Fix all the warnings from lintChanges.py

45 files changed, 100 insertions, 88 deletions

diff --git a/changes/17573 b/changes/17573
index fe1fd1c027..95ef15a1cc 100644
--- a/changes/17573
+++ b/changes/17573
@@ -1,3 +1,4 @@
-  o Minor bigfixes (IPv6):
+  o Minor bugfixes (IPv6):
     - Update the limits in max_dl_per_request for IPv6 address
-      length. Closes ticket 17573.
+      length. Fixes bug 17573; bugfix on 0.2.1.5-alpha.
+
diff --git a/changes/17926 b/changes/17926
index 09bdbbeae7..ee47db6101 100644
--- a/changes/17926
+++ b/changes/17926
@@ -1,3 +1,3 @@
-  o Removed code:
+  o Removed features:
     - Remove code for OpenSSL dynamic locks; OpenSSL doesn't use them.
       Closes ticket 17926.
diff --git a/changes/7419 b/changes/7419
index b792e8f6a0..1073d9585e 100644
--- a/changes/7419
+++ b/changes/7419
@@ -1,7 +1,6 @@
-  o Minor enhancement (security):
-    - Use explicit_bzero when present
-      from <logan@hackers.mu>.
-    - Use memset_s when present
-      from <selven@hackers.mu>
+  o Minor features (security):
+    - Use explicit_bzero or memset_s when present. Previously, we'd use
+      OpenSSL's OPENSSL_cleanse() function.
+      Closes ticket 7419; patches from <logan@hackers.mu> and <selven@hackers.mu>.
+
 
-    625538405474972d627b26d7a250ea36 (:
diff --git a/changes/bug16651 b/changes/bug16651
index 096daeaf70..1b8bd033fa 100644
--- a/changes/bug16651
+++ b/changes/bug16651
@@ -1,5 +1,6 @@
   o Minor bugfixes (compilation):
 
     - Fix search for libevent libraries on OpenBSD (and similar systems
-      which install libevent 1 and libevent 2 in parallel). Resolves
-      ticket 16651.  Patch from "rubiate".
+      which install libevent 1 and libevent 2 in parallel). Fixes bug
+      16651; bugfix on 0.1.0.7-rc.
+      Patch from "rubiate".
diff --git a/changes/bug17026 b/changes/bug17026
index 8b1ce3c61b..30e75c22a2 100644
--- a/changes/bug17026
+++ b/changes/bug17026
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (security):
     - Set unused entires in a smartlist to NULL. This helped catch a
       (harmless) bug, and shouldn't affect performance too much.
       Implements ticket 17026.
diff --git a/changes/bug17027-reject-private-bind-port b/changes/bug17027-reject-private-bind-port
index abc1431c9a..7d8f023d2d 100644
--- a/changes/bug17027-reject-private-bind-port
+++ b/changes/bug17027-reject-private-bind-port
@@ -1,7 +1,5 @@
-  o Minor bug fixes (security, exit policies):
+  o Minor bugfixes (security, exit policies):
     - ExitPolicyRejectPrivate rejects more private addresses by default:
       * the relay's outbound bind addresses (if configured), and
       * the relay's configured port addresses (such as ORPort and DirPort).
-      Resolves ticket 17027. Patch by "teor".
-      Patch on 42b8fb5a1523 (11 Nov 2007), released in 0.2.0.11-alpha,
-      and on 0.2.7.3-rc.
+      Fixes bug 17027; bugfix on 0.2.0.11-alpha. Patch by "teor".
diff --git a/changes/bug17194 b/changes/bug17194
index 26549b307f..d717489e0e 100644
--- a/changes/bug17194
+++ b/changes/bug17194
@@ -1,7 +1,7 @@
-  o Minor feature:
+  o Minor feature (logging):
     - When logging to syslog, allow a tag to be added to the syslog
       identity ("Tor"), i.e. the string prepended to every log message.
