File libsignal.changes of Package libsignal
-------------------------------------------------------------------
Thu Dec 11 15:59:10 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to vers ion 0.86.3 for Signal 7.82.0
* backups: Allow "tombstones" from view once messages in takeout exports
* backups: Refactor `BackupJsonExporter` for easier consumer usage
* backups: Include more account fields into the exported JSON
* backups: Throw validator errors if multiple contacts have the same username (a case-insensitive check)
* backups: Add 'pinReminders' setting field to AccountSettings
* backups: Add bioText & bioEmoji fields to AccountData
* Rust: All serializable zkgroup types are now marked as Clone, since you could get the same effect from serializing and deserializing.
* Backups / SVRB - add support for multiple SVRB backends when new enclaves need to roll out.
* Backup validator: count grapheme clusters instead of characters in poll strings.
* Incremental MAC validation now checks up front that the digest list is at least
structurally valid (a concatenation of digests of the correct length). This was already being checked implicitly, but produced an obtuse error.
* backups: The consolidated away wifiAutoDownloadSettings is now treated as unknown.
* backups: Support poll reactions.
* keytrans: Verify signatures from all auditors
-------------------------------------------------------------------
Thu Oct 16 20:30:57 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.83.0 for Signal 7.75.0
* backups: Support polls in backup validator
* spqr: Remove client-provided options to turn on/off SPQR, defaulting to on everywhere.
* keytrans: Unify errors with other typed APIs
* Locally-closed WebSocket connections now explicitly send close code
1000 instead of an empty close frame
* net: Direct connections to the Signal servers will be tried as a fallback if connecting through an HTTP or SOCKS proxy fails or takes too long.
- Leap: build with gcc >=14
- Fix broken underlinking test
- Fix ftbfs with new rust
-------------------------------------------------------------------
Thu Oct 2 15:03:02 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.81.1 for Signal 7.73.0
* Enable negotiating permessage-deflate support for chat websocket connections, if configured.
* Net: remove Noise connection shadowing for staging Chat websocket connections.
-------------------------------------------------------------------
Thu Sep 25 17:26:23 UTC 2025 - dziobian <brunopitrus@hotmail.com>
- Update to version 0.81.0 for Signal 7.72.0
* KyberPreKeyStore.markKyberPreKeyAsUsed now takes three arguments, to
allow tracking how the pre-key is used: the Kyber pre-key ID, the
signed EC pre-key ID, and the session base key.
* We now always defer to an HTTP/HTTPS proxy for DNS resolution.
* backups: Add logging to BackupAuthCredentialRequestContext_ReceiveResponse internals
* Sealed sender SenderCertificates can now use a `bytes`
representation for the sender, and may avoid embedding their signing
ServerCertificate in favor of referencing a "known" certificate
baked into libsignal. See sealed_sender.proto and the
`KNOWN_SERVER_CERTIFICATES` list in the source for more details.
-------------------------------------------------------------------
Fri Sep 19 08:59:49 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.80.0 for Signal 7.71.0
* backups: relax restriction that backups with backup_tier == free cannot have backupsSubscriberData
* Migrate crates to Rust 2024 edition.
* Desktop: add a distinct error type for incremental mac verification failures.
* The first "Typed API" service interface for chat-server, UnauthUsernamesService,
has been added to libsignal's app layer.
* The libsignal-net remote config option `chatRequestConnectionCheckTimeoutMillis` controls a new check:
if a chat request hasn't been responded to in this amount of time, libsignal will check
if the connection is using the preferred network interface, and close it early if not.
* backups: Validate quote body length
* Rust: libsignal-protocol's fingerprint-related operations have a dedicated error type now,
FingerprintError, rather than reusing SignalProtocolError.
* backups: validate presence of `OutgoingMessageDetails.dateReceived`,
remove deprecated BackupLocator/AttachmentLocator/LocalLocator
-------------------------------------------------------------------
Thu Aug 28 04:51:17 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.78.3 for Signal 7.68.0
* keytrans: Distinguish self-monitoring from monitoring for others
* Net: Shadow Chat websocket connections in staging with Noise Direct connections when enabled via remote config.
-------------------------------------------------------------------
Thu Aug 21 18:23:14 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.78.2 for Signal 7.67.0
* BackupForwardSecrecyTokens can now be used to derive MessageBackupKeys.
