File libsignal.changes of Package libsignal
-------------------------------------------------------------------
Fri Sep 19 08:59:49 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.80.0 for Signal 7.71.0
* backups: relax restriction that backups with backup_tier == free cannot have backupsSubscriberData
* Migrate crates to Rust 2024 edition.
* Desktop: add a distinct error type for incremental mac verification failures.
* The first "Typed API" service interface for chat-server, UnauthUsernamesService,
has been added to libsignal's app layer.
* The libsignal-net remote config option `chatRequestConnectionCheckTimeoutMillis` controls a new check:
if a chat request hasn't been responded to in this amount of time, libsignal will check
if the connection is using the preferred network interface, and close it early if not.
* backups: Validate quote body length
* Rust: libsignal-protocol's fingerprint-related operations have a dedicated error type now,
FingerprintError, rather than reusing SignalProtocolError.
* backups: validate presence of `OutgoingMessageDetails.dateReceived`,
remove deprecated BackupLocator/AttachmentLocator/LocalLocator
-------------------------------------------------------------------
Thu Aug 28 04:51:17 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.78.3 for Signal 7.68.0
* keytrans: Distinguish self-monitoring from monitoring for others
* Net: Shadow Chat websocket connections in staging with Noise Direct connections when enabled via remote config.
-------------------------------------------------------------------
Thu Aug 21 18:23:14 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.78.2 for Signal 7.67.0
* BackupForwardSecrecyTokens can now be used to derive MessageBackupKeys.
* Downgraded some networking-related error logs to warnings.
* SVR-B: Operations have been consistently renamed to `store` and `restore`.
* SVR-B: `restore` now returns an object containing both the
BackupForwardSecrecyToken for decryption, and "secret data" to be
used in the first `store` after restoration.
* `SvrB` now has a `createNewBackupChain` method, allowing you to
locally persist the backup "secret data" *before* the first store to
SVR-B for a fresh install.
* SVR-B:With the first two changes, the secret data argument to `restore` is
now required. See doc comments for more details.
* backups: Add support for call link epochs.
* Rust: libsignal_net_infra::ws2 has been merged into libsignal_net_infra::ws,
with Connection and Config included directly and helper types available
under ws::connection. The old ws::WebSocketConfig has been removed.
Other Changes
-------------
- Rust: `SessionRecord::has_usable_sender_chain` now takes an
additional parameter to specify which criteria make a session
"usable" beyond simply *having* a sender chain. The previous
behavior can be requested by using
`SessionUsabilityRequirements::NotStale`.
-------------------------------------------------------------------
Thu Jul 31 06:28:35 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.76.7 for Signal 7.64.0
* The backup validator accepts the new "forward secrecy" format as well as the existing "ciphertext only" format.
* Added support for new CDSi and SVR2 enclaves.
* Added HPKE operations to (EC)PublicKey---`seal`---and PrivateKey---`open`.
-------------------------------------------------------------------
Tue Jul 22 17:56:59 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.76.4 for Signal 7.63.0
* Making a chat connection now accepts a list of language codes,
which will set the default language to be used for any requests on that connection if provided.
-------------------------------------------------------------------
Thu Jul 10 05:11:22 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.76.0 for Signal 7.61.0
* X3DH handling has been removed from libsignal; X3DH PreKey messages will now be rejected as invalid.
* Node: All APIs now use Uint8Array instead of Buffer. This is a breaking change if you were relying
on any of the APIs added to Buffer on top of Uint8Array, including the diverging behavior of `slice()` and `toString()`.
* Require that device IDs in protocol addresses be in the range [1, 127]. This is a breaking change.
* backups: Update validation to reject EncryptedDigest with no transit info
* backups: Validate new backupTier field
* The net-related RequestedInformation type has been renamed to ChallengeOption, and in some cases relocated,
to reflect its broader usage. The cases within the type have not been changed.
- drop remove-message-backup-test.patch
-------------------------------------------------------------------
Fri Jul 4 17:23:39 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- build_node_bridge-inject-options.patch: fix broken debuginfo
- libsignal-client-visibility-hidden.patch: replace hack with an upstreamable solution
-------------------------------------------------------------------
Sat Jun 28 11:46:26 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- libsignal-client-visibility-hidden.patch: fix FTBFS with rust 1.88
-------------------------------------------------------------------
Thu Jun 26 17:21:28 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.74.1 for Signal 7.59.0
* Support for starting sessions with pre-quantum X3DH has been removed.
PQXDH will be required going forward.
* Backups: the now-deprecated remote content locator fields are ignored
and the new FilePointer.locator_info field must be set.