       The tag can be configured by setting SyslogIdentityTag and defaults
       to none.  Setting it to "foo" will cause logs to be tagged as
-      "Tor-foo".
+      "Tor-foo". Closes ticket 17194.
 
diff --git a/changes/bug17419 b/changes/bug17419
index 8ad8edd37b..00fde906bb 100644
--- a/changes/bug17419
+++ b/changes/bug17419
@@ -1,4 +1,3 @@
-
-  o Minor bugfixes:
+  o Minor bugfixes (safe logging):
     - When logging a malformed hostname received through socks4, scrub it
       if SafeLogging says we should. Fixes bug 17419; bugfix on 0.1.1.16-rc.
diff --git a/changes/bug17549 b/changes/bug17549
index 3650608141..f0bb6903e7 100644
--- a/changes/bug17549
+++ b/changes/bug17549
@@ -1,3 +1,3 @@
-  o Minor bugfixes (compilation):
-    - Repair compilation with the most recent (unreleased, alpha)
-      vesions of OpenSSL 1.1. Fixes bug 17549.
+  o Minor features (compilation):
+    - Repair some compilation issues with some recent (unreleased, alpha)
+      vesions of OpenSSL 1.1. Closes ticket 17549.
diff --git a/changes/bug17562-DataDirectoryGroupReadable b/changes/bug17562-DataDirectoryGroupReadable
index 524e5ef28a..2299148d38 100644
--- a/changes/bug17562-DataDirectoryGroupReadable
+++ b/changes/bug17562-DataDirectoryGroupReadable
@@ -1,3 +1,5 @@
-  o Minor bug fixes:
+  o Minor features (unix permissions):
     - Introduce DataDirectoryGroupReadable boolean. If set to 1, the
       DataDirectory will be made readable by the default GID.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
+
diff --git a/changes/bug17562-allow-root-group-read b/changes/bug17562-allow-root-group-read
index 7a0903c662..29978fa07d 100644
--- a/changes/bug17562-allow-root-group-read
+++ b/changes/bug17562-allow-root-group-read
@@ -1,6 +1,7 @@
-  o Minor bug fixes:
+  o Minor features (unix permissions):
     - If any directory created by Tor is marked as group readable, the
       filesystem group is allowed to be either the default GID or the root
       user. Allowing root to read the DataDirectory prevents the need for
       CAP_READ_SEARCH when using systemd's CapabilityBoundingSet, or
       dac_read_search when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
diff --git a/changes/bug17562-defer-unix-socket-creation b/changes/bug17562-defer-unix-socket-creation
index f1896c044a..3e21d358d5 100644
--- a/changes/bug17562-defer-unix-socket-creation
+++ b/changes/bug17562-defer-unix-socket-creation
@@ -1,4 +1,5 @@
-  o Minor bug fixes:
+  o Minor features (unix permissions):
     - Defer creation of Unix sockets until after setuid. This avoids needing
       CAP_CHOWN and CAP_FOWNER when using systemd's CapabilityBoundingSet, or
       chown and fowner when using SELinux.
+      Implements part of ticket 17562. Patch from Jamie Nguyen.
diff --git a/changes/bug17589 b/changes/bug17589
index 91103276df..4144af7c11 100644
--- a/changes/bug17589
+++ b/changes/bug17589
@@ -1,4 +1,4 @@
-  o Code simplificiation and refactoring:
+  o Code simplification and refactoring:
     - When a direct directory request fails immediately on launch,
       instead of relaunching that request from inside the code that
       launches it, instead mark the connection for teardown. This
diff --git a/changes/bug17632-no-ipv4-no-localhost b/changes/bug17632-no-ipv4-no-localhost
index 04622079d3..99a2e2c325 100644
--- a/changes/bug17632-no-ipv4-no-localhost
+++ b/changes/bug17632-no-ipv4-no-localhost
@@ -1,7 +1,5 @@
   o Minor bugfix (unit tests):
     - Make unit tests pass on IPv6-only systems, and systems without
       localhost addresses (like some FreeBSD jails).
