Reflow the changelog

1 files changed, 129 insertions, 134 deletions

diff --git a/ChangeLog b/ChangeLog
index b5d5985c39..f422fd83df 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,9 +1,9 @@
 Changes in version 0.2.9.3-alpha - 2016-09-2?
-  Tor 0.2.9.3-alpha adds improved support for entities that
-  want to make high-performance services available through the Tor .onion
-  mechanism without themselves receiving anonymity as they host those
-  services.  It also tries harder to ensure that all steps on a circuit are
-  using the strongest crypto possible, strengthens some TLS properties, and
+  Tor 0.2.9.3-alpha adds improved support for entities that want to make
+  high-performance services available through the Tor .onion mechanism
+  without themselves receiving anonymity as they host those services. It
+  also tries harder to ensure that all steps on a circuit are using the
+  strongest crypto possible, strengthens some TLS properties, and
   resolves several bugs -- including a pair of crash bugs from the 0.2.8
   series. Anybody running an earlier version of 0.2.9.x should upgrade.
 
@@ -12,40 +12,39 @@ Changes in version 0.2.9.3-alpha - 2016-09-2?
   o Major features (circuit building, security):
     - Authorities, relays and clients specifically check that each
       descriptor has an ntor key.
-    - Circuit-building code assumes that all hops can use ntor,
-      except for rare hidden service protocol cases.
+    - Circuit-building code assumes that all hops can use ntor, except
+      for rare hidden service protocol cases.
     - Client code never chooses nodes without ntor keys: they will not
       be selected during circuit-building, or as guards, or as directory
       mirrors, or as introduction or rendezvous points.
-    - Clients avoid downloading a descriptor if the relay version is
-      too old to support ntor.
+    - Clients avoid downloading a descriptor if the relay version is too
+      old to support ntor.
     - Tor authorities, relays, and clients only use ntor, except for
       rare cases in the hidden service protocol.
 
   o Major features (onion services):
     - Add experimental HiddenServiceSingleHopMode and
-      HiddenServiceNonAnonymousMode options. When both are set to 1, every
-      hidden service on a tor instance becomes a non-anonymous Single Onion
-      Service. Single Onions make one-hop (direct) connections to their
-      introduction and renzedvous points. One-hop circuits make Single Onion
-      servers easily locatable, but clients remain location-anonymous.
-      This is compatible with the existing hidden service implementation, and
-      works on the current tor network without any changes to older relays or
-      clients.
-      Implements proposal 260, completes ticket 17178. Patch by teor and asn.
+      HiddenServiceNonAnonymousMode options. When both are set to 1,
+      every hidden service on a tor instance becomes a non-anonymous
+      Single Onion Service. Single Onions make one-hop (direct)
+      connections to their introduction and renzedvous points. One-hop
+      circuits make Single Onion servers easily locatable, but clients
+      remain location-anonymous. This is compatible with the existing
+      hidden service implementation, and works on the current tor
+      network without any changes to older relays or clients. Implements
+      proposal 260, completes ticket 17178. Patch by teor and asn.
 
   o Major features (resource management):
-    - Tor now includes support for noticing when we are about to run out of
-      sockets, and preemptively closing connections of lower priority.
-      (This feature is off by default for now, since the current prioritizing
-      method is not mature enough yet. You can enable it by setting
-      "DisableOOSCheck 0".) Closes ticket 18640.
+    - Tor now includes support for noticing when we are about to run out
+      of sockets, and preemptively closing connections of lower
+      priority. (This feature is off by default for now, since the
+      current prioritizing method is not mature enough yet. You can
+      enable it by setting "DisableOOSCheck 0".) Closes ticket 18640.
 
   o Major bugfixes (circuit building):
-    - Hidden service client-to-intro-point and service-to-rendezvous-point
-      cicruitss use the TAP key supplied by the protocol, to avoid
-      epistemic attacks.
-      Fixes bug 19163; bugfix on 0.2.4.18-rc.
+    - Hidden service client-to-intro-point and service-to-rendezvous-
+      point cicruitss use the TAP key supplied by the protocol, to avoid
+      epistemic attacks. Fixes bug 19163; bugfix on 0.2.4.18-rc.
 
   o Major bugfixes (compilation, OpenBSD):
     - Fix a Libevent-detection bug in our autoconf script that would
@@ -53,105 +52,88 @@ Changes in version 0.2.9.3-alpha - 2016-09-2?
       rubiate. Fixes bug 19902; bugfix on 0.2.9.1-alpha.
 
   o Major bugfixes (hidden services):
-    - Clients require hidden services to include the TAP keys
-      for their intro points in the hidden service descriptor.
-      This prevents an inadvertent upgrade to ntor, which a
-      malicious hidden service could use to discover which
-      consensus a client has.
-      Fixes bug 20012; bugfix on 0.2.4.8-alpha. Patch by teor.
+    - Clients require hidden services to include the TAP keys for their
+      intro points in the hidden service descriptor. This prevents an
+      inadvertent upgrade to ntor, which a malicious hidden service
+      could use to discover which consensus a client has. Fixes bug
+      20012; bugfix on 0.2.4.8-alpha. Patch by teor.
 
