Combine a bunch of items/sections in the 0.2.8.1-alpha changelog

ChangeLog

@@ -1,6 +1,17 @@
 Changes in version 0.2.8.1-alpha - 2016-02-0?
   XXXX Blurb goes here XXXX
 
+  o Removed features:
+    - Remove client-side support for connecting to Tor servers running
+      versions of Tor before 0.2.3.6-alpha. These servers didn't support
+      the v3 TLS handshake protocol, and are no longer allowed on the
+      Tor network. Implements the client side of ticket 11150. Based on
+      patches by Tom van der Woerdt.
+
+  o Major key updates:
+    - Update the V3 identity key for dannenberg: it was changed on 18
+      November 2015. Closes task 17906. Patch by "teor".
+
   o Major features (consensus downloads):
     - Schedule multiple in-progress consensus downloads during client
       bootstrap. Use the first one that starts downloading, close the
@@ -10,27 +21,22 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       authorities are down). Patch by "teor". Implements IPv4 portions
       of proposal 210 by "mikeperry" and "teor".
 
-  o Major features (controller):
-    - New "GETINFO hs/service/desc/id/" command to retrieve a hidden
-      service descriptor from a service's local hidden service
-      descriptor cache. Closes ticket 14846.
-
   o Major features (directory mirrors):
-    - Include an opt-in trial list of Default Fallback Directories in
+    - Include an opt-in trial list of default fallback directories in
       add_default_fallback_dir_servers(). Doing this should improve
       client reliability and initial bootstrap performance, and reduce
       load on the directory authorities. Closes ticket 15775. Patch by
       "teor". OnionOO script by "weasel", "teor", "gsathya",
       and "karsten".
 
-  o Major features (relay):
+  o Major features (security, Linux):
     - When Tor is started as root on Linux and told to switch user ID,
       it can now retain the capabilitity to bind to low ports. By
       default, Tor will do this only when it's switching user ID and
       some low ports have been configured. You can change this behavior
       with the new option KeepBindCapabilities. Closes ticket 8195.
 
-  o Minor features (security):
+  o Minor features (security, RNG):
     - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
       positively are not allowed to fail. Previously we depended on
       internals about OpenSSL behavior. Closes ticket 17686.
@@ -39,6 +45,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       of using system entropy directly, hash it with the PRNG stream.
       This may help resist certain attacks based on broken OS entropy
       implementations. Closes part of ticket 17694.
+    - Use modern system calls to generate strong entropy on platforms
+      that provide them. Closes ticket 13696.
+
+  o Minor features (security, memory erasure):
     - Set unused entires in a smartlist to NULL. This helped catch
       a (harmless) bug, and shouldn't affect performance too much.
       Implements ticket 17026.
@@ -47,6 +57,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
     - Use explicit_bzero or memset_s when present. Previously, we'd use
       OpenSSL's OPENSSL_cleanse() function. Closes ticket 7419; patches
       from <logan@hackers.mu> and <selven@hackers.mu>.
+    - Make memwipe() do nothing when passed a NULL pointer or zero size.
+      Check size argument to memwipe() for underflow. Fixes bug 18089;
+      bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch
+      by "teor".
 
   o Minor features (security, clock):
     - Warn when the system clock is set back in time (when the state
@@ -54,26 +68,25 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       consensuses have expired if the clock is in the past. Patch by
       "teor". Implements ticket 17188.
 
-  o Minor features (security, cryptography):
-    - Use modern system calls to generate strong entropy on platforms
-      that provide them. Closes ticket 13696.
-
-  o Minor feature (crypto):
+  o Minor features (crypto):
     - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
       George Tankersley.
+    - Add SHA3 and SHAKE support to crypto.c. Closes ticket 17783.
+    - When allocating a digest state object, allocate no more space than
+      we actually need. Previously, we were allocating as much space as
+      the state for the largest algorithm would need. This change saves
+      up to 672 bytes per circuit. Closes ticket 17796.
 
-  o Minor feature (directory downloads):
+  o Minor features (directory downloads):
     - Wait for busy authorities and fallbacks to become non-busy when
       bootstrapping. (A similar change was made in 6c443e987d for
       directory servers chosen from the consensus.) Closes ticket 17864;
       patch by "teor".
-
-  o Minor feature (fallback directories):
     - Add UseDefaultFallbackDirs, which enables any hard-coded fallback
       directory mirrors. Default is 1, set it to 0 to disable fallbacks.
       Implements ticket 17576. Patch by "teor".
 