-      Fixes bug #17632; bugfix on unit tests in 0.2.7.3-rc.
-      c464a367728d was a partial fix for this issue in #17255;
-      it was released in unit tests in 0.2.7.4-rc.
+      Fixes bug 17632; bugfix on 0.2.7.3-rc.
       Patch by "teor".
diff --git a/changes/bug17638-ipv6-ersatz-socketpair b/changes/bug17638-ipv6-ersatz-socketpair
index 6193065ff3..90a74f419f 100644
--- a/changes/bug17638-ipv6-ersatz-socketpair
+++ b/changes/bug17638-ipv6-ersatz-socketpair
@@ -1,5 +1,5 @@
   o Minor bugfix (IPv6 compatibility, unit tests):
     - Make tor_ersatz_socketpair work on IPv6-only systems.
-      Fixes bug #17638; bugfix on a very early tor version,
-      earlier than 22dba27d8dd5 (23 Nov 2004) / svn:r2943.
+      Fixes bug 17638; bugfix on 0.0.2pre8.
       Patch by "teor".
+
diff --git a/changes/bug17686 b/changes/bug17686
index 8fa16c794b..78e6c8f92b 100644
--- a/changes/bug17686
+++ b/changes/bug17686
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (security):
     - Adjust Tor's use of OpenSSL's RNG APIs so that they absolutely,
       positively are not allowed to fail. Previously we depended on
       internals about OpenSSL behavior. Closes ticket 17686.
diff --git a/changes/bug17753 b/changes/bug17753
index 7d227d856c..918712f5c3 100644
--- a/changes/bug17753
+++ b/changes/bug17753
@@ -1,4 +1,4 @@
-  o Minor bugfixes (code correctness)
+  o Minor bugfixes (code correctness):
     - Assert that allocated memory held by the reputation code is freed
       according to its internal counters. Fixes bug 17753; bugfix on
       tor-0.1.1.1-alpha.
diff --git a/changes/bug17876 b/changes/bug17876
index 1bd3dd7c1b..7446336c24 100644
--- a/changes/bug17876
+++ b/changes/bug17876
@@ -1,4 +1,4 @@
-  o Minor bugfixes:
+  o Minor bugfixes (client, correctness):
     - When closing an entry connection, generate a warning if we should
       have sent an end cell for it but we haven't.  Fixes bug 17876;
       bugfix on 0.2.3.2-alpha.
diff --git a/changes/bug17923 b/changes/bug17923
index ea39960711..d828520201 100644
--- a/changes/bug17923
+++ b/changes/bug17923
@@ -1,4 +1,4 @@
-  o Minor bugfixes:
+  o Minor bugfixes (portability):
     - Remove an #endif from configure.ac so that we correctly detect
       the presence of in6_addr.s6_addr32. Fixes bug 17923; bugfix on
       0.2.0.13-alpha.
diff --git a/changes/bug18050 b/changes/bug18050
index ce24a7738a..4457ed262e 100644
--- a/changes/bug18050
+++ b/changes/bug18050
@@ -1,7 +1,7 @@
-  o Minor fixes (relays):
+  o Minor bugfixes (relays):
     - Check that both the ORPort and DirPort (if present) are reachable
       before publishing a relay descriptor. Otherwise, relays publish a
       descriptor with DirPort 0 when the DirPort reachability test takes
       longer than the ORPort reachability test.
-      Closes bug #18050. Reported by "starlight", patch by "teor".
-      Bugfix on 0.1.0.1-rc, commit a1f1fa6ab on 27 Feb 2005.
+      Fixes bug 18050; bugfix on 0.1.0.1-rc.