* keytrans: Bridge to ffi
* Integrate post-quantum ratchet in opt-in mode.
* backups: Add integrityCheck to LocatorInfo
- remove tcp_ssl-test-requires-network.patch
-------------------------------------------------------------------
Wed May 28 19:46:46 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.72.1 for Signal 7.56.0
* Unnecessary prefixes have been removed from file paths in log output.
* CDSI: fix handling of rate-limit-exceeded error to correctly parse the server-requested delay.
- Drop cdsi-test-requires-internet.patch
- Add tcp_ssl-test-requires-network.patch
-------------------------------------------------------------------
Wed May 21 21:52:48 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.71.1 for Signal 7.55.0
* Support new CDSI enclave in production.
* Rust: bump rand crate to v0.9.0
* A pre-key message sender's identity is stored after the message is decrypted.
* Java, Node, Swift: changed IdentityKeyStore.saveIdentity to return an enum.
* Node: RegistrationService.registerAccount takes account password as a string.
* Connections to Signal services (and to Cloudflare's DNS-over-HTTPS server) will now require TLS v1.3, which they would already have been using.
* Futures returned by ChatConnection.send() will now return more specific errors on failure.
* New SVR2 enclaves for staging and production.
* keytrans: Support multiple auditors.
* Fixes a regression introduced in v0.68.1 where incoming PreKey messages would fail to decrypt if the local device had archived the corresponding session.
- libsignal-client-visibility-hidden.patch: remove pqcrypto patch (the dependency has been removed by upstream)
-------------------------------------------------------------------
Tue May 13 22:04:27 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.70.0 for Signal 7.54.0
* Resuming an existing registration session now requires the phone number with for which the session was created.
* Enable registering an account via the Node registration service client.
* backups: Validate NotificationProfile::id
* Node (GSE): Implement toToken() and encryptUserId() for
CallLinkSecretParams
* The Net class now stores a string-map of "remote
config" information, intended for the same sort of server-provided
configuration that the apps already have.
* Add in new CDSI enclave ID, now supporting Kyber HFS Noise channels.
* Net: Remove the fallback connect code paths for CDSI. This is a breaking change.
* backups: Validate ChatFolder::id
* Net: onConnectionInterrupted will now pass along ConnectedElsewhere and ConnectionInvalidated as disconnection reasons, when applicable.
* backups: Release notes can now be included in a chat folder.
* net: Fix a bug where DNS-over-HTTPs lookups wouldn't attempt to make IPv4 and IPv6 connections
to the nameserver in parallel.
- Add cdsi-test-requires-internet.patch
-------------------------------------------------------------------
Thu Apr 17 20:00:42 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.68.0 for Signal 7.51.0
* net: Add a client for the registration verification service. This is currently only available via the Node bindings.
* backups: Enforce that messages with expiration timers < 24 hours are not included in Remote Backups.
* backups: Add support for LocalLocator for local backups
* Retire old SVR2 staging enclave
* keytrans: Remove unused APIs
* backups: Relax check on session switchover update message authors
- Add dns_lookup-test-bsc1241387.patch to work around broken IP6 in OBS during test (bsc#1241387)
-------------------------------------------------------------------
Thu Apr 3 05:14:11 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.67.4 for Signal 7.49.0
* Net.preconnectChat will start the connection process for an
authenticated chat connection without needing a username and password ready.
* Rust: Update some dependencies (including boring) to the lastest compatible versions.
* Net: Harmonized WebSocket PING interval with the client keep-alive
interval to conserve resources.
* Completely remove SVR3 support
-------------------------------------------------------------------
Wed Mar 19 18:47:58 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- update to version 0.67.3 for Signal 7.47.0
* Our DoH resolver will no longer connnect to IPv6 DoH resolvers while IPv6 is disabled.
* Abstract Server(Private/Public)Params from endorsements. Reduces dependencies in clients and issuing servers.
* Add EndorsementPublicRootKey accessor to ServerPublicParams.
* Add support for avatarColor/svrPin fields in backup protos
* Switch message chain key storage to store seed value rather than IV/MAC-key/key.
* Net: try IPv6 in addition to IPv4 when connecting to the DNS-over-HTTPS resolver.
-------------------------------------------------------------------
Thu Mar 13 15:53:12 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.67.0 for Signal 7.46.0
* Net: expose old and new CDSI connect logic.
* Net: support uppercase scheme for proxy URL.
* Net: retire an old SVR2 enclave.
* Net: expose synchronous API for sending ChatConnection response.
* Net: improve the handling of Chat errors and the associated messages and error codes.
