Run "formatChangelog"

ChangeLog

@@ -1,28 +1,16 @@
 Changes in version 0.2.8.2-rc - 2016-03-??
-  Tor 0.2.8.1-alpha is the first release candidate in its series.
-  XXXX write more here XXXX
+  Tor 0.2.8.1-alpha is the first release candidate in its series. XXXX
+  write more here XXXX
 
   o New system requirements:
     - Tor no longer supports versions of OpenSSL with a broken
-      implementation of counter mode.  (This bug was present in OpenSSL
-      1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but
-      no longer runs with, these versions.
-    - Tor no longer attempts to support platforms where the "time_t" type
-      is unsigned.  (To the best of our knowledge, only OpenVMS does this,
-      and Tor has never actually built on OpenVMS.)  Closes ticket 18184.
-
-  o Removed features:
-    - Streamline relay-side hsdir handling: when relays consider whether
-      to accept an uploaded hidden service descriptor, they no longer
-      check whether they are one of the relays in the network that is
-      "supposed" to handle that descriptor. Implements ticket 18332.
-    - We no longer maintain an internal freelist in memarea.c. Allocators
-      should be good enough to make this code unnecessary, and it's doubtful
-      that it ever had any performance benefit.
-
-  o Major bugfixes (dns proxy mode, crash):
-    - Avoid crashing when running as a DNS proxy. Fixes bug 16248; bugfix on
-      0.2.0.1-alpha. Patch from 'cypherpunks'.
+      implementation of counter mode. (This bug was present in OpenSSL
+      1.0.0, and was fixed in OpenSSL 1.0.0a.) Tor still detects, but no
+      longer runs with, these versions.
+    - Tor no longer attempts to support platforms where the "time_t"
+      type is unsigned. (To the best of our knowledge, only OpenVMS does
+      this, and Tor has never actually built on OpenVMS.) Closes
+      ticket 18184.
 
   o Major bugfixes (security, pointers):
     - Avoid a difficult-to-trigger heap corruption attack when extending
@@ -31,20 +19,28 @@ Changes in version 0.2.8.2-rc - 2016-03-??
       incompletely. Reported by Guido Vranken.
 
   o Major bugfixes (compilation):
-    - Repair hardened builds under the clang compiler. Previously,
-      our use of _FORTIFY_SOURCE would conflict with clang's address
+    - Repair hardened builds under the clang compiler. Previously, our
+      use of _FORTIFY_SOURCE would conflict with clang's address
       sanitizer. Fixes bug 14821; bugfix on 0.2.5.4-alpha.
 
   o Major bugfixes (crash on shutdown):
     - Correctly handle detaching circuits from cmuxes when doing
-      circuit_free_all() on shutdown.  Fixes bug 18116; bugfix on
-      0.2.8.1-alpha.
+      circuit_free_all() on shutdown. Fixes bug 18116; bugfix
+      on 0.2.8.1-alpha.
+
+  o Major bugfixes (dns proxy mode, crash):
+    - Avoid crashing when running as a DNS proxy. Fixes bug 16248;
+      bugfix on 0.2.0.1-alpha. Patch from 'cypherpunks'.
 
   o Major bugfixes (relays, bridge clients):
-    - Ensure relays always allow IPv4 OR and Dir connections.
-      Ensure bridge clients use the address configured in the bridge line.
-      Fixes bug 18348; bugfix on 0.2.8.1-alpha.
-      Reported by sysrqb, patch by teor.
+    - Ensure relays always allow IPv4 OR and Dir connections. Ensure
+      bridge clients use the address configured in the bridge line.
+      Fixes bug 18348; bugfix on 0.2.8.1-alpha. Reported by sysrqb,
+      patch by teor.
+
+  o Minor features:
+    - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
+      Country database.
 
   o Minor feature (IPv6):
     - Add ClientPreferIPv6DirPort, which is set to 0 by default. If set
@@ -53,22 +49,21 @@ Changes in version 0.2.8.2-rc - 2016-03-??
       avoids using IPv4 for client OR and directory connections.
     - Try harder to fulfil IP version restrictions ClientUseIPv4 0 and
       ClientUseIPv6 0; and the preferences ClientPreferIPv6ORPort and
-      ClientPreferIPv6DirPort.
-      Closes ticket 17840; patch by "teor".
+      ClientPreferIPv6DirPort. Closes ticket 17840; patch by "teor".
 
   o Minor features (bug-resistance):
-    - Make Tor survive errors involving connections without a corresponding
-      event object. Previously we'd fail with an assertion; now we produce a
-      log message. Related to bug 16248.
+    - Make Tor survive errors involving connections without a
+      corresponding event object. Previously we'd fail with an
+      assertion; now we produce a log message. Related to bug 16248.
 
   o Minor features (build):
-    - Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD) as
-      having possible IPfW support. Closes ticket 18448. Patch from
+    - Detect systems with FreeBSD-derived kernels (such as GNU/kFreeBSD)
+      as having possible IPfW support. Closes ticket 18448. Patch from
       Steven Chamberlain.
 
   o Minor features (code hardening):
-    - Use tor_snprintf() and tor_vsnprintf() even in external and
-      low-level code, to harden against accidental failures to NUL-
+    - Use tor_snprintf() and tor_vsnprintf() even in external and low-
+      level code, to harden against accidental failures to NUL-
       terminate. Part of ticket 17852. Patch from 'jsturgix'. Found
       with Flawfinder.
 