+      Reported by "starlight", patch by "teor".
diff --git a/changes/bug18089 b/changes/bug18089
index c1fb342f77..b1ebd45545 100644
--- a/changes/bug18089
+++ b/changes/bug18089
@@ -1,6 +1,5 @@
-  o Minor fixes (security):
+  o Minor bugfixes (security):
     - Make memwipe() do nothing when passed a NULL pointer
       or zero size. Check size argument to memwipe() for underflow.
-      Closes bug #18089. Reported by "gk", patch by "teor".
-      Bugfix on 0.2.3.25 and 0.2.4.6-alpha (#7352),
-      commit 49dd5ef3 on 7 Nov 2012.
+      Fixes bug 18089; bugfix on 0.2.3.25 and 0.2.4.6-alpha.
+      Reported by "gk", patch by "teor".
diff --git a/changes/bug4483-multiple-consensus-downloads b/changes/bug4483-multiple-consensus-downloads
index 23d22a89c4..7e8bcc24cc 100644
--- a/changes/bug4483-multiple-consensus-downloads
+++ b/changes/bug4483-multiple-consensus-downloads
@@ -2,8 +2,8 @@
     - Schedule multiple in-progress consensus downloads during client
       bootstrap. Use the first one that starts downloading, close the
       rest. This reduces failures when authorities are slow or down.
-      With #15775, it reduces failures due to fallback churn.
-      Implements #4483 (reduce failures when authorities are down).
+      Together with the code for feature 15775, it reduces failures due to fallback churn.
+      Implements ticket 4483 (reduce failures when authorities are down).
       Patch by "teor".
-      Implements IPv4 portions of proposal #210 by "mikeperry" and
+      Implements IPv4 portions of proposal 210 by "mikeperry" and
       "teor".
diff --git a/changes/bug6027 b/changes/bug6027
index 5233876a49..65be5443e8 100644
--- a/changes/bug6027
+++ b/changes/bug6027
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (IPv6 support):
     - Allow users to configure directory authorities and fallback
       directory servers with IPv6 addresses and ORPorts.  Resolves
       ticket 6027.
diff --git a/changes/check-crypto-errors b/changes/check-crypto-errors
index e41862ca13..b3da7a1984 100644
--- a/changes/check-crypto-errors
+++ b/changes/check-crypto-errors
@@ -1,5 +1,4 @@
   o Minor bugfix (crypto):
     - Check the return value of HMAC and assert on failure.
-      Fixes bug #17658; bugfix on commit in fdbb9cdf746b (11 Oct 2011)
-      in tor version 0.2.3.5-alpha-dev.
+      Fixes bug 17658; bugfix on 0.2.3.6-alpha.
       Patch by "teor".
diff --git a/changes/cleanup_17587 b/changes/cleanup_17587
index 05e00fd9e5..a2cecdd7b4 100644
--- a/changes/cleanup_17587
+++ b/changes/cleanup_17587
@@ -1,3 +1,3 @@
-  o Code simplifications and refactorings:
+  o Code simplification and refactoring:
     - Clean up a little duplicated code in crypto_expand_key_material_TAP.
       Closes ticket 17587; patch from "pfrankw".
diff --git a/changes/decouple_circuit_mark b/changes/decouple_circuit_mark
index 4b7ed778a2..a852f48133 100644
--- a/changes/decouple_circuit_mark
+++ b/changes/decouple_circuit_mark
@@ -3,4 +3,4 @@
        a new function run periodically before connections are freed.
        This change removes more than half of the functions currently
        in the "blob".
-       Closes ticket #17218.