-  o Minor feature (IPv6):
+  o Minor features (IPv6):
     - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir
       torrc options. Add hard-coded ipv6 addresses for directory
       authorities with ipv6 lines in their descriptors. Closes ticket
@@ -82,73 +95,53 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
     - Limit IPv6 mask bits to 128.
     - Warn when comparing against an AF_UNSPEC address in a policy, it's
       almost always a bug. Closes ticket 17863; patch by "teor".
+    - Allow users to configure directory authorities and fallback
+      directory servers with IPv6 addresses and ORPorts. Resolves
+      ticket 6027.
+    - routerset_parse now accepts IPv6 literal addresses. Fixes bug
+      17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
+    - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
+      17638; bugfix on 0.0.2pre8. Patch by "teor".
 
-  o Minor feature (logging):
+  o Minor features (logging):
     - When logging to syslog, allow a tag to be added to the syslog
-      identity ("Tor"), i.e. the string prepended to every log message.
-      The tag can be configured by setting SyslogIdentityTag and
+      identity (the string prepended to every log message).
+      The tag can be configured with SyslogIdentityTag and
       defaults to none. Setting it to "foo" will cause logs to be tagged
       as "Tor-foo". Closes ticket 17194.
 
-  o Minor feature (refactoring):
-    - Move logging of redundant policy entries in
-      policies_parse_exit_policy_internal into its own function. Closes
-      ticket 17608; patch from "juce".
-
   o Minor features (accounting):
     - Added two modes to AccountingRule in torrc for limiting just input
       or just output. Closes ticket 15989; patch from "unixninja92".
 
-  o Minor features (authorities):
-    - Update the V3 identity key for dannenberg: it was changed on 18
-      November 2015. Closes task 17906. Patch by "teor".
-
   o Minor features (build):
     - Since our build process now uses 'make distcheck', we no longer
       force "make dist" to depend on "make check". Closes ticket 17893;
       patch from "cypherpunks."
-
-  o Minor features (compilation):
     - Repair some compilation issues with some recent (unreleased,
       alpha) vesions of OpenSSL 1.1. Closes ticket 17549.
 
   o Minor features (controller):
     - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes
       tickets 16774 and 17817. Patch by George Tankersley.
+    - New "GETINFO hs/service/desc/id/" command to retrieve a hidden
+      service descriptor from a service's local hidden service
+      descriptor cache. Closes ticket 14846.
+    - Add controller getinfo exit-policy/reject-private/[default,relay]
+      for the reject rules added by ExitPolicyRejectPrivate. This makes
+      it easier for stem to display exit policies.
 
-  o Minor features (crypto):
-    - When allocating a digest state object, allocate no more space than
-      we actually need. Previously, we were allocating as much space as
-      the state for the largest algorithm would need. This change saves
-      up to 672 bytes per circuit. Closes ticket 17796.
-
-  o Minor features (directory system):
+  o Major features (directory system):
     - Previously only relays who explicitly opened a directory port
       (DirPort) accepted directory requests from clients. Now all
       relays, with and without a DirPort, who do not disable the
       DirCache option accept and serve directory requests sent
       (tunnelled) through their ORPort. Closes ticket 12538.
 
-  o Minor features (exit policies, controllers):
-    - Add controller getinfo exit-policy/reject-private/[default,relay]
-      for the reject rules added by ExitPolicyRejectPrivate. This makes
-      it easier for stem to display exit policies.
-    - Add unit tests for getinfo exit-policy/*. Finishes implementation
-      for ticket 17183. Patch by "teor".
-
-  o Minor features (fallback directories):
-    - Add a set of default fallback directories for the 0.2.8 alpha
-      releases. Closes ticket 17158. Patch by "teor".
-
   o Minor features (geoip):
     - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
       Country database.
 
-  o Minor features (IPv6 support):
-    - Allow users to configure directory authorities and fallback
-      directory servers with IPv6 addresses and ORPorts. Resolves
-      ticket 6027.
-
   o Minor features (portability):
     - Use timingsafe_memcmp() where available. Closes ticket 17944;
       patch from <logan@hackers.mu>.
@@ -165,20 +158,11 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       find out what IP addresses (both IPv4 and IPv6) our machine has.
       Resolves ticket 17951.
 
-  o Minor features (replaycache):
+  o Minor features (replay cache):
     - The replay cache now uses SHA256 instead of SHA1. Implements
       feature 8961. Patch by "teor", issue reported by "rransom".
 