* Downgraded some networking-related error logs to warnings.
* SVR-B: Operations have been consistently renamed to `store` and `restore`.
* SVR-B: `restore` now returns an object containing both the
BackupForwardSecrecyToken for decryption, and "secret data" to be
used in the first `store` after restoration.
* `SvrB` now has a `createNewBackupChain` method, allowing you to
locally persist the backup "secret data" *before* the first store to
SVR-B for a fresh install.
* SVR-B:With the first two changes, the secret data argument to `restore` is
now required. See doc comments for more details.
* backups: Add support for call link epochs.
* Rust: libsignal_net_infra::ws2 has been merged into libsignal_net_infra::ws,
with Connection and Config included directly and helper types available
under ws::connection. The old ws::WebSocketConfig has been removed.
Other Changes
-------------
- Rust: `SessionRecord::has_usable_sender_chain` now takes an
additional parameter to specify which criteria make a session
"usable" beyond simply *having* a sender chain. The previous
behavior can be requested by using
`SessionUsabilityRequirements::NotStale`.
-------------------------------------------------------------------
Thu Jul 31 06:28:35 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.76.7 for Signal 7.64.0
* The backup validator accepts the new "forward secrecy" format as well as the existing "ciphertext only" format.
* Added support for new CDSi and SVR2 enclaves.
* Added HPKE operations to (EC)PublicKey---`seal`---and PrivateKey---`open`.
-------------------------------------------------------------------
Tue Jul 22 17:56:59 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.76.4 for Signal 7.63.0
* Making a chat connection now accepts a list of language codes,
which will set the default language to be used for any requests on that connection if provided.
-------------------------------------------------------------------
Thu Jul 10 05:11:22 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.76.0 for Signal 7.61.0
* X3DH handling has been removed from libsignal; X3DH PreKey messages will now be rejected as invalid.
* Node: All APIs now use Uint8Array instead of Buffer. This is a breaking change if you were relying
on any of the APIs added to Buffer on top of Uint8Array, including the diverging behavior of `slice()` and `toString()`.
* Require that device IDs in protocol addresses be in the range [1, 127]. This is a breaking change.
* backups: Update validation to reject EncryptedDigest with no transit info
* backups: Validate new backupTier field
* The net-related RequestedInformation type has been renamed to ChallengeOption, and in some cases relocated,
to reflect its broader usage. The cases within the type have not been changed.
- drop remove-message-backup-test.patch
-------------------------------------------------------------------
Fri Jul 4 17:23:39 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- build_node_bridge-inject-options.patch: fix broken debuginfo
- libsignal-client-visibility-hidden.patch: replace hack with an upstreamable solution
-------------------------------------------------------------------
Sat Jun 28 11:46:26 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- libsignal-client-visibility-hidden.patch: fix FTBFS with rust 1.88
-------------------------------------------------------------------
Thu Jun 26 17:21:28 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.74.1 for Signal 7.59.0
* Support for starting sessions with pre-quantum X3DH has been removed.
PQXDH will be required going forward.
* Backups: the now-deprecated remote content locator fields are ignored
and the new FilePointer.locator_info field must be set.
* keytrans: Bridge to ffi
* Integrate post-quantum ratchet in opt-in mode.
* backups: Add integrityCheck to LocatorInfo
- remove tcp_ssl-test-requires-network.patch
-------------------------------------------------------------------
Wed May 28 19:46:46 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.72.1 for Signal 7.56.0
* Unnecessary prefixes have been removed from file paths in log output.
* CDSI: fix handling of rate-limit-exceeded error to correctly parse the server-requested delay.
- Drop cdsi-test-requires-internet.patch
- Add tcp_ssl-test-requires-network.patch
-------------------------------------------------------------------
Wed May 21 21:52:48 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.71.1 for Signal 7.55.0
* Support new CDSI enclave in production.
* Rust: bump rand crate to v0.9.0
* A pre-key message sender's identity is stored after the message is decrypted.
* Java, Node, Swift: changed IdentityKeyStore.saveIdentity to return an enum.
* Node: RegistrationService.registerAccount takes account password as a string.