+       Closes ticket 17218.
diff --git a/changes/decouple_conn_attach b/changes/decouple_conn_attach
index 6167b4e932..8619c4d325 100644
--- a/changes/decouple_conn_attach
+++ b/changes/decouple_conn_attach
@@ -1,4 +1,4 @@
-  o Code simplification and refactorings:
+  o Code simplification and refactoring:
     - Decouple the list of streams needing to be attached to circuits
       from the overall connection list. This change makes it possible to
       attach streams quickly while both simplifying Tor's callgraph and
diff --git a/changes/feature15775-fallback b/changes/feature15775-fallback
index 567d01cc72..3a0ff231a2 100644
--- a/changes/feature15775-fallback
+++ b/changes/feature15775-fallback
@@ -11,9 +11,9 @@
        and port for a while now (120 days), and have been running, a guard,
        and a v2 directory mirror for most of that time."
       We exclude BadExits and tor versions that aren't recommended.
-      We include an IPv6 address for each FallbackDir (#8374).
-      (Tor might not use IPv6 fallbacks until #6027 is merged.)
+      We include an IPv6 address for each FallbackDir (see ticket 8374).
+      (Tor might not use IPv6 fallbacks until ticket the code for ticket6027 is merged.)
       The unit test ensures that we successfully load all included
       default fallback directories.
-      Closes ticket #15775. Patch by "teor".
+      Closes ticket 15775. Patch by "teor".
       OnionOO script by "weasel", "teor", "gsathya", and "karsten".
diff --git a/changes/feature16774 b/changes/feature16774
index 87ba488cc6..dc9c329346 100644
--- a/changes/feature16774
+++ b/changes/feature16774
@@ -1,3 +1,3 @@
-  o Minor enhancement:
-    - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes ticket
-      #16774 and 17817. Patch by George Tankersley.
+  o Minor features (controller):
+    - Adds FallbackDir entries to 'GETINFO config/defaults'. Closes tickets
+      16774 and 17817. Patch by George Tankersley.
diff --git a/changes/feature17950 b/changes/feature17950
index 5ea83ecd8e..bc255a791e 100644
--- a/changes/feature17950
+++ b/changes/feature17950
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (relay, address discovery):
     - Add a family argument to get_interface_addresses_raw() and
       subfunctions to make network interface address interogation more
       efficient. Now Tor can specifically ask for IPv4, IPv6 or both
diff --git a/changes/feature17951 b/changes/feature17951
index 42ec32a0dd..67a6a8fd66 100644
--- a/changes/feature17951
+++ b/changes/feature17951
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (relay, address discovery):
     - When get_interface_address6_list(.,AF_UNSPEC,.) is called and fails
       to enumerate interface addresses using the platform-specific API,
       have it rely on the UDP socket fallback technique to try and find
diff --git a/changes/feature17986 b/changes/feature17986
index ef82bd3503..8039701a3a 100644
--- a/changes/feature17986
+++ b/changes/feature17986
@@ -1,3 +1,3 @@
-  o Minor features:
+  o Minor features (security):
     - Use SecureMemoryWipe() function to securely clean memory on
       Windows. Implements feature 17986.
diff --git a/changes/feature8195 b/changes/feature8195
index cb81f2e1d0..5c9a36791c 100644
--- a/changes/feature8195
+++ b/changes/feature8195
@@ -1,4 +1,4 @@
-  o Major features:
+  o Major features (relay):
     - When Tor is started as root on Linux and told to switch user ID, it
       can now retain the capabilitity to bind to low ports.  By default,
       Tor will do this only when it's switching user ID and some low
diff --git a/changes/feature8961-replaycache-sha256 b/changes/feature8961-replaycache-sha256
index c5b5c857db..c761aa8dd2 100644
--- a/changes/feature8961-replaycache-sha256
+++ b/changes/feature8961-replaycache-sha256
@@ -1,4 +1,4 @@
-  o Minor enhancement (replaycache):
+  o Minor features (replaycache):
     - The replay cache now uses SHA256 instead of SHA1.
-      Implements feature #8961.
+      Implements feature 8961.
