nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-23 20:03:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Reformat 0255 changelog. Tweak formatter script.

Browse Source
This commit is contained in:
Nick Mathewson 2014-05-29 11:30:15 -04:00
parent 413a442f57
commit d92a01e820
2 changed files with 92 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

170
ChangeLog
View File

@ -9,34 +9,34 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
o Major bugfixes (relay):
- When uploading to the directory authorities, use a direct dirport
connection if we are a uploading an ordinary, non-anonymous directory
object. Previously, relays would used tunnel connections under a
fairly wide variety of circumstances. Fixes bug 11469; bugfix on
0.2.4.3-alpha.
connection if we are a uploading an ordinary, non-anonymous
directory object. Previously, relays would used tunnel connections
under a fairly wide variety of circumstances. Fixes bug 11469;
bugfix on 0.2.4.3-alpha.
o Major security fixes (directory authorities):
- Directory authorities now include a digest of each relay's
identity key as a part of its microdescriptor.
This is a workaround for bug #11743 (reported by "cypherpunks"),
where Tor clients do not
support receiving multiple microdescriptors with the same SHA256
digest in the same consensus. When clients receive a consensus
like this, they only use one of the relays. Without this fix, a
hostile relay could selectively disable some client use of target
relays by constucting a router descriptor with a different
identity and the same microdescriptor parameters and getting the
authorities to list it in a microdescriptor consensus. This fix
prevents an attacker from causing a microdescriptor collision,
because the router's identity is not forgeable.
where Tor clients do not support receiving multiple
microdescriptors with the same SHA256 digest in the same
consensus. When clients receive a consensus like this, they only
use one of the relays. Without this fix, a hostile relay could
selectively disable some client use of target relays by
constucting a router descriptor with a different identity and the
same microdescriptor parameters and getting the authorities to
list it in a microdescriptor consensus. This fix prevents an
attacker from causing a microdescriptor collision, because the
router's identity is not forgeable.
o Minor features (diagnostic):
- When logging a warning because of bug #7164, additionally check the
hash table for consistency (as proposed on ticket #11737). This may
help diagnose bug #7164.
- When we log a heartbeat, log how many one-hop circuits we have that
are at least 30 minutes old, and log status information about a
few of them. This is an attempt to track down bug 8387.
- When logging a warning because of bug #7164, additionally check
the hash table for consistency (as proposed on ticket #11737).
This may help diagnose bug #7164.
- When we log a heartbeat, log how many one-hop circuits we have
that are at least 30 minutes old, and log status information about
a few of them. This is an attempt to track down bug 8387.
o Minor features (security):
- Apply the secure SipHash-2-4 function to the hash table mapping
@ -70,20 +70,20 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
bugfix on 0.2.1.1-alpha.
o Minor bugfixes (compilation):
- Fix compilation of test_status.c when building with MVSC.
Bugfix on 0.2.5.4-alpha. Patch from Gisle Vanem.
- Fix compilation of test_status.c when building with MVSC. Bugfix
on 0.2.5.4-alpha. Patch from Gisle Vanem.
- Resolve GCC complaints on OpenBSD about discarding constness in
TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix on
0.1.1.23. Patch from Dana Koch.
TO_{ORIGIN,OR}_CIRCUIT functions. Fixes part of bug 11633; bugfix
on 0.1.1.23. Patch from Dana Koch.
- Resolve clang complaints on OpenBSD with -Wshorten-64-to-32 due to
treatment of long and time_t as comparable types. Fixes part of bug 11633.
Patch from Dana Koch.
treatment of long and time_t as comparable types. Fixes part of
bug 11633. Patch from Dana Koch.
o Minor bugfixes (build):
- When deciding whether to build the 64-bit curve25519 implementation,
detect platforms where we can compile 128-bit arithmetic but cannot
link it. Fixes bug 11729; bugfix on 0.2.4.8-alpha. Patch
from "conradev".
- When deciding whether to build the 64-bit curve25519
implementation, detect platforms where we can compile 128-bit
arithmetic but cannot link it. Fixes bug 11729; bugfix on