* Connections to Signal services (and to Cloudflare's DNS-over-HTTPS server) will now require TLS v1.3, which they would already have been using.
* Futures returned by ChatConnection.send() will now return more specific errors on failure.
* New SVR2 enclaves for staging and production.
* keytrans: Support multiple auditors.
* Fixes a regression introduced in v0.68.1 where incoming PreKey messages would fail to decrypt if the local device had archived the corresponding session.
- libsignal-client-visibility-hidden.patch: remove pqcrypto patch (the dependency has been removed by upstream)
-------------------------------------------------------------------
Tue May 13 22:04:27 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.70.0 for Signal 7.54.0
* Resuming an existing registration session now requires the phone number with for which the session was created.
* Enable registering an account via the Node registration service client.
* backups: Validate NotificationProfile::id
* Node (GSE): Implement toToken() and encryptUserId() for
CallLinkSecretParams
* The Net class now stores a string-map of "remote
config" information, intended for the same sort of server-provided
configuration that the apps already have.
* Add in new CDSI enclave ID, now supporting Kyber HFS Noise channels.
* Net: Remove the fallback connect code paths for CDSI. This is a breaking change.
* backups: Validate ChatFolder::id
* Net: onConnectionInterrupted will now pass along ConnectedElsewhere and ConnectionInvalidated as disconnection reasons, when applicable.
* backups: Release notes can now be included in a chat folder.
* net: Fix a bug where DNS-over-HTTPs lookups wouldn't attempt to make IPv4 and IPv6 connections
to the nameserver in parallel.
- Add cdsi-test-requires-internet.patch
-------------------------------------------------------------------
Thu Apr 17 20:00:42 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.68.0 for Signal 7.51.0
* net: Add a client for the registration verification service. This is currently only available via the Node bindings.
* backups: Enforce that messages with expiration timers < 24 hours are not included in Remote Backups.
* backups: Add support for LocalLocator for local backups
* Retire old SVR2 staging enclave
* keytrans: Remove unused APIs
* backups: Relax check on session switchover update message authors
- Add dns_lookup-test-bsc1241387.patch to work around broken IP6 in OBS during test (bsc#1241387)
-------------------------------------------------------------------
Thu Apr 3 05:14:11 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.67.4 for Signal 7.49.0
* Net.preconnectChat will start the connection process for an
authenticated chat connection without needing a username and password ready.
* Rust: Update some dependencies (including boring) to the lastest compatible versions.
* Net: Harmonized WebSocket PING interval with the client keep-alive
interval to conserve resources.
* Completely remove SVR3 support
-------------------------------------------------------------------
Wed Mar 19 18:47:58 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.67.3 for Signal 7.47.0
* Our DoH resolver will no longer connnect to IPv6 DoH resolvers while IPv6 is disabled.
* Abstract Server(Private/Public)Params from endorsements. Reduces dependencies in clients and issuing servers.
* Add EndorsementPublicRootKey accessor to ServerPublicParams.
* Add support for avatarColor/svrPin fields in backup protos
* Switch message chain key storage to store seed value rather than IV/MAC-key/key.
* Net: try IPv6 in addition to IPv4 when connecting to the DNS-over-HTTPS resolver.
-------------------------------------------------------------------
Thu Mar 13 15:53:12 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.67.0 for Signal 7.46.0
* Net: expose old and new CDSI connect logic.
* Net: support uppercase scheme for proxy URL.
* Net: retire an old SVR2 enclave.
* Net: expose synchronous API for sending ChatConnection response.
* Net: improve the handling of Chat errors and the associated messages and error codes.
-------------------------------------------------------------------
Thu Feb 27 05:30:51 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.66.2 for Signal 7.44.0
* backups: Add system contact name fields to Contact
* keytrans: Detect new versions of account data in monitor responses and invoke search
-------------------------------------------------------------------
Thu Feb 20 21:25:27 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.66.1 for Signal 7.43.0
* Removes the ChatService APIs on all platforms. Existing code should be migrated to the newer
ChatConnection APIs.
* Reverts earlier CDSI connection attempt logic change
-------------------------------------------------------------------
Thu Feb 13 17:18:11 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.5 for Signal 7.42.0
* Introduces an overload of `Net.setProxy()` that supports HTTP and SOCKS proxies in addition to the
"transparent TLS proxies" already supported. Supported schemes: "socks5" (or just "socks"),
"socks5h", "socks4", "socks4a", "https", "http", and "org.signal.tls".
