addresses.
-      Fix for ticket 17060. Patch by "teor".
-      Patch on 3ce6e2fba290 (24 Jul 2008), and related commits,
-      released in 0.2.1.3-alpha.
+      Fixes bug 17060; bugfix on 0.2.1.3-alpha. Patch by "teor".

changes/sha-unit-tests

@@ -1,5 +1,3 @@
   o Minor bugfixes (unit tests):
     - Check the full results of SHA256 and SHA512 digests in the
-      unit tests.
-      Bugfix on a tor version before the refactoring in git commit
-      cea12251995d (23 Sep 2009). Patch by "teor".
+      unit tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".

changes/ticket15989

@@ -1,9 +1,9 @@
-  o Minor enhancement (accounting):
+  o Minor features (accounting):
     - Added two modes to AccountingRule in torrc for
       limiting just input or just output.
       Closes ticket 15989; patch from "unixninja92".
 
-  o Minor bugfixe (accounting):
+  o Minor bugfixes (accounting):
     - The max bandwidth when using AccountRule sum
       is now correctly logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha.
       Patch from "unixninja92".

changes/ticket17158

@@ -1,7 +1,4 @@
-  o Minor fixes (fallback directories):
-    - Fix a display issue in updateFallbackDirs.py output.
-      Patch by "teor". Not in any released version of tor.
-
   o Minor features (fallback directories):
-    - Add default fallback directories for the 0.2.8 alpha releases.
+    - Add a set of default fallback directories for the 0.2.8 alpha releases.
+      Closes ticket 17158.
       Patch by "teor".

changes/warn-when-time-goes-backwards

@@ -2,4 +2,4 @@
     - Warn when the system clock is set back in time (when the
       state file was last written in the future). Tor doesn't know
       that consensuses have expired if the clock is in the past.
-      Patch by "teor". Implements ticket #17188.
+      Patch by "teor". Implements ticket 17188.

scripts/maint/lintChanges.py

@@ -7,6 +7,20 @@ import re
 import os
 
 
+KNOWN_GROUPS=set([
+    "Minor bugfix",
+    "Minor bugfixes",
+    "Major bugfix",
+    "Major bugfixes",
+    "Minor feature",
+    "Minor features",
+    "Major feature",
+    "Major features",
+    "Testing",
+    "Documentation",
+    "Code simplification and refactoring",
+    "Removed features"])
+
 def lintfile(fname):
     have_warned = []
 
@@ -31,8 +45,16 @@ def lintfile(fname):
     lines = contents.split("\n")
     isBug = ("bug" in lines[0] or "fix" in lines[0])
 
-    if not re.match(r'^[ ]{2}o (.*)', contents):
+    m = re.match(r'^[ ]{2}o ([^\(:]*)([^:]*):', contents)
+    if not m:
         warn("header not in format expected")
+    elif m.group(1).strip() not in KNOWN_GROUPS:
+        warn("Weird header: %r"%m.group(1))
+    elif ( ("bugfix" in m.group(1) or "feature" in m.group(1)) and
+           ("Removed" not in m.group(1)) and
+           '(' not in m.group(2)):
+        warn("Missing subcategory on %s"%m.group(1))
+
 
     contents = " ".join(contents.split())