0.2.4.8-alpha. Patch from "conradev".
o Minor bugfixes (Directory server):
- When sending a compressed set of descriptors or microdescriptors,
@ -94,14 +94,15 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
11648; bugfix on 0.1.1.23.
o Minor bugfixes (dmalloc):
- Fix compilation with dmalloc. Fixes bug 11605; bugfix on 0.2.4.10-alpha.
- Fix compilation with dmalloc. Fixes bug 11605; bugfix
on 0.2.4.10-alpha.
o Minor bugfixes (documentation):
- Correct the documenation so that it lists the correct directories
for the stats files. (They are in a subdirectory called "stats",
not "status".)
o Minor bugfixes (linux seccomp sandbox)
o Minor bugfixes (linux seccomp sandbox):
- Make the seccomp sandbox code compile with ARM linux. Fixes bug
11622; bugfix on 0.2.5.1-alpha.
- Avoid crashing when re-opening listener ports with the seccomp
@ -109,27 +110,27 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
- Avoid crashing with the seccomp sandbox enabled along with
ConstrainedSockets. Fixes bug 12139; bugfix on 0.2.5.1-alpha.
- When we receive a SIGHUP with the sandbox enabled, correctly
support rotating our log files. Fixes bug 12032; bugfix on
0.2.5.1-alpha.
support rotating our log files. Fixes bug 12032; bugfix
on 0.2.5.1-alpha.
- Avoid crash when running with sandboxing enabled and
DirReqStatistics not disabled. Fixes bug 12035; bugfix on
0.2.5.1-alpha.
DirReqStatistics not disabled. Fixes bug 12035; bugfix
on 0.2.5.1-alpha.
- Fix a "BUG" warning when trying to write bridge-stats files with
the Linux syscall sandbox filter enabled. Fixes bug 12041;
bugfix on 0.2.5.1-alpha.
the Linux syscall sandbox filter enabled. Fixes bug 12041; bugfix
on 0.2.5.1-alpha.
- Prevent the sandbox from crashing on startup when run with the
--enable-expensive-hardening configuration option. Fixes bug
11477; bugfix on 0.2.5.4-alpha.
- When running with DirPortFrontPage and Sandbox both enabled, reload
the DirPortFrontPage correctly when restarting. Fixes bug 12028;
bugfix on 0.2.5.1-alpha.
- Don't try to enable the sandbox when using the Tor binary to
check its configuration, hash a passphrase, or so on. Doing
so was crashing on startup for some users. Fixes bug 11609;
bugfix on 0.2.5.1-alpha.
- When running with DirPortFrontPage and Sandbox both enabled,
reload the DirPortFrontPage correctly when restarting. Fixes bug
12028; bugfix on 0.2.5.1-alpha.
- Don't try to enable the sandbox when using the Tor binary to check
its configuration, hash a passphrase, or so on. Doing so was
crashing on startup for some users. Fixes bug 11609; bugfix
on 0.2.5.1-alpha.
- Avoid warnings when running with sandboxing and node statistics
enabled at the same time.
Fixes part of 12064; bugfix on 0.2.5.1-alpha. Patch from Michael Wolf.
enabled at the same time. Fixes part of 12064; bugfix on
0.2.5.1-alpha. Patch from Michael Wolf.
- Avoid warnings when running with sandboxing enabled at the same
time as cookie authentication, hidden services or directory
authority voting. Fixes part of 12064; bugfix on 0.2.5.1-alpha.
@ -142,16 +143,16 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
o Minor bugfixes (pluggable transports):
- Enable the ExtORPortCookieAuthFile option, to allow changing the
default location of the authentication token for the extended OR Port
as used by sever-side pluggable transports. We had implemented this
option before, but the code to make it settable had been omitted.
Fixes bug 11635; bugfix on 0.2.5.1-alpha.
default location of the authentication token for the extended OR
Port as used by sever-side pluggable transports. We had
implemented this option before, but the code to make it settable
had been omitted. Fixes bug 11635; bugfix on 0.2.5.1-alpha.
o Minor bugfixes (testing):
- The Python parts of the test scripts now work on Python 3 as well
as Python 2, so systems where '/usr/bin/python' is Python 3 will
no longer have the tests break. Fixes bug 11608; bugfix on
0.2.5.2-alpha.
no longer have the tests break. Fixes bug 11608; bugfix
on 0.2.5.2-alpha.
- When looking for versions of python that we could run the tests
with, check for "python2.7" and "python3.3"; previously we were
only looking for "python", "python2", and "python3". Patch from
@ -160,34 +161,35 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
o Minor bugfixes (tor-fw-helper):
- Give a correct log message when tor-fw-helper fails to launch.
(Previously, we would say something like "tor-fw-helper sent us a
string we could not parse".) Fixes bug 9781; bugfix on 0.2.4.2-alpha.