-  o Minor feature (port flags):
-    - Add *Port flags NoDNSRequest and NoOnionTraffic, and
-      the synthetic flag OnionTrafficOnly, which is equivalent to
-      NoDNSRequest, NoIPv4Traffic, and NoIPv6Traffic.
-      Closes enhancement 18693; patch by "teor".
+  o Minor features (security, TLS):
+    - Servers no longer support clients that do not provide AES
+      ciphersuites. (3DES is no longer considered an acceptable cipher.)
+      We believe that no such clients currently exist, since we have
+      required OpenSSL 0.9.7 or later since 2009. Closes ticket 19998.
 
-  o Minor features (testing, ipv6):
-    - Add the single-onion and single-onion-ipv6 chutney targets to
-      make test-network-all. This requires a recent chutney version
-      with the single onion network flavours (git c72a652 or later).
-      Closes ticket 20072; patch by teor.
-    - Add the hs-ipv6 chutney target to make test-network-all's IPv6
-      tests. Remove bridges+hs, as it's somewhat redundant.
-      This requires a recent chutney version that supports IPv6 clients,
-      relays, and authorities.
-      Closes ticket 20069; patch by teor.
+  o Minor feature (port flags):
+    - Add *Port flags NoDNSRequest and NoOnionTraffic, and the synthetic
+      flag OnionTrafficOnly, which is equivalent to NoDNSRequest,
+      NoIPv4Traffic, and NoIPv6Traffic. Closes enhancement 18693; patch
+      by "teor".
 
   o Minor features (directory authority):
-    - After voting, if the authorities decide that a relay is not "Valid",
-      they no longer include it in the consensus at all. Closes ticket
-      20002; implements part of proposal 272.
-
-  o Minor features (security, TLS):
-    - Servers no longer support clients that do not provide AES
-      ciphersuites. (3DES is no longer considered an acceptable
-      cipher.) We believe that no such clients currently exist,
-      since we have required OpenSSL 0.9.7 or later since 2009.
-      Closes ticket 19998.
+    - After voting, if the authorities decide that a relay is not
+      "Valid", they no longer include it in the consensus at all. Closes
+      ticket 20002; implements part of proposal 272.
 
   o Minor features (testing):
-    - Disable memory protections on OpenBSD when testing memwipe().
-      The test deliberately invokes undefined behaviour which the
-      protections interfere with. Patch from "rubiate". Closes ticket
-      20066.
+    - Disable memory protections on OpenBSD when testing memwipe(). The
+      test deliberately invokes undefined behaviour which the protections
+      interfere with. Patch from "rubiate". Closes ticket 20066.
+
+  o Minor features (testing, ipv6):
+    - Add the single-onion and single-onion-ipv6 chutney targets to make
+      test-network-all. This requires a recent chutney version with the
+      single onion network flavours (git c72a652 or later). Closes
+      ticket 20072; patch by teor.
+    - Add the hs-ipv6 chutney target to make test-network-all's IPv6
+      tests. Remove bridges+hs, as it's somewhat redundant. This
+      requires a recent chutney version that supports IPv6 clients,
+      relays, and authorities. Closes ticket 20069; patch by teor.
 
   o Minor features (Tor2web):
-    - Make Tor2web clients respect ReachableAddresses.
-      This feature was inadvertently enabled in 0.2.8.6, then removed
-      by bugfix 19973 on 0.2.8.7.
-      Implements feature 20034. Patch by teor.
+    - Make Tor2web clients respect ReachableAddresses. This feature was
+      inadvertently enabled in 0.2.8.6, then removed by bugfix 19973 on
+      0.2.8.7. Implements feature 20034. Patch by teor.
 
   o Minor features (unit tests):
     - Our link-handshake unit tests now check, that when invalid
-      handshakes fail, they fail with the error messages we
-      expected.
-    - Our unit testing code that captures log messages no longer prevents
-      them from being written out if the user asked for them (by passing
-      --debug or --info or or --notice --warn to the "test" binary). This
-      change will prevent us from missing unexpected log messages simply
-      because we were looking for others. Related to ticket 19999.
+      handshakes fail, they fail with the error messages we expected.
+    - Our unit testing code that captures log messages no longer
+      prevents them from being written out if the user asked for them
+      (by passing --debug or --info or or --notice --warn to the "test"
+      binary). This change will prevent us from missing unexpected log
+      messages simply because we were looking for others. Related to
+      ticket 19999.
     - The unit tests now log all warning messages with the "BUG" flag.
       Previously, they only logged errors by default. This change will
-      help us make our testing code more correct, and make sure that
-      we only hit this code when we mean to. This is preparatory work
-      for ticket 19999.
+      help us make our testing code more correct, and make sure that we
+      only hit this code when we mean to. This is preparatory work for
+      ticket 19999.
     - The unit tests now treat any failure of a "tor_assert_nonfatal()"
       assertion as a test failure.
     - We've done significant work to make the unit tests run faster.
 
