Re-run formatChangelog.py

1 files changed, 112 insertions, 111 deletions

diff --git a/ChangeLog b/ChangeLog
index d0e29085b9..5010e87cc2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,16 +1,12 @@
 Changes in version 0.2.8.1-alpha - 2016-02-0?
   XXXX Blurb goes here XXXX
 
-  o Removed features:
-    - Remove client-side support for connecting to Tor servers running
-      versions of Tor before 0.2.3.6-alpha. These servers didn't support
-      the v3 TLS handshake protocol, and are no longer allowed on the
-      Tor network. Implements the client side of ticket 11150. Based on
-      patches by Tom van der Woerdt.
-
-  o Major key updates:
-    - Update the V3 identity key for dannenberg: it was changed on 18
-      November 2015. Closes task 17906. Patch by "teor".
+  o Major features (security, Linux):
+    - When Tor is started as root on Linux and told to switch user ID,
+      it can now retain the capabilitity to bind to low ports. By
+      default, Tor will do this only when it's switching user ID and
+      some low ports have been configured. You can change this behavior
+      with the new option KeepBindCapabilities. Closes ticket 8195.
 
   o Major features (consensus downloads):
     - Schedule multiple in-progress consensus downloads during client
@@ -29,24 +25,29 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       "teor". OnionOO script by "weasel", "teor", "gsathya",
       and "karsten".
 
-  o Major features (security, Linux):
-    - When Tor is started as root on Linux and told to switch user ID,
-      it can now retain the capabilitity to bind to low ports. By
-      default, Tor will do this only when it's switching user ID and
-      some low ports have been configured. You can change this behavior
-      with the new option KeepBindCapabilities. Closes ticket 8195.
+  o Major features (directory system):
+    - Previously only relays who explicitly opened a directory port
+      (DirPort) accepted directory requests from clients. Now all
+      relays, with and without a DirPort, who do not disable the
+      DirCache option accept and serve directory requests sent
+      (tunnelled) through their ORPort. Closes ticket 12538.
 
-  o Minor features (security, RNG):
-    - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
-      positively are not allowed to fail. Previously we depended on
-      internals about OpenSSL behavior. Closes ticket 17686.
-    - Never use the system entropy output directly for anything besides
-      seeding the PRNG. When we want to generate important keys, instead
-      of using system entropy directly, hash it with the PRNG stream.
-      This may help resist certain attacks based on broken OS entropy
-      implementations. Closes part of ticket 17694.
-    - Use modern system calls to generate strong entropy on platforms
-      that provide them. Closes ticket 13696.
+  o Major key updates:
+    - Update the V3 identity key for dannenberg: it was changed on 18
+      November 2015. Closes task 17906. Patch by "teor".
+
+  o Minor features (security, clock):
+    - Warn when the system clock is set back in time (when the state
+      file was last written in the future). Tor doesn't know that
+      consensuses have expired if the clock is in the past. Patch by
+      "teor". Implements ticket 17188.
+
+  o Minor features (security, exit policies):
+    - ExitPolicyRejectPrivate rejects more private addresses by default.
+      Specifically, it rejects the relay's outbound bind addresses (if
+      configured), and the relay's configured port addresses (such as
+      ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
+      Patch by "teor".
 
   o Minor features (security, memory erasure):
     - Set unused entires in a smartlist to NULL. This helped catch
@@ -62,11 +63,38 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       bugfix on 0.2.3.25 and 0.2.4.6-alpha. Reported by "gk", patch
       by "teor".
 
-  o Minor features (security, clock):
-    - Warn when the system clock is set back in time (when the state
-      file was last written in the future). Tor doesn't know that
-      consensuses have expired if the clock is in the past. Patch by
-      "teor". Implements ticket 17188.
+  o Minor features (security, RNG):
+    - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
+      positively are not allowed to fail. Previously we depended on
+      internals about OpenSSL behavior. Closes ticket 17686.
+    - Never use the system entropy output directly for anything besides
+      seeding the PRNG. When we want to generate important keys, instead
+      of using system entropy directly, hash it with the PRNG stream.
+      This may help resist certain attacks based on broken OS entropy
+      implementations. Closes part of ticket 17694.
+    - Use modern system calls to generate strong entropy on platforms
+      that provide them. Closes ticket 13696.
+
+  o Minor features (accounting):
+    - Added two modes to AccountingRule in torrc for limiting just input
+      or just output. Closes ticket 15989; patch from "unixninja92".
+
+  o Minor features (build):
+    - Since our build process now uses 'make distcheck', we no longer
+      force "make dist" to depend on "make check". Closes ticket 17893;
+      patch from "cypherpunks."
+    - Repair some compilation issues with some recent (unreleased,
+      alpha) vesions of OpenSSL 1.1. Closes ticket 17549.
+
+  o Minor features (controller):
+    - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes
+      tickets 16774 and 17817. Patch by George Tankersley.
+    - New "GETINFO hs/service/desc/id/" command to retrieve a hidden
+      service descriptor from a service's local hidden service
+      descriptor cache. Closes ticket 14846.
+    - Add controller getinfo exit-policy/reject-private/[default,relay]
+      for the reject rules added by ExitPolicyRejectPrivate. This makes
+      it easier for stem to display exit policies.
 
   o Minor features (crypto):
     - Add SHA512 support to crypto.c. Closes ticket 17663; patch from
@@ -86,6 +114,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       directory mirrors. Default is 1, set it to 0 to disable fallbacks.
       Implements ticket 17576. Patch by "teor".
 