       Patch by "teor", issue reported by "rransom".
diff --git a/changes/first-hop-no-private b/changes/first-hop-no-private
index e8d0684061..4cef638f8f 100644
--- a/changes/first-hop-no-private
+++ b/changes/first-hop-no-private
@@ -2,7 +2,5 @@
     - Refuse connection requests to private OR addresses unless
       ExtendAllowPrivateAddresses is set. Previously, tor would
       connect, then refuse to send any cells to a private address.
-      Fixes bugs 17674 and 8976; bugfix on b7c172c9ec76 (28 Aug 2012)
-      Original bug 6710, released in 0.2.3.21-rc and an 0.2.2 maint
-      release.
+      Fixes bugs 17674 and 8976; bugfix on 0.2.3.21-rc.
       Patch by "teor".
diff --git a/changes/geoip-january2016 b/changes/geoip-january2016
index fe2d5c7dc7..0d9466539a 100644
--- a/changes/geoip-january2016
+++ b/changes/geoip-january2016
@@ -1,4 +1,4 @@
-  o Minor features:
+  o Minor features (geoip):
     - Update geoip and geoip6 to the January 5 2016 Maxmind GeoLite2
       Country database.
 
diff --git a/changes/getinfo-private-exitpolicy b/changes/getinfo-private-exitpolicy
index e8345167e9..29b3d76b67 100644
--- a/changes/getinfo-private-exitpolicy
+++ b/changes/getinfo-private-exitpolicy
@@ -3,4 +3,4 @@
       for the reject rules added by ExitPolicyRejectPrivate. This makes
       it easier for stem to display exit policies.
     - Add unit tests for getinfo exit-policy/*.
-      Completes ticket #17183. Patch by "teor".
+      Finishes implementation for ticket 17183. Patch by "teor".
diff --git a/changes/laplace-edge-cases b/changes/laplace-edge-cases
index 6c8c77b040..b83346e7a0 100644
--- a/changes/laplace-edge-cases
+++ b/changes/laplace-edge-cases
@@ -1,8 +1,9 @@
-  o Code simplifications and unit tests:
+  o Minor bugfixes (statistics code):
     - Handle edge cases in the laplace functions: avoid division by zero,
       avoid taking the log of zero, and silence clang type conversion
       warnings using round and trunc.  Add unit tests for edge cases with
-      maximal values.
+      maximal values. Fixes part of bug 13192; bugfix on 0.2.6.2-alpha.
     - Consistently check for overflow in round_*_to_next_multiple_of
       functions, and add unit tests with additional and maximal values.
+      Fixes part of bug 13192; bugfix on 0.2.2.1-alpha.
 
diff --git a/changes/log_heartbeat_test b/changes/log_heartbeat_test
index 7db97ed03c..7bcc53f9cc 100644
--- a/changes/log_heartbeat_test
+++ b/changes/log_heartbeat_test
@@ -3,4 +3,4 @@
       with non-integer offsets. Instead of comparing the end of the
       time string against a constant, compare it to the output of
       format_local_iso_time when given the correct input.
-      Fixes bug 18039.
+      Fixes bug 18039; bugfix on 0.2.5.4-alpha.
diff --git a/changes/routerset-parse-IPv6-literals b/changes/routerset-parse-IPv6-literals
index c80c82c229..52026f3ed4 100644
--- a/changes/routerset-parse-IPv6-literals
+++ b/changes/routerset-parse-IPv6-literals
@@ -1,5 +1,3 @@
-  o Minor bug fixes (routersets, IPv6):
+  o Minor bugfixes (routersets, IPv6):
     - routerset_parse now accepts IPv6 literal addresses.
-      Fix for ticket 17060. Patch by "teor".
-      Patch on 3ce6e2fba290 (24 Jul 2008), and related commits,
-      released in 0.2.1.3-alpha.
+      Fixes bug 17060; bugfix on 0.2.1.3-alpha. Patch by "teor".
diff --git a/changes/sha-unit-tests b/changes/sha-unit-tests
index 457578d337..437bff3e0a 100644
--- a/changes/sha-unit-tests
+++ b/changes/sha-unit-tests
@@ -1,5 +1,3 @@
   o Minor bugfixes (unit tests):
     - Check the full results of SHA256 and SHA512 digests in the
-      unit tests.
-      Bugfix on a tor version before the refactoring in git commit
-      cea12251995d (23 Sep 2009). Patch by "teor".
+      unit tests. Bugfix on 0.2.2.4-alpha. Patch by "teor".
diff --git a/changes/ticket15989 b/changes/ticket15989
index e90d0cf8a4..a0a904b63c 100644
--- a/changes/ticket15989
+++ b/changes/ticket15989
@@ -1,9 +1,9 @@
-  o Minor enhancement (accounting):
+  o Minor features (accounting):
     - Added two modes to AccountingRule in torrc for
       limiting just input or just output.
       Closes ticket 15989; patch from "unixninja92".
 
-  o Minor bugfixe (accounting):
+  o Minor bugfixes (accounting):
     - The max bandwidth when using AccountRule sum
       is now correctly logged. Fixes bug 18024; bugfix on 0.2.6.1-alpha.
       Patch from "unixninja92".
diff --git a/changes/ticket17158 b/changes/ticket17158
index f65053db99..6332248345 100644
--- a/changes/ticket17158
+++ b/changes/ticket17158
@@ -1,7 +1,4 @@
-  o Minor fixes (fallback directories):
-    - Fix a display issue in updateFallbackDirs.py output.
-      Patch by "teor". Not in any released version of tor.
-
   o Minor features (fallback directories):
-    - Add default fallback directories for the 0.2.8 alpha releases.
+    - Add a set of default fallback directories for the 0.2.8 alpha releases.
+      Closes ticket 17158.
       Patch by "teor".
diff --git a/changes/warn-when-time-goes-backwards b/changes/warn-when-time-goes-backwards
index d7e584d9ff..8a9485b0c0 100644
--- a/changes/warn-when-time-goes-backwards
+++ b/changes/warn-when-time-goes-backwards
@@ -2,4 +2,4 @@
     - Warn when the system clock is set back in time (when the
       state file was last written in the future). Tor doesn't know
       that consensuses have expired if the clock is in the past.
-      Patch by "teor". Implements ticket #17188.
+      Patch by "teor". Implements ticket 17188.
diff --git a/scripts/maint/lintChanges.py b/scripts/maint/lintChanges.py
index c2fc01d2bf..a73110dab1 100755
--- a/scripts/maint/lintChanges.py
+++ b/scripts/maint/lintChanges.py
@@ -7,6 +7,20 @@ import re
 import os
 
 
+KNOWN_GROUPS=set([
+    "Minor bugfix",
+    "Minor bugfixes",
+    "Major bugfix",
+    "Major bugfixes",
+    "Minor feature",
+    "Minor features",
+    "Major feature",
+    "Major features",
+    "Testing",
+    "Documentation",
+    "Code simplification and refactoring",
+    "Removed features"])
+
 def lintfile(fname):
     have_warned = []
 
@@ -31,8 +45,16 @@ def lintfile(fname):
     lines = contents.split("\n")
     isBug = ("bug" in lines[0] or "fix" in lines[0])
 
-    if not re.match(r'^[ ]{2}o (.*)', contents):
+    m = re.match(r'^[ ]{2}o ([^\(:]*)([^:]*):', contents)
+    if not m:
         warn("header not in format expected")
+    elif m.group(1).strip() not in KNOWN_GROUPS:
+        warn("Weird header: %r"%m.group(1))
+    elif ( ("bugfix" in m.group(1) or "feature" in m.group(1)) and
+           ("Removed" not in m.group(1)) and
+           '(' not in m.group(2)):
+        warn("Missing subcategory on %s"%m.group(1))
+
 
     contents = " ".join(contents.split())