File arti.changes of Package arti
-------------------------------------------------------------------
Thu Jul 24 19:49:00 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Add "AND LGPL-3.0-only" to the spec license tag, as arti links
with Rust crates crates/equix and crates/hashx which are
licensed under LGPL-3.0-only
- Update to version 1.4.5:
* Breaking: Console logging now goes to stderr instead of stdout.
* Arti 1.4.5 continues development on xon-based (proposal 324)
flow control and Conflux. In addition, we have drafted an
initial design for the directory cache storage model, which
will be needed for the core relay functionality, and
for the directory authority implementation.
* Decreased the minimum allowed duration of the hsdir_interval to
5 minutes
* New experimental arti keys list and arti keys list-keystores
subcommands for listing the existing keys and configured
keystores
* More work and bug fixes on the conflux implementation
* Experimental support for launching a SOCKS proxy from a set of
already bound listeners.
* For a full changelog see
/usr/share/doc/packages/arti/CHANGELOG.md
-------------------------------------------------------------------
Sat Jun 14 13:19:34 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Use %global instead of %define in arti.spec
- Update to version 1.4.4:
* Arti now requires Rust 1.83
* Arti now supports Circuit Handshake Extensions
* arti-ureq: We no longer enable the rustls feature by default
* Continued development towards supporting Conflux tunnels in
Arti
* Continued development towards supporting Counter Galois Onion
relay cell encryption in Arti
* Arti no longer uses MiddleOnly relays for rendezvous points or
introduction points
* Continued progress on service-side Proof-of-Work (PoW) support
* Arti no longer uses the ".z" suffix in directory URLs
* tor-rtcompat: We no longer bundle an unused copy of the Lets
Encrypt root certificate
-------------------------------------------------------------------
Tue Jun 3 22:50:55 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Re-run vendoring via obs-service-cargo
- Increment rustc memory to 8GB/worker
-------------------------------------------------------------------
Tue May 6 11:33:05 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Use source urls to fetch sources
- Update to version 1.4.3:
* Arti 1.4.3 adds adds the framework for measuring metrics
* Initial groundwork for the Counter Galois Onion proposal
* Some of the groundwork for congestion control, in the form of
handshake negotiation code
* The arti hsc flags --quiet and --force have been consolidated
into a single --batch flag
* Arti now exits by default when it does not support a
recommended or required protocol
* Cleanup, minor fixes and documentation enhancements
-------------------------------------------------------------------
Thu May 01 16:20:51 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to version 1.4.2:
* Arti's RPC subsystem is now stable and ready for use!
* This release continues development on Conflux,
and also fixes a number of bugs and security issues.
* Upgraded to ring version 0.17.13: fixes RUSTSEC-2025-0009
* Upgraded to rand version 0.9.0
* Longer-lived keys are now derived using a CautiousRng,
which combines inputs from several sources,
including OsRng, to minimize the likelihood of falling
to a vulnerability in any particular one
* Arti now imposes a maximum on its fallback estimated timeout,
to prevent integer overflow
* More Conflux development
* More RPC development
* For a full changelog see
/usr/share/doc/packages/arti/CHANGELOG.md
- Update to version 1.4.1:
* Arti 1.4.1 contains
significant behind-the-scenes groundwork for Conflux,
a feature that improves performance and reliability
by allowing data streams to tunnel over multiple circuits.
* Arti now implements the client side of ID-based families
(a.k.a. "Happy Families"). When deployed everywhere on the
network, this feature will allow us to remove around 80-90%
of the data from microdescriptors, and save some administrative
complexity.
* For a full changelog see
/usr/share/doc/packages/arti/CHANGELOG.md
- Update to version 1.4.0:
* Arti 1.4.0 offers a new RPC interface, continues work on the
relay implementation, includes an overhaul of the in-tree
documentation.
* Relay: Major refactoring of the circuit reactor, to use
select!, lifting it from async Rust's low-level "poll" to
"async fn"
* Relay: Improved CLI and add config loading
* Relay: Initial KIST support (Linux-only) in tor-proto
* Relay: Congestion control
* RPC: Cookie authentication
* RPC: Implement request cancellation
* RPC: Other improvements
* For a full changelog see
/usr/share/doc/packages/arti/CHANGELOG.md
- Update to version 1.3.2:
* Arti 1.3.2 continues development on RPC,
and includes preparatory work for relay support and
service-side onion service denial-of-service resistance.
* The key-manager code can now store certificates as well as keys
* Initial implementation for RPC connect points, which will
provide a mechanism for applications to discover where Arti is
running, and connect to it securely.
This implementation is now working, but not yet fully
conformant to its specification.
* For a full changelog see
/usr/share/doc/packages/arti/CHANGELOG.md
-------------------------------------------------------------------
Sat Dec 14 01:54:45 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to version 1.3.1:
* Continues development on onion services, the RPC subsystem,
and relay infrastructure.