+  o Minor features (geoip):
+    - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
+      Country database.
+
   o Minor features (IPv6):
     - Add a flag ipv6=address:orport to the DirAuthority and FallbackDir
       torrc options. Add hard-coded ipv6 addresses for directory
@@ -105,42 +137,10 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
 
   o Minor features (logging):
     - When logging to syslog, allow a tag to be added to the syslog
-      identity (the string prepended to every log message).
-      The tag can be configured with SyslogIdentityTag and
-      defaults to none. Setting it to "foo" will cause logs to be tagged
-      as "Tor-foo". Closes ticket 17194.
-
-  o Minor features (accounting):
-    - Added two modes to AccountingRule in torrc for limiting just input
-      or just output. Closes ticket 15989; patch from "unixninja92".
-
-  o Minor features (build):
-    - Since our build process now uses 'make distcheck', we no longer
-      force "make dist" to depend on "make check". Closes ticket 17893;
-      patch from "cypherpunks."
-    - Repair some compilation issues with some recent (unreleased,
-      alpha) vesions of OpenSSL 1.1. Closes ticket 17549.
-
-  o Minor features (controller):
-    - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes
-      tickets 16774 and 17817. Patch by George Tankersley.
-    - New "GETINFO hs/service/desc/id/" command to retrieve a hidden
-      service descriptor from a service's local hidden service
-      descriptor cache. Closes ticket 14846.
-    - Add controller getinfo exit-policy/reject-private/[default,relay]
-      for the reject rules added by ExitPolicyRejectPrivate. This makes
-      it easier for stem to display exit policies.
-
-  o Major features (directory system):
-    - Previously only relays who explicitly opened a directory port
-      (DirPort) accepted directory requests from clients. Now all
-      relays, with and without a DirPort, who do not disable the
-      DirCache option accept and serve directory requests sent
-      (tunnelled) through their ORPort. Closes ticket 12538.
-
-  o Minor features (geoip):
-    - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
-      Country database.
+      identity (the string prepended to every log message). The tag can
+      be configured with SyslogIdentityTag and defaults to none. Setting
+      it to "foo" will cause logs to be tagged as "Tor-foo". Closes
+      ticket 17194.
 
   o Minor features (portability):
     - Use timingsafe_memcmp() where available. Closes ticket 17944;
@@ -162,6 +162,11 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
     - The replay cache now uses SHA256 instead of SHA1. Implements
       feature 8961. Patch by "teor", issue reported by "rransom".
 
+  o Minor features (SipHash-2-4 performance):
+    - Improve performance when hashing non-multiple of 8 sized buffers,
+      based on Andrew Moon's Public Domain SipHash-2-4 implementation.
+      Fixes bug 17544; bugfix on 0.2.5.3-alpha.
+
   o Minor features (unix file permissions):
     - Defer creation of Unix sockets until after setuid. This avoids
       needing CAP_CHOWN and CAP_FOWNER when using systemd's
@@ -177,47 +182,6 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       DataDirectory will be made readable by the default GID. Implements
       part of ticket 17562. Patch from Jamie Nguyen.
 