* `Net.setInvalidProxy()` disables new connections until the proxy settings are updated.
* Desktop: `Net.setProxyFromUrl()` translates from URL syntax for specifying a proxy.
* keytrans: Verify consistency proofs
-------------------------------------------------------------------
Wed Feb 5 19:50:15 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.4 for Signal 7.41.0
* Net/Android: Expose new ChatConnection API that uses new connectivity internals to Java
* Net: Migrate CDSI to new connectivity internals also used by ChatConnection
* Net: Migrate DNS to new connectivity internals also used by ChatConnection
* backup: Update to latest backup.proto
-------------------------------------------------------------------
Thu Jan 30 18:46:19 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.2 for Signal 7.40.0
* Several backup validator improvements
* Fixed a bug triggered by quickly connecting then disconnecting a chat
connection.
* Reduce the number of SNIs used when trying to connect using domain fronting.
* Log on some important chat events.
* Add a tag to log messages to distinguish the source of each.
* Key Transparency: Sync with recent server protocol changes.
-------------------------------------------------------------------
Thu Jan 23 18:26:29 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.0 for Signal 7.39.0
* Added a validity-checking function to AccountEntropyPool.
* Rust: The EC key types have been moved to libsignal_core::curve.
They are still exported through libsignal_protocol as before, but a
few of the signatures have changed.
* libsignal-net: enabled support for Ed25519 TLS certificates
* Fixed username printing for discriminators under 10
* Many backup validator improvements
* Removed support for the old AuthCredential versions
* Removed SVR3 from all app bridges
-------------------------------------------------------------------
Wed Jan 8 22:02:51 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.64.1 for Signal 7.37.0
* Backups: Support BackupInfo.currentAppVersion and firstAppVersion fields
* Improve the performance of both the online and whole-file backup validation
methods.
* Import various backup validation proto changes, and tighten validation of
distribution lists to disallow duplicate entries.
* Update `boring` dependency to v4.13.0
* Introduce OnlineBackupValidator, while accepts serialized protobuf
frames rather than processing an entire file at once.
* ChatService will soon be replaced by ChatConnection, currently
experimentally available in Node. (All of the networking-related
APIs are still even more subject to change than the rest of
libsignal.
* Support for the CDSI option 'return_acis_without_uaks' was removed;
it was already ignored by the service.
* Further backup validator proto updates and performance improvements,
including use of an extra worker thread for pipelining entire-file
processing. ChatItem errors will now include the dateSent timestamp.
* Further work on both key transparency and libsignal-net.
-------------------------------------------------------------------
Wed Dec 4 23:00:27 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.62.0 for Signal 7.35.0
* Further backup validator updates:
- Allow PNI-only contacts
- Allow Chat.muteUntilMs of INT64_MAX ("mute forever")
- Update Backup.proto (several fields now use `optional`)
- Suppress repeated warnings about the same timestamp field
- Buffer the input stream for all app languages
* SHA-2 performance improved on 64-bit Linux
* Rust: Add ServiceId::to_protocol_address (thanks, @rubdos!)
* Net: Chat now throws RateLimitedError/RetryLaterException when the server requests a retry
* Attest: Removed unused IAS attestation code and tests
* Backup: Made timestamps optional for AttachmentLocator:uploadTimestamp and ChatItem:dateServerSent
-------------------------------------------------------------------
Wed Nov 20 23:30:40 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.60.2 for Signal 7.34.0
* Add BackupKey.deriveThumbnailTransitEncryptionKey
* Backup validator: Allow "unknown" restrictions for call links
* Expose more key derivations to apps via new BackupKey class, as well
as additional APIs on MessageBackupKey and AccountEntropyPool.
* Adjust backup ID derivation from a BackupKey once more (hopefully
the last time).
* Internal change: Use new websocket event handler for attested
connections. This should not produce any difference in behavior,
but if any is observed this might be the cause.
* Add BackupCredentialType to BackupAuthCredential, and rename the
members of BackupLevel. This is a **breaking change**: old
credentials will no longer work, and client and server have to
agree on the credentials being used. BackupAuthCredential also
now uses the "new" key derivation for the backup ID.
