- Update to version 1.3.0:

* Achieved parity on most major client features with C Tor. * Continued work on Arti Relay. * The work-in-progress RPC system is significantly more clearly defined and implementation is proceeding. * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) - Update to version 1.2.8: * Arti 1.2.8 continues development on onion services, the RPC subsystem, key management, and relay infrastructure. It also includes fixes for two security issues in handling the SOCKS protocol, the most severe of which is rated at "medium" according to our security policy. * Increased MSRV to 1.77 * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) - Update to version 1.2.7: * Arti 1.2.7 continues development on onion service client authorization, the RPC subsystem, and relay infrastructure. * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) - Update to version 1.2.6: * Arti 1.2.7 continues development on onion service client authorization, the RPC subsystem, and relay infrastructure. * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) * Update curve25519-dalek to avoid a low-severity timing * Add a key material export facility for some of our TLS OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=25
2024-11-16 15:59:06 +00:00 · 2024-11-16 15:59:06 +00:00 · 4a69295f97
commit 4a69295f97
12 changed files with 430 additions and 0 deletions
--- a/.gitattributes
+++ b/.gitattributes
@ -0,0 +1,23 @@
+## Default LFS
+*.7z filter=lfs diff=lfs merge=lfs -text
+*.bsp filter=lfs diff=lfs merge=lfs -text
+*.bz2 filter=lfs diff=lfs merge=lfs -text
+*.gem filter=lfs diff=lfs merge=lfs -text
+*.gz filter=lfs diff=lfs merge=lfs -text
+*.jar filter=lfs diff=lfs merge=lfs -text
+*.lz filter=lfs diff=lfs merge=lfs -text
+*.lzma filter=lfs diff=lfs merge=lfs -text
+*.obscpio filter=lfs diff=lfs merge=lfs -text
+*.oxt filter=lfs diff=lfs merge=lfs -text
+*.pdf filter=lfs diff=lfs merge=lfs -text
+*.png filter=lfs diff=lfs merge=lfs -text
+*.rpm filter=lfs diff=lfs merge=lfs -text
+*.tbz filter=lfs diff=lfs merge=lfs -text
+*.tbz2 filter=lfs diff=lfs merge=lfs -text
+*.tgz filter=lfs diff=lfs merge=lfs -text
+*.ttf filter=lfs diff=lfs merge=lfs -text
+*.txz filter=lfs diff=lfs merge=lfs -text
+*.whl filter=lfs diff=lfs merge=lfs -text
+*.xz filter=lfs diff=lfs merge=lfs -text
+*.zip filter=lfs diff=lfs merge=lfs -text
+*.zst filter=lfs diff=lfs merge=lfs -text
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+.osc
--- a/10
+++ b/10
@ -0,0 +1,10 @@
+<constraints>
+  <hardware>
+    <memory>
+     <size unit="G">20</size>
+    </memory>
+    <disk>
+      <size unit="G">35</size>
+    </disk>
+  </hardware>
+</constraints>
--- a/58
+++ b/58
@ -0,0 +1,58 @@
+<services>
+    <service name="obs_scm" mode="manual">
+        <param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
+        <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
+        <param name="scm">git</param>
+        <param name="revision">arti-v1.3.0</param>
+        <param name="match-tag">*</param>
+        <param name="versionrewrite-pattern">arti-v(\d+\.\d+\.\d+)</param>
+        <param name="versionrewrite-replacement">\1</param>
+        <param name="changesgenerate">enable</param>
+    </service>
+
+    <service name="set_version" mode="manual" />
+    <service name="cargo_vendor" mode="manual">
+        <param name="srcdir">arti</param>
+        <param name="compression">zst</param>
+        <param name="update">true</param>
+
+        <!--
+        From https://gitlab.torproject.org/tpo/core/arti/-/blob/2db5ccf16d2f977c073ba3f142513b920fb7b6a1/maint/cargo_audit
+        -->
+
+        <!--
+        This is a real but theoretical unaligned read.  It might happen only on
+        Windows and only with a custom global allocator, which we don't do in our
+        arti binary.  The bad crate is depended on by env-logger and clap.
+        This is being discussed by those crates' contributors here:
+            https://github.com/clap-rs/clap/pull/4249
+            https://github.com/rust-cli/env_logger/pull/246
+        -->
+        <param name="i-accept-the-risk">RUSTSEC-2021-0145</param>
+
+        <!--
+        As of 28 Nov 2023, all versions of the rsa crate have a variable
+        timing attack that can leak private keys.
+
+        We do not use (yet) do any private-key rsa operations in arti:
+        we only use it to verify signatures.
+        -->
+        <param name="i-accept-the-risk">RUSTSEC-2023-0071</param>
+
+
+        <!--
+        This is not a vulnerability but an unmaintained warning for
+        `generational-arena`. It is only used by arti-rpcserver (which is
+        experimental).