@@ -77,11 +72,11 @@ Changes in version 0.2.8.2-rc - 2016-03-??
       appropriate locations. Closes ticket 17732.
 
   o Minor features (crypto):
-    - Fix a segfault during startup:  If unix socket was configured as
+    - Fix a segfault during startup: If unix socket was configured as
       listener (such as a ControlSocket or a SocksPort unix socket), and
       tor was started as root but not configured to switch to another
       user, tor would segfault while trying to string compare a NULL
-      value.  Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
+      value. Fixes bug 18261; bugfix on 0.2.8.1-alpha. Patch by weasel.
     - Validate the Diffie-Hellman hard coded parameters and ensure that
       p is a safe prime, and g is suitable. Closes ticket 18221.
 
@@ -90,41 +85,57 @@ Changes in version 0.2.8.2-rc - 2016-03-??
       Country database.
 
   o Minor features (robustness):
-    - Exit immediately with an error message if the code attempts to
-      use libevent without having initialized it. This should resolve
-      some frequently-made mistakes in our unit tests. Closes ticket
-      18241.
+    - Exit immediately with an error message if the code attempts to use
+      libevent without having initialized it. This should resolve some
+      frequently-made mistakes in our unit tests. Closes ticket 18241.
 
   o Minor features (unix domain sockets):
     - Since some operating systems do not consider the actual modes on a
       UNIX domain socket itself, tor does not allow creating such a
       socket in a directory that is group or world accessible if it is
-      supposed to be private.  Likewise, it will not allow only group
-      accessible sockets in a world accessible directory.
-      However, on some operating systems this is unnecessary, so
-      add a per-socket option called RelaxDirModeCheck.
-      Closes ticket 18458.  Patch by weasel.
+      supposed to be private. Likewise, it will not allow only group
+      accessible sockets in a world accessible directory. However, on
+      some operating systems this is unnecessary, so add a per-socket
+      option called RelaxDirModeCheck. Closes ticket 18458. Patch
+      by weasel.
 
-  o Minor features:
-    - Update geoip and geoip6 to the February 2 2016 Maxmind GeoLite2
-      Country database.
+  o Minor bugfixes (exit policies, security):
+    - Refresh an exit relay's exit policy when interface addresses
+      change. Previously, tor only refreshed the exit policy when the
+      configured external address changed. Fixes bug 18208; bugfix on
+      tor 0.2.7.3. Patch by "teor".
+
+  o Minor bugfixes (security, hidden services):
+    - Prevent hidden services connecting to client-supplied rendezvous
+      addresses that are reserved as internal or multicast. Fixes bug
+      8976; bugfix on b7c172c9e in tor-0.2.3.21. Patch by "dgoulet"
+      and "teor".
+
+  o Minor bugfixes (security, win32):
+    - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
+      attack. Fixes bug 18123; bugfix on all tor versions. Patch
+      by "teor".
+
+  o Minor bugfixes:
+    - Bridges now refuse "rendezvous2" (hidden service descriptor)
+      publish attempts. Suggested by ticket 18332.
 
   o Minor bugfixes (build):
-    - Do not link the unit tests against both the testing and non-testing
-      versions of the static libraries. Fixes bug 18490; bugfix on
-      0.2.7.1-alpha.
+    - Do not link the unit tests against both the testing and non-
+      testing versions of the static libraries. Fixes bug 18490; bugfix
+      on 0.2.7.1-alpha.
 
   o Minor bugfixes (client):
     - Count receipt of new microdescriptors as progress towards
       bootstrapping. Now, when a user who has set EntryNodes finishes
       bootstrapping, Tor automatically repopulates the guard set based
-      on this new directory information. Fixes bug 16825; bugfix on
-      0.2.3.1-alpha.
+      on this new directory information. Fixes bug 16825; bugfix
+      on 0.2.3.1-alpha.
 
   o Minor bugfixes (code correctness):
-    - Update to the latest version of Trunnel, which tries harder
-      to avoid generating code that can invoke memcpy(p,NULL,0).
-      Bug found by clang address sanitizer. Fixes bug 18373; bugfix
+    - Update to the latest version of Trunnel, which tries harder to
+      avoid generating code that can invoke memcpy(p,NULL,0). Bug found
+      by clang address sanitizer. Fixes bug 18373; bugfix
       on 0.2.7.2-alpha.
 