-------------------------------------------------------------------
Thu Feb 27 05:30:51 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.66.2 for Signal 7.44.0
* backups: Add system contact name fields to Contact
* keytrans: Detect new versions of account data in monitor responses and invoke search
-------------------------------------------------------------------
Thu Feb 20 21:25:27 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.66.1 for Signal 7.43.0
* Removes the ChatService APIs on all platforms. Existing code should be migrated to the newer
ChatConnection APIs.
* Reverts earlier CDSI connection attempt logic change
-------------------------------------------------------------------
Thu Feb 13 17:18:11 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.5 for Signal 7.42.0
* Introduces an overload of `Net.setProxy()` that supports HTTP and SOCKS proxies in addition to the
"transparent TLS proxies" already supported. Supported schemes: "socks5" (or just "socks"),
"socks5h", "socks4", "socks4a", "https", "http", and "org.signal.tls".
* `Net.setInvalidProxy()` disables new connections until the proxy settings are updated.
* Desktop: `Net.setProxyFromUrl()` translates from URL syntax for specifying a proxy.
* keytrans: Verify consistency proofs
-------------------------------------------------------------------
Wed Feb 5 19:50:15 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.4 for Signal 7.41.0
* Net/Android: Expose new ChatConnection API that uses new connectivity internals to Java
* Net: Migrate CDSI to new connectivity internals also used by ChatConnection
* Net: Migrate DNS to new connectivity internals also used by ChatConnection
* backup: Update to latest backup.proto
-------------------------------------------------------------------
Thu Jan 30 18:46:19 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.2 for Signal 7.40.0
* Several backup validator improvements
* Fixed a bug triggered by quickly connecting then disconnecting a chat
connection.
* Reduce the number of SNIs used when trying to connect using domain fronting.
* Log on some important chat events.
* Add a tag to log messages to distinguish the source of each.
* Key Transparency: Sync with recent server protocol changes.
-------------------------------------------------------------------
Thu Jan 23 18:26:29 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.65.0 for Signal 7.39.0
* Added a validity-checking function to AccountEntropyPool.
* Rust: The EC key types have been moved to libsignal_core::curve.
They are still exported through libsignal_protocol as before, but a
few of the signatures have changed.
* libsignal-net: enabled support for Ed25519 TLS certificates
* Fixed username printing for discriminators under 10
* Many backup validator improvements
* Removed support for the old AuthCredential versions
* Removed SVR3 from all app bridges
-------------------------------------------------------------------
Wed Jan 8 22:02:51 UTC 2025 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.64.1 for Signal 7.37.0
* Backups: Support BackupInfo.currentAppVersion and firstAppVersion fields
* Improve the performance of both the online and whole-file backup validation
methods.
* Import various backup validation proto changes, and tighten validation of
distribution lists to disallow duplicate entries.
* Update `boring` dependency to v4.13.0
* Introduce OnlineBackupValidator, while accepts serialized protobuf
frames rather than processing an entire file at once.
* ChatService will soon be replaced by ChatConnection, currently
experimentally available in Node. (All of the networking-related
APIs are still even more subject to change than the rest of
libsignal.
* Support for the CDSI option 'return_acis_without_uaks' was removed;
it was already ignored by the service.
* Further backup validator proto updates and performance improvements,
including use of an extra worker thread for pipelining entire-file
processing. ChatItem errors will now include the dateSent timestamp.
* Further work on both key transparency and libsignal-net.
-------------------------------------------------------------------
Wed Dec 4 23:00:27 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.62.0 for Signal 7.35.0
* Further backup validator updates:
- Allow PNI-only contacts
- Allow Chat.muteUntilMs of INT64_MAX ("mute forever")
- Update Backup.proto (several fields now use `optional`)
- Suppress repeated warnings about the same timestamp field
- Buffer the input stream for all app languages
* SHA-2 performance improved on 64-bit Linux
* Rust: Add ServiceId::to_protocol_address (thanks, @rubdos!)
* Net: Chat now throws RateLimitedError/RetryLaterException when the server requests a retry
* Attest: Removed unused IAS attestation code and tests
* Backup: Made timestamps optional for AttachmentLocator:uploadTimestamp and ChatItem:dateServerSent
-------------------------------------------------------------------
Wed Nov 20 23:30:40 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.60.2 for Signal 7.34.0
* Add BackupKey.deriveThumbnailTransitEncryptionKey
* Backup validator: Allow "unknown" restrictions for call links
* Expose more key derivations to apps via new BackupKey class, as well
as additional APIs on MessageBackupKey and AccountEntropyPool.
* Adjust backup ID derivation from a BackupKey once more (hopefully
the last time).