-  o Minor features (testing):
-    - Log more information when the backtrace tests fail. Closes ticket
-      17892. Patch from "cypherpunks."
-
-  o Minor features (unit tests, random number generation):
-    - Add unit tests that check for common RNG failure modes, such as
-      returning all zeroes, identical values, or incrementing values
-      (OpenSSL's rand_predictable feature). Patch by "teor".
-
-  o Minor features (unix permissions):
+  o Minor features (unix file permissions):
     - Defer creation of Unix sockets until after setuid. This avoids
       needing CAP_CHOWN and CAP_FOWNER when using systemd's
       CapabilityBoundingSet, or chown and fowner when using SELinux.
@@ -193,57 +177,49 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       DataDirectory will be made readable by the default GID. Implements
       part of ticket 17562. Patch from Jamie Nguyen.
 
-  o Minor bugfixes (security):
-    - Make memwipe() do nothing when passed a NULL pointer or zero size.
-      Check size argument to memwipe() for underflow. Fixes bug 18089;
-      bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch
-      by "teor".
-
-  o Minor bugfixes (security, exit policies):
+  o Minor features (security, exit policies):
     - ExitPolicyRejectPrivate rejects more private addresses by default.
       Specifically, it rejects the relay's outbound bind addresses (if
       configured), and the relay's configured port addresses (such as
       ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
       Patch by "teor".
 
-  o Minor bugfix (crypto):
-    - Check the return value of HMAC and assert on failure. Fixes bug
+  o Minor bugfixes (crypto):
+    - Check the return value of HMAC() and assert on failure. Fixes bug
       17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
 
-  o Minor bugfix (fallback directories):
+  o Minor bugfixes (fallback directories):
     - Mark fallbacks as "too busy" when they return a 503 response,
       rather than just marking authorities. Fixes bug 17572; bugfix on
-      5c51b3f1f0d4 released in 0.2.4.7-alpha. Patch by "teor".
-
-  o Minor bugfix (IPv6 compatibility, unit tests):
-    - Make tor_ersatz_socketpair work on IPv6-only systems. Fixes bug
-      17638; bugfix on 0.0.2pre8. Patch by "teor".
+      0.2.4.7-alpha. Patch by "teor".
 
-  o Minor bugfix (relays, hidden services):
+  o Minor bugfixes (relays, hidden services):
     - Refuse connection requests to private OR addresses unless
       ExtendAllowPrivateAddresses is set. Previously, tor would connect,
       then refuse to send any cells to a private address. Fixes bugs
       17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
 
-  o Minor bugfix (SipHash-2-4 performance):
+  o Minor features (SipHash-2-4 performance):
     - Improve performance when hashing non-multiple of 8 sized buffers,
       based on Andrew Moon's Public Domain SipHash-2-4 implementation.
       Fixes bug 17544; bugfix on 0.2.5.3-alpha.
 
-  o Minor bugfix (testing):
+  o Minor bugfixes (testing):
     - The test for log_heartbeat was incorrectly failing in timezones
       with non-integer offsets. Instead of comparing the end of the time
       string against a constant, compare it to the output of
       format_local_iso_time when given the correct input. Fixes bug
       18039; bugfix on 0.2.5.4-alpha.
-
-  o Minor bugfix (unit tests):
     - Make unit tests pass on IPv6-only systems, and systems without
       localhost addresses (like some FreeBSD jails). Fixes bug 17632;
       bugfix on 0.2.7.3-rc. Patch by "teor".
+    - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
+      on 0.2.4.8-alpha.
+    - Check the full results of SHA256 and SHA512 digests in the unit
+      tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
 
   o Minor bugfixes (accounting):
-    - The max bandwidth when using AccountRule sum is now correctly
+    - The max bandwidth when using 'AccountRule sum' is now correctly
       logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch
       from "unixninja92".
 
@@ -252,12 +228,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       on it, so as to make our build more reliable with parallel builds.
       Fixes bug 17826; bugfix on 0.2.5.1-alpha.
 
-  o Minor bugfixes (client, correctness):
+  o Minor bugfixes (code correctness):
     - When closing an entry connection, generate a warning if we should
       have sent an end cell for it but we haven't. Fixes bug 17876;
       bugfix on 0.2.3.2-alpha.
-
-  o Minor bugfixes (code correctness):
     - Assert that allocated memory held by the reputation code is freed
       according to its internal counters. Fixes bug 17753; bugfix
       on tor-0.1.1.1-alpha.
@@ -277,6 +251,8 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       build system. Fixes bug 17818; bugfix on tor-0.2.7.3-rc.
     - Replace usage of 'INLINE' with 'inline'. Fixes bug 17804; bugfix
       on tor-0.0.2pre8.
+    - Remove config.log only from make distclean, not from make clean.
+      Fixes bug 17924; bugfix on 0.2.4.1-alpha.
 
   o Minor bugfixes (IPv6):
     - Update the limits in max_dl_per_request for IPv6 address length.
@@ -295,10 +271,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
     - Remove needless quotes from a log message about unparseable
       addresses. Fixes bug 17843; bugfix on 0.2.3.3-alpha.
 