string we could not parse".) Fixes bug 9781; bugfix
on 0.2.4.2-alpha.
o Minor bugfixes:
- Avoid another 60-second delay when starting Tor in a
pluggable-transport-using configuration when we already have
cached descriptors for our bridges. Fixes bug 11965; bugfix on
0.2.3.6-alpha.
- Avoid another 60-second delay when starting Tor in a pluggable-
transport-using configuration when we already have cached
descriptors for our bridges. Fixes bug 11965; bugfix
on 0.2.3.6-alpha.
o Minor bugfixes:
- Check return code on spawn_func() in cpuworker code, so that we don't
think we've spawned a nonworking cpuworker and write junk to it
forever. Fix related to bug 4345; bugfix on all released Tor versions.
Found by "skruffy".
- Use a pthread_attr to make sure that spawn_func() cannot return
an error while at the same time launching a thread. Fix related
to bug 4345; bugfix on all released Tor versions. Reported by
"cypherpunks".
- Check return code on spawn_func() in cpuworker code, so that we
don't think we've spawned a nonworking cpuworker and write junk to
it forever. Fix related to bug 4345; bugfix on all released Tor
versions. Found by "skruffy".
- Use a pthread_attr to make sure that spawn_func() cannot return an
error while at the same time launching a thread. Fix related to
bug 4345; bugfix on all released Tor versions. Reported
by "cypherpunks".
o Minor bugfixes:
- Correctly detect the total available system memory. We tried to do this
in 0.2.5.4-alpha, but the code was set up to always return an error
value, even on success.
Fixes bug 11805; bugfix on 0.2.5.4-alpha.
- Correctly detect the total available system memory. We tried to do
this in 0.2.5.4-alpha, but the code was set up to always return an
error value, even on success. Fixes bug 11805; bugfix
on 0.2.5.4-alpha.
o Minor bugfixes:
- Fix a broken log message about delayed directory fetches that
was caused by a misuse of strlcpy(). Fixes bug 11654; bugfix on
0.2.5.3-alpha.
- Fix a broken log message about delayed directory fetches that was
caused by a misuse of strlcpy(). Fixes bug 11654; bugfix
on 0.2.5.3-alpha.
o Minor bugfixes:
- Fix all valgrind warnings produced by the unit tests. There were
@ -200,20 +202,21 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
bugfix on 0.2.3.13-alpha. Found by "cypherpunks".
o Minor bugfixes:
- Make Tor compile correctly with --disable-buf-freelists.
Fixes bug 11623; bugfix on 0.2.5.3-alpha.
- Make Tor compile correctly with --disable-buf-freelists. Fixes bug
11623; bugfix on 0.2.5.3-alpha.
o Bugfixes:
- Add configure options controlling allocator tricks like mempools and
freelists, and turn them off by default; on most platforms malloc is
reasonable enough for this not to be necessary, and a similar feature
in OpenSSL exacerbated Heartbleed. Fixes bug #11476.
- Add configure options controlling allocator tricks like mempools
and freelists, and turn them off by default; on most platforms
malloc is reasonable enough for this not to be necessary, and a
similar feature in OpenSSL exacerbated Heartbleed. Fixes
bug #11476.
o Distribution:
- Include a tor.service file in contrib.dist for use with
systemd. Some distributions will be able to use this file unmodified;
others will need to tweak it, or write their own. Patch from
Jamie Nguyen; resolves ticket 8368.
- Include a tor.service file in contrib.dist for use with systemd.
Some distributions will be able to use this file unmodified;
others will need to tweak it, or write their own. Patch from Jamie
Nguyen; resolves ticket 8368.
o Documentation:
- Clean up several option names in the manpage to match their real
@ -239,7 +242,6 @@ Changes in version 0.2.5.5-alpha - 2014-06-??
hidden services.
Changes in version 0.2.4.22 - 2014-05-16
Tor 0.2.4.22 backports numerous high-priority fixes from the Tor 0.2.5
alpha release series. These include blocking all authority signing

4
scripts/maint/format_changelog.py
View File

@ -116,7 +116,7 @@ def wrap_graf(words, prefix_len1=0, prefix_len2=0, width=72):
return lines
def hyphenateable(word):
if re.match(r'^[^\d\-].*-', word):
if re.match(r'^[^\d\-]\D*-', word):
stripped = re.sub(r'^\W+','',word)
stripped = re.sub(r'\W+$','',word)
return stripped not in NO_HYPHENATE
@ -218,7 +218,7 @@ class ChangeLog(object):
elif tp == TP_ITEMBODY:
if self.curgraf is None:
self.curgraf = []
self.cursection[2][1][-1].append(self.curgraf)
self.cursection[2][-1][1].append(self.curgraf)
self.curgraf.append(line)
else: