[tor/master] Start on a changelog for 0.3.1.3-alpha - tor-commits

7 Jun 2017

commit 5955b63a9a4182f8909a2a31bd3818b574fd0895
Author: Nick Mathewson nickm@torproject.org
Date:   Wed Jun 7 09:36:12 2017 -0400
Start on a changelog for 0.3.1.3-alpha
---
 ChangeLog                   | 78 ++++++++++++++++++++++++++++++++++++++++++++-
 changes/bug22413            |  4 ---
 changes/bug22417            |  3 --
 changes/bug22424            |  5 ---
 changes/bug22446            |  4 ---
 changes/bug22460_case1      | 16 ----------
 changes/bug22460_case2      |  8 -----
 changes/bug22466_diagnostic |  4 ---
 changes/bug22466_regenerate |  8 -----
 changes/bug22490            |  3 --
 changes/bug6298             |  4 ---
 changes/torify-manpage      |  3 --
 12 files changed, 77 insertions(+), 63 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 60904d3..fc0e833 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,82 @@
-Changes in version 0.3.1.3-alpha - 2017-06-??
+Changes in version 0.3.1.3-alpha - 2017-06-08
+  Tor 0.3.1.3-alpha fixes a pair of bugs that would allow an attacker to
+  remotely crash a hidden service with an assertion failure. Anyone
+  running a hidden service should upgrade to this version, or to some
+  other version with fixes for TROVE-2017-004 and TROVE-2017-005.
+
+  Tor 0.3.1.3-alpha also includes fixes for several key management bugs
+  that sometimes made relays unreliable, as well as several other
+  bugfixes described below.
+
+  o Major bugfixes (relay, link handshake):
+    - When performing the v3 link handshake on a TLS connection, report
+      that we have the x509 certificate that we actually used on that
+      connection, even if we have changed certificates since that
+      connection was first opened. Previously, we would claim to have
+      used our most recent x509 link certificate, which would sometimes
+      make the link handshake fail. Fixes one case of bug 22460; bugfix
+      on 0.2.3.6-alpha.
+
+  o Major bugfixes (relays, key management):
+    - Regenerate link and authentication certificates whenever the key
+      that signs them changes; also, regenerate link certificates
+      whenever the signed key changes. Previously, these processes were
+      only weakly coupled, and we relays could (for minutes to hours)
+      wind up with an inconsistent set of keys and certificates, which
+      other relays would not accept. Fixes two cases of bug 22460;
+      bugfix on 0.3.0.1-alpha.
+    - When sending an Ed25519 signing->link certificate in a CERTS cell,
+      send the certificate that matches the x509 certificate that we
+      used on the TLS connection. Previously, there was a race condition
+      if the TLS context rotated after we began the TLS handshake but
+      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
+      on 0.3.0.1-alpha.
+
+  o Major bugfixes (torrc, crash):
+    - Fix a crash bug when using %include in torrc. Fixes bug 22417;
+      bugfix on 0.3.1.1-alpha. Patch by Daniel Pinto.
+
+  o Minor features (code style):
+    - Add "Falls through" comments to our codebase, in order to silence
+      GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas
+      Stieger. Closes ticket 22446.
+  o Minor features (diagnostic):
+    - Add logging messages to try to diagnose a rare bug that seems to
+      generate RSA->Ed25519 cross-certificates dated in the 1970s. We
+      think this is happening because of incorrect system clocks, but
+      we'd like to know for certain. Diagnostic for bug 22466.
+
+  o Minor bugfixes (correctness):
+    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
+      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
+
+  o Minor bugfixes (directory protocol):
+    - Check for libzstd >= 1.1, because older versions lack the
+      necessary streaming API. Fixes bug 22413; bugfix on 0.3.1.1-alpha.
+
+  o Minor bugfixes (link handshake):
+    - Lower the lifetime of the RSA->Ed25519 cross-certificate to six
+      months, and regenerate it when it is within one month of expiring.
+      Previously, we had generated this certificate at startup with a
+      ten-year lifetime, but that could lead to weird behavior when Tor
+      was started with a grossly inaccurate clock. Mitigates bug 22466;
+      mitigation on 0.3.0.1-alpha.
+
+  o Minor bugfixes (storage directories):
+    - Always check for underflows in the cached storage directory usage.
+      If the usage does underflow, re-calculate it. Also, avoid a
+      separate underflow when the usage is not known. Fixes bug 22424;
+      bugfix on 0.3.1.1-alpha.
+  o Minor bugfixes (unit tests):
+    - The unit tests now pass on systems where localhost is misconfigured
+      to some IPv4 address other than 127.0.0.1. Fixes bug 6298; bugfix
+      on 0.0.9pre2.
+
+  o Documentation:
+    - Clarify the manpage for the (deprecated) torify script. Closes
+      ticket 6892.
Changes in version 0.3.1.2-alpha - 2017-05-26
diff --git a/changes/bug22413 b/changes/bug22413
deleted file mode 100644
index 5b522f1..0000000
--- a/changes/bug22413
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (directory protocol):
-    - Check for libzstd >= 1.1 because older versions lack the
-      necessary streaming API.  Fixes bug 22413; bugfix on
-      0.3.1.1-alpha.
diff --git a/changes/bug22417 b/changes/bug22417
deleted file mode 100644
index 88c601a..0000000
--- a/changes/bug22417
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Major bugfixes (torrc, crash):
-    - Fix a crash bug when using %include in torrc. Fixes bug 22417;
-      bugfix on 0.3.1.1-alpha. Patch by Daniel Pinto.
diff --git a/changes/bug22424 b/changes/bug22424
deleted file mode 100644
index de4cff7..0000000
--- a/changes/bug22424
+++ /dev/null
@@ -1,5 +0,0 @@
-  o Minor bugfixes (storage directories):
-    - Always check for underflows in the cached storage directory usage amount.
-      If the usage does underflow, re-calculate the usage. Also, avoid a
-      separate underflow when the usage is not known.
-      Fixes bug 22424 in 0.3.1.1-alpha.
diff --git a/changes/bug22446 b/changes/bug22446
deleted file mode 100644
index 5932a2e..0000000
--- a/changes/bug22446
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor features (code style):
-    - Add "Falls through" comments to our codebase in order to silence
-      GCC 7's -Wimplicit-fallthrough warnings. Patch from Andreas Stieger.
-      Closes ticket 22446.
diff --git a/changes/bug22460_case1 b/changes/bug22460_case1
deleted file mode 100644
index cfe78ad..0000000
--- a/changes/bug22460_case1
+++ /dev/null
@@ -1,16 +0,0 @@
-  o Major bugfixes (relays, key management):
-    - Regenerate link and authentication certificates whenever the key that
-      signs them changes; also, regenerate link certificates whenever the
-      signed key changes. Previously, these processes were only weakly
-      coupled, and we relays could (for minutes to hours) wind up with an
-      inconsistent set of keys and certificates, which other relays
-      would not accept. Fixes two cases of bug 22460; bugfix on
-      0.3.0.1-alpha.
-    - When sending an Ed25519 signing->link certificate in a CERTS cell,
-      send the certificate that matches the x509 certificate that we used
-      on the TLS connection. Previously, there was a race condition if
-      the TLS context rotated after we began the TLS handshake but
-      before we sent the CERTS cell. Fixes a case of bug 22460; bugfix
-      on 0.3.0.1-alpha.
-
-
diff --git a/changes/bug22460_case2 b/changes/bug22460_case2
deleted file mode 100644
index 0a11759..0000000
--- a/changes/bug22460_case2
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Major bugfixes (relay, link handshake):
-
-    - When performing the v3 link handshake on a TLS connection, report that
-      we have the x509 certificate that we actually used on that connection,
-      even if we have changed certificates since that connection was first
-      opened. Previously, we would claim to have used our most recent x509
-      link certificate, which would sometimes make the link handshake fail.
-      Fixes one case of bug 22460; bugfix on 0.2.3.6-alpha.
diff --git a/changes/bug22466_diagnostic b/changes/bug22466_diagnostic
deleted file mode 100644
index 0286c65..0000000
--- a/changes/bug22466_diagnostic
+++ /dev/null
@@ -1,4 +0,0 @@
-   o Minor features (diagnostic):
-     - Add logging messages to try to diagnose a rare bug that seems
-       to generate RSA->Ed25519 cross-certificates dated in the 1970s.
-       Diagnostic for bug 22466.
diff --git a/changes/bug22466_regenerate b/changes/bug22466_regenerate
deleted file mode 100644
index 8dbda89..0000000
--- a/changes/bug22466_regenerate
+++ /dev/null
@@ -1,8 +0,0 @@
-  o Minor bugfixes (link handshake):
-    - Lower the lifetime of the RSA->Ed25519 cross-certificate to
-      six months, and regenerate it when it is within one month of expiring.
-      Previously, we had generated this certificate at startup with
-      a ten-year lifetime, but that could lead to weird behavior when
-      Tor was started with a grossly inaccurate clock. Mitigates
-      bug 22466; mitigation on 0.3.0.1-alpha.
-
diff --git a/changes/bug22490 b/changes/bug22490
deleted file mode 100644
index 244dd50..0000000
--- a/changes/bug22490
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Minor bugfixes (correctness):
-    - Avoid undefined behavior when parsing IPv6 entries from the geoip6
-      file. Fixes bug 22490; bugfix on 0.2.4.6-alpha.
diff --git a/changes/bug6298 b/changes/bug6298
deleted file mode 100644
index 8e03ce1..0000000
--- a/changes/bug6298
+++ /dev/null
@@ -1,4 +0,0 @@
-  o Minor bugfixes (unit tests):
-    - The unit tests now pass on systems where localhost is misconfigured
-      to some IPv4 address other than 127.0.0.1.  Fixes bug 6298;
-      bugfix on 0.0.9pre2.
diff --git a/changes/torify-manpage b/changes/torify-manpage
deleted file mode 100644
index f8bf56c..0000000
--- a/changes/torify-manpage
+++ /dev/null
@@ -1,3 +0,0 @@
-  o Documentation:
-    - Clarify the manpage for the (deprecated) torify script. Closes
-      ticket 6892.

    