   o Minor bugfixes (configuration):
@@ -134,44 +145,37 @@ Changes in version 0.2.8.2-rc - 2016-03-??
   o Minor bugfixes (containers):
     - If we somehow attempt to construct a heap with more than
       1073741822 elements, avoid an integer overflow when maintaining
-      the heap property.  Fixes bug 18296; bugfix on 0.1.2.1-alpha.
+      the heap property. Fixes bug 18296; bugfix on 0.1.2.1-alpha.
 
   o Minor bugfixes (correctness):
-    - Fix a bad memory handling bug that would occur if we had queued
-      a cell on a channel's incoming queue. Fortunately, we can't actually
-      queue a cell like that as our code is constructed today, but it's best
-      to avoid this kind of error, even if there isn't any code that triggers
-      it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
+    - Fix a bad memory handling bug that would occur if we had queued a
+      cell on a channel's incoming queue. Fortunately, we can't actually
+      queue a cell like that as our code is constructed today, but it's
+      best to avoid this kind of error, even if there isn't any code
+      that triggers it today. Fixes bug 18570; bugfix on 0.2.4.4-alpha.
 
   o Minor bugfixes (crypto, static analysis):
-    - Silence spurious clang-scan warnings in the ed25519_donna code
-      by explicitly initialising some objects.
-      Fixes bug 18384; bugfix on 0f3eeca9 in 0.2.7.2-alpha.
-      Patch by "teor".
+    - Silence spurious clang-scan warnings in the ed25519_donna code by
+      explicitly initialising some objects. Fixes bug 18384; bugfix on
+      0f3eeca9 in 0.2.7.2-alpha. Patch by "teor".
 
   o Minor bugfixes (directory):
     - When generating a URL for a directory server on an IPv6 address,
-      wrap the IPv6 address in square brackets. Fixes bug 18051;
-      bugfix on 0.2.3.9-alpha. Patch from Malek.
-
-  o Minor bugfixes (exit policies, security):
-    - Refresh an exit relay's exit policy when interface addresses change.
-      Previously, tor only refreshed the exit policy when the configured
-      external address changed.
-      Fixes bug 18208; bugfix on tor 0.2.7.3. Patch by "teor".
+      wrap the IPv6 address in square brackets. Fixes bug 18051; bugfix
+      on 0.2.3.9-alpha. Patch from Malek.
 
   o Minor bugfixes (hidden service client):
     - Seven very fast consecutive requests to the same .onion address
       triggers 7 descriptor fetches. The first six each pick a directory
       (there are 6 overall) and the seventh one wasn't able to pick one
-      which was triggering a close on all current directory connections. It
-      has been fixed by not closing them if we have pending directory fetch.
-      Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.
+      which was triggering a close on all current directory connections.
+      It has been fixed by not closing them if we have pending directory
+      fetch. Fixes bug 15937; bugfix on tor-0.2.7.1-alpha.
 
   o Minor bugfixes (hidden service, control port):
     - Add the onion address to the HS_DESC event for the UPLOADED action
-      both on success or failure. It was previously hardcoded with UNKNOWN.
-      Fixes bug 16023; bugfix on 0.2.7.2-alpha.
+      both on success or failure. It was previously hardcoded with
+      UNKNOWN. Fixes bug 16023; bugfix on 0.2.7.2-alpha.
 
   o Minor bugfixes (logging):
     - Scrub service in from "unrecognized service ID" log messages.
@@ -179,77 +183,69 @@ Changes in version 0.2.8.2-rc - 2016-03-??
 
   o Minor bugfixes (memory safety):
     - Avoid freeing an uninitialised pointer when opening a socket fails
-      in get_interface_addresses_ioctl.
-      Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha.
-      Reported by "toralf" and "cypherpunks", patch by "teor".
+      in get_interface_addresses_ioctl. Fixes bug 18454; bugfix on
+      9f06ec0c in tor-0.2.3.11-alpha. Reported by "toralf" and
+      "cypherpunks", patch by "teor".
     - Correctly duplicate addresses in get_interface_address6_list.
-      Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha.
-      Reported by "toralf", patch by "cypherpunks".
+      Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha. Reported
+      by "toralf", patch by "cypherpunks".
 
   o Minor bugfixes (private directory):
-    - Prevent a race condition when creating private directories.
-      Fixes part of bug 17852; bugfix on 0.2pre13. Part of ticket
-      17852. Patch from 'jsturgix'. Found with Flawfinder.
+    - Prevent a race condition when creating private directories. Fixes
+      part of bug 17852; bugfix on 0.2pre13. Part of ticket 17852. Patch
+      from 'jsturgix'. Found with Flawfinder.
 