   o Minor bug fixes (circuits):
-    - Use CircuitBuildTimeout whenever LearnCircuitBuildTimeout is disabled.
-      Fixes bug 19678; bugfix on commit 5b0b51ca3 in 0.2.4.12-alpha. Patch by teor.
-
-  o Minor bugfixes (options):
-    - Check the consistency of UseEntryGuards and EntryNodes more reliably.
-      Fixes bug 20074; bugfix on commit 686aaa5c in tor-0.2.4.12-alpha. Patch by teor.
-    - Stop changing the configured value of UseEntryGuards on authorities
-      and Tor2web clients.
-      Fixes bug 20074; bugfix on commits 51fc6799 in tor-0.1.1.16-rc and
-      acda1735 in tor-0.2.4.3-alpha. Patch by teor.
-
-  o Minor bugfixes (Tor2web):
-    - Prevent Tor2web clients running hidden services, these services are
-      not anonymous due to the one-hop client paths.
-      Fixes bug 19678. Patch by teor.
+    - Use CircuitBuildTimeout whenever LearnCircuitBuildTimeout is
+      disabled. Fixes bug 19678; bugfix on commit 5b0b51ca3 in
+      0.2.4.12-alpha. Patch by teor.
 
   o Minor bugfixes (allocation):
-    - Change how we allocate memory for large chunks on buffers, to avoid
-      a (currently impossible) integer overflow, and to waste less space
-      when allocating unusually large chunks. Fixes bug 20081; bugfix on
-      0.2.0.16-alpha. Issue identified by Guido Vranken.
+    - Change how we allocate memory for large chunks on buffers, to
+      avoid a (currently impossible) integer overflow, and to waste less
+      space when allocating unusually large chunks. Fixes bug 20081;
+      bugfix on 0.2.0.16-alpha. Issue identified by Guido Vranken.
     - Always include orconfig.h before including any other C headers.
       Sometimes, it includes macros that affect the behavior of the
-      standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the first
-      version to use AC_USE_SYSTEM_EXTENSIONS).
-    - Fix a syntax error in the IF_BUG_ONCE__() macro in non-
-      GCC-compatible compilers. Fixes bug 20141; bugfix on
-      0.2.9.1-alpha. Patch from Gisle Vanem.
-    - Stop trying to build with Clang 4.0's -Wthread-safety
-      warnings. They apparently require a set of annotations that we
-      aren't currently using, and they create false positives in our
-      pthreads wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.
+      standard headers. Fixes bug 19767; bugfix on 0.2.9.1-alpha (the
+      first version to use AC_USE_SYSTEM_EXTENSIONS).
+    - Fix a syntax error in the IF_BUG_ONCE__() macro in non- GCC-
+      compatible compilers. Fixes bug 20141; bugfix on 0.2.9.1-alpha.
+      Patch from Gisle Vanem.
+    - Stop trying to build with Clang 4.0's -Wthread-safety warnings.
+      They apparently require a set of annotations that we aren't
+      currently using, and they create false positives in our pthreads
+      wrappers. Fixes bug 20110; bugfix on 0.2.9.1-alpha.
 
   o Minor bugfixes (directory authority):
     - Die with a useful error when the operator forgets to place the
@@ -159,24 +141,22 @@ Changes in version 0.2.9.3-alpha - 2016-09-2?
       uninformative assert & traceback about having an invalid key.
       Fixes bug 20065; bugfix on 0.2.0.1-alpha.
     - When allowing private addresses, mark Exits that only exit to
-      private locations as such. Fixes bug 20064; bugfix on
-      0.2.2.9-alpha.
+      private locations as such. Fixes bug 20064; bugfix
+      on 0.2.2.9-alpha.
 
   o Minor bugfixes (documentation):
-    - Document the default PathsNeededToBuildCircuits value that's
-      used by clients when the directory authorities don't set
-      min_paths_for_circs_pct.
-      Fixes bug 20117; bugfix on 02c320916e02 in tor-0.2.4.10-alpha.
-      Patch by teor, reported by Jesse V.
+    - Document the default PathsNeededToBuildCircuits value that's used
+      by clients when the directory authorities don't set
+      min_paths_for_circs_pct. Fixes bug 20117; bugfix on 02c320916e02
+      in tor-0.2.4.10-alpha. Patch by teor, reported by Jesse V.
     - Fix manual for the User option: it takes a username, not a UID.
       Fixes bug 19122; bugfix on 0.0.2pre16 (the first version to have
       a manpage!).
 
