[bridgedb/develop] Add #9874 #12086 #12089 #12090 #12091 and #12147 to CHANGELOG for 0.2.2. - tor-commits

6 Jun 2014

commit e7b3d6e7b973ad107aa0779f492b40123e69ed88
Author: Isis Lovecruft isis@torproject.org
Date:   Fri Jun 6 17:26:36 2014 +0000
Add #9874 #12086 #12089 #12090 #12091 and #12147 to CHANGELOG for 0.2.2.
---
 CHANGELOG |   79 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 79 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index 76fe023..3b07e5b 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,82 @@
+Changes in version 0.2.2 - 2014-06-XXX
+
+        * FIXES #9874 https://trac.torproject.org/projects/tor/ticket/9874
+        BridgeDB's email and HTTPS distributors were written in a manner
+        that makes them largely impossible to write unittests for. Since
+        the recent rewrite of BridgeDB's email distributor server backends
+        for version 0.2.1, BridgeDB email distributor is now testable and
+        has near 100% code coverage, see
+        https://coveralls.io/r/isislovecruft/bridgedb
+
+        * FIXES #12086 https://trac.torproject.org/projects/tor/ticket/12086
+        BridgeDB was found to accept incoming emails sent to any email
+        address whose local part included the word bridges, e.g. emails
+        sent to 'givemebridges@serious.ly' would be responded to as if
+        they were destined for BridgeDB's real email address.
+          - BridgeDB now strictly checks that the local part of the email
+            address that an incoming email was sent to (after removing plus
+            aliases, i.e. '+es_ES', '+fa', etc.) exactly matches BridgeDB
+            configured email address username.
+          - BridgeDB now checks that the domain name portion of the email
+            address that an incoming email was sent to either matches the
+            domain name portion of BridgeDB's configured email address, or
+            is a subdomain of that domain.
+
+        * FIXES #12089 https://trac.torproject.org/projects/tor/ticket/12089
+        There has been a bug for quite some time now where BridgeDB could
+        be used to email arbitrary email addresses (as long as these
+        addresses were ones which BridgeDB allows, i.e. Gmail or Yahoo
+        email addresses). This was due to BridgeDB not checking that the
+        email address used in the SMTP 'MAIL FROM:' command on an incoming
+        message matched the one used in that email's 'From:'
+        header.
+          - BridgeDB now checks that the email addresses in the SMTP 'MAIL
+            FROM:' and the 'From:' header on that incoming email match, in
+            addition to the previous checks that the email address' domain
+            is in the set of allowed domains.
+
+        * FIXES #12090 https://trac.torproject.org/projects/tor/ticket/12090
+        BridgeDB has been replying with an empty email. I don't actually
+        know for sure if this one is fixed. Before deploying version
+        0.2.1, the continuous integration tests showed email responses
+        being correctly generated, and I was also able to receive
+        correctly formed email responses from BridgeDB on a local testing
+        instance on my laptop. It appears that this bug occurs only on the
+        deployment server at ponticum.torproject.org, possibly due to the
+        outdated Python version in Debian Wheezy. I have not been able to
+        reproduce this bug on any other machine.
+
+        * FIXES #12091 https://trac.torproject.org/projects/tor/ticket/12091
+        BridgeDB wasn't properly ignoring emails whose DKIM signature
+        verification header read "X-DKIM-Authentication-Results: dunno".
+          - Bridgedb now marks incoming emails which have a
+            "X-DKIM-Authentication-Results: dunno" header as invalid and
+            ignores them.
+
+        * FIXES #12147 https://trac.torproject.org/projects/tor/ticket/12147
+        If a user refreshed https://bridges.torproject.org/bridges after
+        successfully solving a CAPTCHA, BridgeDB would reply with a new
+        set of bridges for each page refresh. This was due to the use of
+        `getIterval()` in `IPBasedDistributor.getBridgesForIP()`.The
+        correct function to use is `getIntervalStart()`.  This had been
+        noted in a "XXX FIXME" comment above the call for quite some time,
+        however, when the `bridgedb.schedule` (previously called
+        `bridgedb.Time`) module was revised to support CAPTCHA timeouts
+        (#11215), the call to `getInterval()` was mistakenly not replaced
+        with the correct function.
+          - BridgeDB CAPTCHAs must be solved within 10 minutes.
+          - Hashring rotation for bridges in BridgeDB HTTPS distributor
+            occurs every 3 hours. Refreshing the page with bridges on it
+            will return these same bridges for that time period, and
+            afterwards redirect back to the CAPTCHA page.
+        THANKS TO francisco on IRC and arma for reporting the bug.
+
+And include the following general changes:
+        * FIXES an issue where, when verifying GnuPG signatures made by
+        BridgeDB's email distributor, GnuPG would error, saying, "invalid
+        armor header".
+
+
 Changes in version 0.2.1 - 2014-05-16
         * FIXES #5463 https://trac.torproject.org/projects/tor/ticket/5463
         Emails sent from BridgeDB's email distributor should now be signed.

    