-  o Minor bugfixes (makefile):
-    - Remove config.log only from make distclean, not from make clean.
-      Fixes bug 17924; bugfix on 0.2.4.1-alpha.
-
   o Minor bugfixes (portability):
     - Remove an #endif from configure.ac so that we correctly detect the
       presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix
@@ -311,10 +283,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       longer than the ORPort reachability test. Fixes bug 18050; bugfix
       on 0.1.0.1-rc. Reported by "starlight", patch by "teor".
 
-  o Minor bugfixes (routersets, IPv6):
-    - routerset_parse now accepts IPv6 literal addresses. Fixes bug
-      17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
-
   o Minor bugfixes (safe logging):
     - When logging a malformed hostname received through socks4, scrub
       it if SafeLogging says we should. Fixes bug 17419; bugfix
@@ -330,19 +298,14 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       cases with maximal values. Fixes part of bug 13192; bugfix
       on 0.2.6.2-alpha.
 
-  o Minor bugfixes (tests):
-    - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
-      on 0.2.4.8-alpha.
-
   o Minor bugfixes (TLS context):
     - Assert when the TLS contexts fail to initialize. Fixes bug 17683;
       bugfix on 0.0.6.
 
-  o Minor bugfixes (unit tests):
-    - Check the full results of SHA256 and SHA512 digests in the unit
-      tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
-
   o Code simplification and refactoring:
+    - Move logging of redundant policy entries in
+      policies_parse_exit_policy_internal into its own function. Closes
+      ticket 17608; patch from "juce".
     - Extract the more complicated parts of circuit_mark_for_close into
       a new function run periodically before connections are freed. This
       change removes more than half of the functions currently in the
@@ -360,7 +323,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       launches it, instead mark the connection for teardown. This change
       simplifies Tor's callback and prevents the directory- request
       launching code from invoking itself recursively. Closes
-      ticket 17589.
+      ticket 17589
+    - Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them.
+      Closes ticket 17926.
 
   o Documentation:
     - Add a description of the correct use of the '--keygen' command-
@@ -372,32 +337,19 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       whenever we mention a document that belongs in torspce. Fixes
       issue 17392.
 
-  o Removed features:
-    - Remove client-side support for connecting to Tor servers running
-      versions of Tor before 0.2.3.6-alpha. These servers didn't support
-      the v3 TLS handshake protocol, and are no longer allowed on the
-      Tor network. Implements the client side of ticket 11150. Based on
-      patches by Tom van der Woerdt.
-    - Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them.
-      Closes ticket 17926.
-
   o Testing:
+    - Add unit tests that check for common RNG failure modes, such as
+      returning all zeroes, identical values, or incrementing values
+      (OpenSSL's rand_predictable feature). Patch by "teor".
+    - Log more information when the backtrace tests fail. Closes ticket
+      17892. Patch from "cypherpunks."
     - Always test both ed25519 backends, so that we can be sure that our
       batch-open replacement code works. Part of ticket 16794.
     - Cover dns_resolve_impl() in dns.c with unit tests. Implements a
       portion of ticket 16831.
-    - More unit tests for compat_libevent.c. Closes ticket 17075. Patch
-      from Ola Bini.
-    - More unit tests for procmon.c. Closes ticket 17078. Patch from
-      Ola Bini.
-    - More unit tests for tortls.c. Closes ticket 17082. Patch from
-      Ola Bini.
-    - More unit tests for util_format.c. Closes ticket 17084. Patch from
-      Ola Bini.
-    - New tests for directory.c functions. Closes ticket 17003. Patch
-      from Ola Bini.
-    - New tests for options_validate. Closes ticket 17076. Patch from
-      Ola Bini.
+    - More unit tests for compat_libevent.c, procmon.c, tortls.c,
+      util_format.c, directory.c, and options_validate.c. Closes tickets 17075,
+      17082, 17084, 17003, and 17076 respectively. Patches from Ola Bini.
     - Unit tests for directory_handle_command_get. Closes ticket 17004.
       Patch from Reinaldo de Souza Jr.