   o Minor bugfixes (sandbox):
-    - Allow the setrlimit syscall, and the prlimit and prlimit64 syscalls,
-      which some libc implementations
-      use under the hood.  Fixes bug 15221; bugfix on 0.2.5.1-alpha.
-
-  o Minor bugfixes (security, hidden services):
-    - Prevent hidden services connecting to client-supplied rendezvous
-      addresses that are reserved as internal or multicast.
-      Fixes bug 8976; bugfix on b7c172c9e in tor-0.2.3.21.
-      Patch by "dgoulet" and "teor".
-
-  o Minor bugfixes (security, win32):
-    - Set SO_EXCLUSIVEADDRUSE on Win32 to avoid a local port-stealing
-      attack.
-      Fixes bug 18123; bugfix on all tor versions. Patch by "teor".
+    - Allow the setrlimit syscall, and the prlimit and prlimit64
+      syscalls, which some libc implementations use under the hood.
+      Fixes bug 15221; bugfix on 0.2.5.1-alpha.
 
   o Minor bugfixes (test networks, IPv6):
     - Allow internal IPv6 addresses in descriptors in test networks.
-      Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha.
-      Patch by "teor", reported by "karsten".
+      Fixes bug 17153; bugfix on 6b4af1071 in 0.2.3.16-alpha. Patch by
+      "teor", reported by "karsten".
 
   o Minor bugfixes (testing):
-    - We no longer disable assertions in the unit tests when coverage
-      is enabled. Instead, we require you to say --disable-asserts-in-tests
+    - We no longer disable assertions in the unit tests when coverage is
+      enabled. Instead, we require you to say --disable-asserts-in-tests
       to the configure script if you need assertions disabled in the
       unit tests (for example, if you want to perform branch coverage).
       Fixes bug 18242; bugfix on 0.2.7.1-alpha.
 
-  o Minor bugfixes:
-    - Bridges now refuse "rendezvous2" (hidden service descriptor)
-      publish attempts. Suggested by ticket 18332.
-
   o Code simplification and refactoring:
-    - Quote all the string interpolations in configure.ac -- even
-      those which we are pretty sure can't contain spaces. Closes
-      ticket 17744. Patch from "zerosion".
-    - Remove specialized code for non-inplace AES_CTR.  99% of our AES
-      is inplace, so there's no need to have a separate implementation
-      for the non-inplace code. Closes ticket 18258. Patch from
-      Malek.
+    - Quote all the string interpolations in configure.ac -- even those
+      which we are pretty sure can't contain spaces. Closes ticket
+      17744. Patch from "zerosion".
+    - Remove specialized code for non-inplace AES_CTR. 99% of our AES is
+      inplace, so there's no need to have a separate implementation for
+      the non-inplace code. Closes ticket 18258. Patch from Malek.
     - Simplify return types for some crypto functions that can't
-      actually fail. Patch from Hassan Alsibyani. Closes ticket
-      18259.
+      actually fail. Patch from Hassan Alsibyani. Closes ticket 18259.
 
   o Dependency updates:
-    - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or later
-      (released in 2008 and 2009 respectively).  If you are building Tor from
-      the git repository instead of from the source distribution, and your
-      tools are older than this, you will need to upgrade.
-      Closes ticket 17732.
+    - Tor now uses Autoconf version 2.63 or later, and Automake 1.11 or
+      later (released in 2008 and 2009 respectively). If you are
+      building Tor from the git repository instead of from the source
+      distribution, and your tools are older than this, you will need to
+      upgrade. Closes ticket 17732.
 
   o Documentation:
-    - Change build messages to refer to "Fedora" instead of "Fedora Core",
-      and "dnf" instead of "yum". Closes tickets 18459 and 18426.
+    - Change build messages to refer to "Fedora" instead of "Fedora
+      Core", and "dnf" instead of "yum". Closes tickets 18459 and 18426.
       Patches from "icanhasaccount" and "cypherpunks".
 
+  o Removed features:
+    - Streamline relay-side hsdir handling: when relays consider whether
+      to accept an uploaded hidden service descriptor, they no longer
+      check whether they are one of the relays in the network that is
+      "supposed" to handle that descriptor. Implements ticket 18332.
+    - We no longer maintain an internal freelist in memarea.c.
+      Allocators should be good enough to make this code unnecessary,
+      and it's doubtful that it ever had any performance benefit.
+
   o Testing:
-    - Fix several warnings from clang's address sanitizer produced in the
-      unit tests.
+    - Fix several warnings from clang's address sanitizer produced in
+      the unit tests.
     - Treat backtrace test failures as expected on FreeBSD until we
       solve bug 17808. Closes ticket 18204.