* This release fixes a major bug in Arti's channel management
code, where in some circumstances, canceled pending channel
entries were not being cleaned up properly, preventing Arti
from building new channels to their target relays.
-------------------------------------------------------------------
Thu Nov 21 11:11:22 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Increase %limit_build value to 5000 to avoid OOM seen on aarch64
-------------------------------------------------------------------
Sat Nov 16 15:39:59 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to version 1.3.0:
* Achieved parity on most major client features with C Tor.
* Continued work on Arti Relay.
* The work-in-progress RPC system is significantly more clearly
defined and implementation is proceeding.
* More details can be found in the installed package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
- Update to version 1.2.8:
* Arti 1.2.8 continues development on onion services,
the RPC subsystem, key management, and relay infrastructure.
It also includes fixes for two security issues in
handling the SOCKS protocol, the most severe of which is rated at
"medium" according to our security policy.
* Increased MSRV to 1.77
* More details can be found in the installed package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
- Update to version 1.2.7:
* Arti 1.2.7 continues development on onion service client
authorization, the RPC subsystem, and relay infrastructure.
* More details can be found in the installed package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
- Update to version 1.2.6:
* Arti 1.2.7 continues development on onion service client authorization,
the RPC subsystem, and relay infrastructure.
* More details can be found in the installed package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
-------------------------------------------------------------------
Sun Jul 14 18:25:45 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to version 1.2.5:
* Stop publishing the obsolete arti-hyper crate
* Update curve25519-dalek to avoid a low-severity timing
vulnerability. (TROVE-2024-007)
* With full vanguards, client rendezvous circuits
do not reuse the final vanguard as the rendezvous point.
(TROVE-2024-008)
* Some RPC development
* Add skeleton, including (experimental): arti-relay crate,
relay cargo feature in arti-client,
relay command line argument to arti
* Add a key material export facility for some of our TLS
implementations.
* Tolerate removal of files from Arti's cache directory.
-------------------------------------------------------------------
Thu Jun 27 13:19:29 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Increase RAM needed per thread in %limit_build to avoid OOM on aarch64
-------------------------------------------------------------------
Thu Jun 06 23:38:53 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to version 1.2.4:
* Development on onion services, and on the RPC subsystem.
* This release restores the faravahar directory authority,
which has a new location and keys.
* Fixed two-medium security issues, tracked as TROVE-2024-005
and TROVE-2024-006.
* For a full changelog, refer to the installed package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
- Update to version 1.2.3:
* Fixes a high-severity issue affecting onion services and
clients connecting to onion services with 'lite' vanguards
(the default) enabled. TROVE-2024-003
* This release also fixes a medium-severity issue affecting
'full' vanguards. TROVE-2024-004
* For a full changelog, refer to the installed package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
- Update to version 1.2.2:
* Arti now supports Vanguards for improved security
against guard discovery for onion service circuits.
By default, we use the vanguards-lite algorithm;
the vanguards-full algorithm can be configured.
* Update to use the new identity key for the tor26 directory
authority.
* Fix an inadvertent recursion bug when converting TorAddrError
to arti_client::Error.
* Improve reliability of bootstrap status reporting.
* Convert to use figment instead of config-rs as our
configuration backend, for improved error messages.
* For a full changelog, refer to the installed package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
-------------------------------------------------------------------
Thu Apr 4 15:40:41 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Update constraints to build on more workers (especially for aarch64)
-------------------------------------------------------------------
Tue Apr 2 16:34:04 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Added LICENSE-APACHE and LICENSE-MIT to %files
- Added README.md and CHANGELOG.md to %files
-------------------------------------------------------------------
Tue Apr 02 16:00:31 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
- Update to version 1.2.1:
* Reorganize onion service code.
* Design work for out-of-memory handling, which is necessary for
onion service security.
* Initial implementation work for onion service [vanguards],
which are needed to improve onion service security.
This is not yet complete.
* Added support for unmanaged pluggable transports
* Begun work to improve Tor's relay cell protocol with support
for packed and fragmented messages
- Update to version 1.2.0
* Initial support for running onion services.
* Fixed a number of bugs and security issues.
* Made the onion-service-service feature non-experimental.
For a full changelog, refer to the package changelog
(/usr/share/doc/packages/arti/CHANGELOG.md)
-------------------------------------------------------------------
Mon Jan 15 14:15:55 UTC 2024 - eyadlorenzo@gmail.com
- Update to version 1.1.12~0:
Arti 1.1.12 continues work on support for running onion services.
You can now launch an onion service and expect it to run,
though the user experience leaves a lot to be desired.