   o Minor bugfixes (hidden services):
-    - Stop logging intro point details to the client log on
-      certain error conditions.
-      Fixed as part of bug 20012; bugfix on 0.2.4.8-alpha.
-      Patch by teor.
+    - Stop logging intro point details to the client log on certain
+      error conditions. Fixed as part of bug 20012; bugfix on
+      0.2.4.8-alpha. Patch by teor.
 
   o Minor bugfixes (IPv6, testing):
     - Check for IPv6 correctly on Linux when running test networks.
@@ -184,36 +164,51 @@ Changes in version 0.2.9.3-alpha - 2016-09-2?
 
   o Minor bugfixes (Linux seccomp2 sandbox):
     - Add permission to run the sched_yield() and sigaltstack() system
-      calls, in order to support versions of Tor compiled with
-      asan or ubsan code that use these calls. Now "sandbox 1" and
-      "--enable-expensive-hardening" should be compatible.
-      Fixes bug 20063; bugfix on 0.2.5.1-alpha.
+      calls, in order to support versions of Tor compiled with asan or
+      ubsan code that use these calls. Now "sandbox 1" and
+      "--enable-expensive-hardening" should be compatible. Fixes bug
+      20063; bugfix on 0.2.5.1-alpha.
 
   o Minor bugfixes (logging):
-    - When logging a message from the BUG() macro, be explicit about what
-      we were asserting. Previously we were confusing what we were asserting
-      with what the bug was. Fixes bug 20093; bugfix on 0.2.9.1-alpha.
+    - When logging a message from the BUG() macro, be explicit about
+      what we were asserting. Previously we were confusing what we were
+      asserting with what the bug was. Fixes bug 20093; bugfix
+      on 0.2.9.1-alpha.
     - When we are unable to remove the bw_accounting file, do not warn
       if the reason we couldn't remove it was that it didn't exist.
-      Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch
-      from 'pastly'.
+      Fixes bug 19964; bugfix on 0.2.5.4-alpha. Patch from 'pastly'.
 
   o Minor bugfixes (option parsing):
     - Count unix sockets when counting client listeners (SOCKS, Trans,
       NATD, and DNS). This has no user-visible behaviour changes: these
-      options are set once, and never read.
-      Required for correct behaviour in ticket 17178.
-      Fixes bug 19677; bugfix on 0.2.6.3-alpha.  Patch by teor.
+      options are set once, and never read. Required for correct
+      behaviour in ticket 17178. Fixes bug 19677; bugfix on
+      0.2.6.3-alpha. Patch by teor.
+
+  o Minor bugfixes (options):
+    - Check the consistency of UseEntryGuards and EntryNodes more
+      reliably. Fixes bug 20074; bugfix on commit 686aaa5c in tor-
+      0.2.4.12-alpha. Patch by teor.
+    - Stop changing the configured value of UseEntryGuards on
+      authorities and Tor2web clients. Fixes bug 20074; bugfix on
+      commits 51fc6799 in tor-0.1.1.16-rc and acda1735 in tor-0.2.4.3-
+      alpha. Patch by teor.
+
+  o Minor bugfixes (Tor2web):
+    - Prevent Tor2web clients running hidden services, these services
+      are not anonymous due to the one-hop client paths. Fixes bug
+      19678. Patch by teor.
 
   o Minor bugfixes (unit tests):
-    - Fix shared random unit test that was failing on big endian architecture
-      due to internal representation of a integer copied to a buffer. The test
-      is changed to take a full 32 bytes of data and use the output of a
-      python script that make the COMMIT and REVEAL calculation according to
-      the spec.  Fixes bug 19977; bugfix on tor-0.2.9.1-alpha.
+    - Fix shared random unit test that was failing on big endian
+      architecture due to internal representation of a integer copied to
+      a buffer. The test is changed to take a full 32 bytes of data and
+      use the output of a python script that make the COMMIT and REVEAL
+      calculation according to the spec. Fixes bug 19977; bugfix
+      on tor-0.2.9.1-alpha.
     - The tor_tls_server_info_callback unit test no longer crashes when
-      debug-level logging is turned on. Fixes bug 20041; bugfix on
-      0.2.8.1-alpha.
+      debug-level logging is turned on. Fixes bug 20041; bugfix
+      on 0.2.8.1-alpha.
 
 
 Changes in version 0.2.9.2-alpha - 2016-08-24