* MessageBackupKey now supports the "new" key derivations using an
"account entropy pool" string, as well as from a backup key and ID.
The "old" derivation from a "master key" has been deprecated in all
languages and will be removed in a future release.
* The backup validator now requires a mediaRootBackupKey in the
BackupInfo proto.
* Provide additional information on CDSI errors.
- Drop bindgen-llvm19-E0425.patch applied upstream
-------------------------------------------------------------------
Thu Nov 7 09:01:17 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.59.0 for Signal 7.32.0
* Rename "pin" crate to "account-keys", to reflect expanding functionality
* Backup: Be more precise about when expiration should have started
* Node: Expose BackupAuthCredentialPresentation.getBackupId()
and getBackupLevel() for mock-server
* Add ViewOnceMessage to the backup validator
* Make sender chain overflow an explicit SignalProtocolError
* Rust: Move E164 type into libsignal-core
- drop upstreamed signal-7.29.0-test-getBackupId.patch
-------------------------------------------------------------------
Wed Nov 6 16:59:17 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Add backported bindgen-llvm19-E0425.patch fixing ftbfs with LLVM 19+ (gh#signalapp/boring#28)
-------------------------------------------------------------------
Thu Oct 17 17:55:11 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Add backported signal-7.29.0-test-getBackupId.patch adding an API needed by the new test harness (but not the app itself)
-------------------------------------------------------------------
Thu Sep 26 17:39:15 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.58.0 for Signal 7.26.0
* Backup: apply stricter rules for contacts and messages
* SVR3: implement new protocol in libsignal-net.
-------------------------------------------------------------------
Thu Sep 19 17:24:08 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.56.1 for Signal 7.25.0
* Internal work in SVR and libsignal-net
* Renames of the "reconnect" libsignal-net ChatService types.
* Several updates to the backup validator.
- Remove bogus soname RPM provide.
-------------------------------------------------------------------
Thu Aug 29 16:48:13 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.55.1 for Signal 7.22.0
* libsignal-net: auto-reconnect logic is removed for ChatService
* Legacy SSv2 receive support removed
* Further updates to the backup validator, including omitting the
backup timestamp and sorting reactions in the canonical string
* Update to boring v4.9.0
* The Net/Network class now exposes an "onNetworkChanged" event,
which will clear certain caches and reset cooldowns
-------------------------------------------------------------------
Thu Aug 15 21:55:42 UTC 2024 - thod_@gmx.de
- Update to version 0.54.0 for Signal 7.20.0
* Node, Swift: changes in the libsignal-net API
* Internal improvements and housekeeping changes
* Node: Split ChatService into AuthenticatedChatService and
UnauthenticatedChatService. We plan to make a similar split for the
other platforms in the future.
* Node: Upload Breakpad syms files for debug info instead of using
per-platform formats
* Server: Added SealedSenderMultiRecipientMessage#serializedRecipientView,
to save on repeated parsing
* Backups: ComparableMessageBackup can be used to check message backups for equality
* Java: ChatServiceException extends IOException
* SVR3: implement migration support, improve resilience to connection failures
- Add remove-message-backup-test.patch
-------------------------------------------------------------------
Thu Jul 18 17:04:12 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.52.3 for Signal 7.16.0
* SVR3: Restores can now fall back to previous environments.
* SVR3: Provide a migration API, for backing up to the latest
environment and clearing from previous ones.
* ChatService: 4xx messages from proxies will no longer be considered
authoritative.
* ChatService: Fixed a hang when the same instance was used for both
auth and unauth connections.
* Node: libsignal will drop log events if they are not being drained
from the Node event loop fast enough, rather than continue to
saturate the event loop.
* Net: customize response status code sent to server
* Backups: bugfix to prevent short file reads
-------------------------------------------------------------------
Fri Jul 5 16:22:02 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Initial package of version 0.51.1 for Signal 7.15.0
- Import patches from signal-desktop package
* boringssl-sys-no-static.patch
* libsignal-client-visibility-hidden.patch
* cc-link-lib-no-static.patch
* ring-no-static.patch
- Add build_node_bridge-inject-options.patch