Don't rely on this onion service implementation for security yet;
there are a number of [missing security features]
we will need to develop before we can recommend them
for actual use.
https://gitlab.torproject.org/tpo/core/arti/-/blob/3c44d849f4c3332ccbb86328392d54e7c1d8e9b6/CHANGELOG.md
- Updated the ignored RUSTSEC advisories, as per the project
recommended way of building the crate
-------------------------------------------------------------------
Fri Dec 08 22:07:44 UTC 2023 - eyadlorenzo@gmail.com
- Update to version 1.1.11:
Arti 1.1.11 continues work on support for running onion services.
Onion services are now working in our testing, and we expect we'll
have something testable by others in our next release.
Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version)
to 1.70, in accordance with our [MSRV policy].
### Onion service development
- Correct our handling of BEGIN and END messages to bring them
into conformance with the C Tor implementation and the specification.
([#1077], [!1694], [!1738])
- In our key manager, use macros to define key specifiers, instead of
repeating the same boilerplate code. ([#1069], [#1093], [!1710],
[!1733])
- Refactoring and refinement on the definitions of onion-service-related
errors. ([!1718], [!1724], [!1750], [!1751], [!1779])
- Add a "time-store" mechanism for (as correctly as possible) storing and loading
future timestamps, even in the presence of system clock skew ([!1723], [!1774])
- Implement a replay-log backend to prevent INTRODUCE replay attacks
against onion services. ([!1725])
- Improved encoding for key-denotators in the key manager. ([#1063],
[#1070], [!1722])
- Allow a single key to have more than one denotator in its path.
([#1112], [!1747])
- Use an order-preserving-encryption back-end to generate
monotonically increasing revision counters for onion service
descriptors. We do this to ensure a reproducible series of counters
without leaking our clock skew. ([#1053], [!1741], [!1744])
- Deprecate key types for INTRODUCE-based authentication:
C tor has never implemented this, and we do not plan to implement it
without additional specification work. ([#1037], [!1749])
- When establishing an introduction point, send the `intro_dos`
extension as appropriate. ([#723], [!1740])
- Added conversion functions and initial persistence support for
introduction point keys. ([!1756])
- Start work on introduction point persistence. ([!1755], [!1765]).
- Revert to our intended configuration format for onion service proxy rules.
([#1058], [!1771])
### Client features
- Backend and API code for the "ntor-v3" circuit-extension handshake.
This handshake adds the ability to send additional options
from the client to the relay when creating or extending a circuit,
and will eventually be used to negotiate protocol features like
RTT-based congestion control and UDP-over-Tor support.
([!1720], [!1739])
-------------------------------------------------------------------
Mon Nov 13 17:17:23 UTC 2023 - eyadlorenzo@gmail.com
- Update to version 1.1.10:
Arti 1.1.10 continues work on support for onion services in
Arti. At last, we can (technically) run as an onion service...
though not yet in a useful way. (Onion services don't yet recover
correctly after a restart, outdated keys are not removed, and we
are missing other important security features.)
### Breaking changes in lower-level crates
- The [`IoErrorExt`] trait in [`tor-basic-utils`] is now
sealed. ([!1654])
- The [`Requestable`] trait in [`tor-dirclient`] is now sealed,
and most of its members are now private. ([!1679])
- In [`tor-cell`], stream and circuit IDs are now inherently
non-zero. To represent an ID that might be zero on the wire, we
now use
`Option<StreamId>` or `Option<CircId>`. ([#1080], [!1697])
- In [`tor-cell`], `CREATE2` handshake types are no longer raw
`u16` values. ([!1703])
- In [`tor-cert`], `encode_and_sign` now returns an
`Ed25519EncodedCert` rather than a raw `Vec<u8>`. ([!1702])
### Client features
- Arti can now be configured to listen for connections on
multiple arbitrary addresses—not just `localhost`. ([!1613])
### Key manager
- The key manager code now has improved support for generating
keypairs, keys with derived data, and other structures needed for
onion services. ([!1653])
- The key manager now encodes whether a key is private or public in its
file extension. ([!1672])
- The key manager now disallows path components that could lead
(under some programming errors) to directory traversal. ([!1661])
- We can now list keys by path and type; this is important so that
we can identify disused keys and eventually expire them. ([!1677])
See https://gitlab.torproject.org/tpo/core/arti/-/blob/c39857a8a63200ed5ed539d1f9231b05d7da7e0d/CHANGELOG.md
for more info
-------------------------------------------------------------------
Mon Oct 30 12:37:00 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Add _constraints file to avoid build failures
-------------------------------------------------------------------
Wed Oct 25 21:58:30 UTC 2023 - Eyad Issa <eyadlorenzo@gmail.com>
- Run format_spec_file service
-------------------------------------------------------------------
Fri Oct 20 16:54:29 UTC 2023 - Eyad Issa <eyadlorenzo@gmail.com>
- Version 1.1.9