-  o Minor features (security, exit policies):
-    - ExitPolicyRejectPrivate rejects more private addresses by default.
-      Specifically, it rejects the relay's outbound bind addresses (if
-      configured), and the relay's configured port addresses (such as
-      ORPort and DirPort). Fixes bug 17027; bugfix on 0.2.0.11-alpha.
-      Patch by "teor".
-
-  o Minor bugfixes (crypto):
-    - Check the return value of HMAC() and assert on failure. Fixes bug
-      17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
-
-  o Minor bugfixes (fallback directories):
-    - Mark fallbacks as "too busy" when they return a 503 response,
-      rather than just marking authorities. Fixes bug 17572; bugfix on
-      0.2.4.7-alpha. Patch by "teor".
-
-  o Minor bugfixes (relays, hidden services):
-    - Refuse connection requests to private OR addresses unless
-      ExtendAllowPrivateAddresses is set. Previously, tor would connect,
-      then refuse to send any cells to a private address. Fixes bugs
-      17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
-
-  o Minor features (SipHash-2-4 performance):
-    - Improve performance when hashing non-multiple of 8 sized buffers,
-      based on Andrew Moon's Public Domain SipHash-2-4 implementation.
-      Fixes bug 17544; bugfix on 0.2.5.3-alpha.
-
-  o Minor bugfixes (testing):
-    - The test for log_heartbeat was incorrectly failing in timezones
-      with non-integer offsets. Instead of comparing the end of the time
-      string against a constant, compare it to the output of
-      format_local_iso_time when given the correct input. Fixes bug
-      18039; bugfix on 0.2.5.4-alpha.
-    - Make unit tests pass on IPv6-only systems, and systems without
-      localhost addresses (like some FreeBSD jails). Fixes bug 17632;
-      bugfix on 0.2.7.3-rc. Patch by "teor".
-    - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
-      on 0.2.4.8-alpha.
-    - Check the full results of SHA256 and SHA512 digests in the unit
-      tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
-
   o Minor bugfixes (accounting):
     - The max bandwidth when using 'AccountRule sum' is now correctly
       logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha. Patch
@@ -254,6 +218,15 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
     - Remove config.log only from make distclean, not from make clean.
       Fixes bug 17924; bugfix on 0.2.4.1-alpha.
 
+  o Minor bugfixes (crypto):
+    - Check the return value of HMAC() and assert on failure. Fixes bug
+      17658; bugfix on 0.2.3.6-alpha. Patch by "teor".
+
+  o Minor bugfixes (fallback directories):
+    - Mark fallbacks as "too busy" when they return a 503 response,
+      rather than just marking authorities. Fixes bug 17572; bugfix on
+      0.2.4.7-alpha. Patch by "teor".
+
   o Minor bugfixes (IPv6):
     - Update the limits in max_dl_per_request for IPv6 address length.
       Fixes bug 17573; bugfix on 0.2.1.5-alpha.
@@ -283,6 +256,12 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       longer than the ORPort reachability test. Fixes bug 18050; bugfix
       on 0.1.0.1-rc. Reported by "starlight", patch by "teor".
 
+  o Minor bugfixes (relays, hidden services):
+    - Refuse connection requests to private OR addresses unless
+      ExtendAllowPrivateAddresses is set. Previously, tor would connect,
+      then refuse to send any cells to a private address. Fixes bugs
+      17674 and 8976; bugfix on 0.2.3.21-rc. Patch by "teor".
+
   o Minor bugfixes (safe logging):
     - When logging a malformed hostname received through socks4, scrub
       it if SafeLogging says we should. Fixes bug 17419; bugfix
@@ -298,6 +277,20 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       cases with maximal values. Fixes part of bug 13192; bugfix
       on 0.2.6.2-alpha.
 
+  o Minor bugfixes (testing):
+    - The test for log_heartbeat was incorrectly failing in timezones
+      with non-integer offsets. Instead of comparing the end of the time
+      string against a constant, compare it to the output of
+      format_local_iso_time when given the correct input. Fixes bug
+      18039; bugfix on 0.2.5.4-alpha.
+    - Make unit tests pass on IPv6-only systems, and systems without
+      localhost addresses (like some FreeBSD jails). Fixes bug 17632;
+      bugfix on 0.2.7.3-rc. Patch by "teor".
+    - Fix a memory leak in the ntor test. Fixes bug 17778; bugfix
+      on 0.2.4.8-alpha.
+    - Check the full results of SHA256 and SHA512 digests in the unit
+      tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
+
   o Minor bugfixes (TLS context):
     - Assert when the TLS contexts fail to initialize. Fixes bug 17683;
       bugfix on 0.0.6.
@@ -337,6 +330,13 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
       whenever we mention a document that belongs in torspce. Fixes
       issue 17392.
 
+  o Removed features:
+    - Remove client-side support for connecting to Tor servers running
+      versions of Tor before 0.2.3.6-alpha. These servers didn't support
+      the v3 TLS handshake protocol, and are no longer allowed on the
+      Tor network. Implements the client side of ticket 11150. Based on
+      patches by Tom van der Woerdt.
+
   o Testing:
     - Add unit tests that check for common RNG failure modes, such as
       returning all zeroes, identical values, or incrementing values
@@ -348,8 +348,9 @@ Changes in version 0.2.8.1-alpha - 2016-02-0?
     - Cover dns_resolve_impl() in dns.c with unit tests. Implements a
       portion of ticket 16831.
     - More unit tests for compat_libevent.c, procmon.c, tortls.c,
-      util_format.c, directory.c, and options_validate.c. Closes tickets 17075,
-      17082, 17084, 17003, and 17076 respectively. Patches from Ola Bini.
+      util_format.c, directory.c, and options_validate.c. Closes tickets
+      17075, 17082, 17084, 17003, and 17076 respectively. Patches from
+      Ola Bini.
     - Unit tests for directory_handle_command_get. Closes ticket 17004.
       Patch from Reinaldo de Souza Jr.