* Internal change: Use new websocket event handler for attested
connections. This should not produce any difference in behavior,
but if any is observed this might be the cause.
* Add BackupCredentialType to BackupAuthCredential, and rename the
members of BackupLevel. This is a **breaking change**: old
credentials will no longer work, and client and server have to
agree on the credentials being used. BackupAuthCredential also
now uses the "new" key derivation for the backup ID.
* MessageBackupKey now supports the "new" key derivations using an
"account entropy pool" string, as well as from a backup key and ID.
The "old" derivation from a "master key" has been deprecated in all
languages and will be removed in a future release.
* The backup validator now requires a mediaRootBackupKey in the
BackupInfo proto.
* Provide additional information on CDSI errors.
- Drop bindgen-llvm19-E0425.patch applied upstream
-------------------------------------------------------------------
Thu Nov 7 09:01:17 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.59.0 for Signal 7.32.0
* Rename "pin" crate to "account-keys", to reflect expanding functionality
* Backup: Be more precise about when expiration should have started
* Node: Expose BackupAuthCredentialPresentation.getBackupId()
and getBackupLevel() for mock-server
* Add ViewOnceMessage to the backup validator
* Make sender chain overflow an explicit SignalProtocolError
* Rust: Move E164 type into libsignal-core
- drop upstreamed signal-7.29.0-test-getBackupId.patch
-------------------------------------------------------------------
Wed Nov 6 16:59:17 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Add backported bindgen-llvm19-E0425.patch fixing ftbfs with LLVM 19+ (gh#signalapp/boring#28)
-------------------------------------------------------------------
Thu Oct 17 17:55:11 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Add backported signal-7.29.0-test-getBackupId.patch adding an API needed by the new test harness (but not the app itself)
-------------------------------------------------------------------
Thu Sep 26 17:39:15 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.58.0 for Signal 7.26.0
* Backup: apply stricter rules for contacts and messages
* SVR3: implement new protocol in libsignal-net.
-------------------------------------------------------------------
Thu Sep 19 17:24:08 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.56.1 for Signal 7.25.0
* Internal work in SVR and libsignal-net
* Renames of the "reconnect" libsignal-net ChatService types.
* Several updates to the backup validator.
- Remove bogus soname RPM provide.
-------------------------------------------------------------------
Thu Aug 29 16:48:13 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.55.1 for Signal 7.22.0
* libsignal-net: auto-reconnect logic is removed for ChatService
* Legacy SSv2 receive support removed
* Further updates to the backup validator, including omitting the
backup timestamp and sorting reactions in the canonical string
* Update to boring v4.9.0
* The Net/Network class now exposes an "onNetworkChanged" event,
which will clear certain caches and reset cooldowns
-------------------------------------------------------------------
Thu Aug 15 21:55:42 UTC 2024 - thod_@gmx.de
- Update to version 0.54.0 for Signal 7.20.0
* Node, Swift: changes in the libsignal-net API
* Internal improvements and housekeeping changes
* Node: Split ChatService into AuthenticatedChatService and
UnauthenticatedChatService. We plan to make a similar split for the
other platforms in the future.
* Node: Upload Breakpad syms files for debug info instead of using
per-platform formats
* Server: Added SealedSenderMultiRecipientMessage#serializedRecipientView,
to save on repeated parsing
* Backups: ComparableMessageBackup can be used to check message backups for equality
* Java: ChatServiceException extends IOException
* SVR3: implement migration support, improve resilience to connection failures
- Add remove-message-backup-test.patch
-------------------------------------------------------------------
Thu Jul 18 17:04:12 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Update to version 0.52.3 for Signal 7.16.0
* SVR3: Restores can now fall back to previous environments.
* SVR3: Provide a migration API, for backing up to the latest
environment and clearing from previous ones.
* ChatService: 4xx messages from proxies will no longer be considered
authoritative.
* ChatService: Fixed a hang when the same instance was used for both
auth and unauth connections.
* Node: libsignal will drop log events if they are not being drained
from the Node event loop fast enough, rather than continue to
saturate the event loop.
* Net: customize response status code sent to server
* Backups: bugfix to prevent short file reads
-------------------------------------------------------------------
Fri Jul 5 16:22:02 UTC 2024 - Bruno Pitrus <brunopitrus@hotmail.com>
- Initial package of version 0.51.1 for Signal 7.15.0
- Import patches from signal-desktop package
* boringssl-sys-no-static.patch
* libsignal-client-visibility-hidden.patch
* cc-link-lib-no-static.patch
* ring-no-static.patch
- Add build_node_bridge-inject-options.patch