+        -->
+        <param name="i-accept-the-risk">RUSTSEC-2024-0014</param>
+
+    </service>
+
+    <service name="cargo_audit" mode="manual">
+        <param name="srcdir">arti</param>
+    </service>
+
+
+    <service name="tar" mode="buildtime" />
+</services>
--- a/4
+++ b/4
@ -0,0 +1,4 @@
+<servicedata>
+<service name="tar_scm">
+                <param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
+              <param name="changesrevision">0a7ba1c3b5cd483efa50c02201b8ff50580d3f48</param></service></servicedata>
--- a/arti-1.2.4~0.obscpio
+++ b/arti-1.2.4~0.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a0dbd802da3a948fb2a36c87acd209d1ba64e930612b810fd34361e20acc519
+size 60828686
--- a/arti-1.2.5~0.obscpio
+++ b/arti-1.2.5~0.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fecb37af7202137f2bcca66242a7cb4f48b94cf66fe79d7a51614985902c0817
+size 60880910
--- a/arti-1.3.0~0.obscpio
+++ b/arti-1.3.0~0.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:9b6efd071d12ef4ec2d6a15c73e043405ff3530df8f98046e409f312f357cf1d
+size 62275598
--- a/arti.changes
+++ b/arti.changes
@ -0,0 +1,263 @@
+-------------------------------------------------------------------
+Sat Nov 16 15:39:59 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.3.0:
+  * Achieved parity on most major client features with C Tor.
+  * Continued work on Arti Relay.
+  * The work-in-progress RPC system is significantly more clearly
+    defined and implementation is proceeding.
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+
+- Update to version 1.2.8:
+  * Arti 1.2.8 continues development on onion services,
+    the RPC subsystem, key management, and relay infrastructure.
+    It also includes fixes for two security issues in
+    handling the SOCKS protocol, the most severe of which is rated at
+    "medium" according to our security policy.
+  * Increased MSRV to 1.77
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+- Update to version 1.2.7:
+  * Arti 1.2.7 continues development on onion service client
+    authorization, the RPC subsystem, and relay infrastructure.
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+- Update to version 1.2.6:
+  * Arti 1.2.7 continues development on onion service client authorization,
+    the RPC subsystem, and relay infrastructure.
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+-------------------------------------------------------------------
+Sun Jul 14 18:25:45 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.2.5:
+  * Stop publishing the obsolete arti-hyper crate
+  * Update curve25519-dalek to avoid a low-severity timing
+    vulnerability. (TROVE-2024-007)
+  * With full vanguards, client rendezvous circuits
+    do not reuse the final vanguard as the rendezvous point.
+    (TROVE-2024-008)
+  * Some RPC development
+  * Add skeleton, including (experimental): arti-relay crate,
+    relay cargo feature in arti-client,
+    relay command line argument to arti
+  * Add a key material export facility for some of our TLS
+    implementations.
+  * Tolerate removal of files from Arti's cache directory.
+
+-------------------------------------------------------------------
+Thu Jun 27 13:19:29 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Increase RAM needed per thread in %limit_build to avoid OOM on aarch64
+
+-------------------------------------------------------------------
+Thu Jun 06 23:38:53 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.2.4:
+  * Development on onion services, and on the RPC subsystem.
+  * This release restores the faravahar directory authority,
+    which has a new location and keys.
+  * Fixed two-medium security issues, tracked as TROVE-2024-005
+    and TROVE-2024-006.
+  * For a full changelog, refer to the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+
+- Update to version 1.2.3:
+  * Fixes a high-severity issue affecting onion services and
+    clients connecting to onion services with 'lite' vanguards
+    (the default) enabled. TROVE-2024-003
+  * This release also fixes a medium-severity issue affecting
+    'full' vanguards. TROVE-2024-004
+  * For a full changelog, refer to the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+
+- Update to version 1.2.2:
+  * Arti now supports Vanguards for improved security
+    against guard discovery for onion service circuits.
+    By default, we use the vanguards-lite algorithm;
+    the vanguards-full algorithm can be configured.
+  * Update to use the new identity key for the tor26 directory
+    authority.
+  * Fix an inadvertent recursion bug when converting TorAddrError
+    to arti_client::Error.
+  * Improve reliability of bootstrap status reporting.
+  * Convert to use figment instead of config-rs as our
+    configuration backend, for improved error messages.
+  * For a full changelog, refer to the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+-------------------------------------------------------------------
+Thu Apr  4 15:40:41 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Update constraints to build on more workers (especially for aarch64)
+
+-------------------------------------------------------------------
+Tue Apr  2 16:34:04 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Added LICENSE-APACHE and LICENSE-MIT to %files
+- Added README.md and CHANGELOG.md to %files
+
+-------------------------------------------------------------------
+Tue Apr 02 16:00:31 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.2.1:
+  * Reorganize onion service code.
+  * Design work for out-of-memory handling, which is necessary for
+    onion service security.
+  * Initial implementation work for onion service [vanguards],
+    which are needed to improve onion service security.
+    This is not yet complete.
+  * Added support for unmanaged pluggable transports
+  * Begun work to improve Tor's relay cell protocol with support
+    for packed and fragmented messages
+
+- Update to version 1.2.0
+  * Initial support for running onion services.
+  * Fixed a number of bugs and security issues.
+  * Made the onion-service-service feature non-experimental.
+
+  For a full changelog, refer to the package changelog
+  (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+-------------------------------------------------------------------
+Mon Jan 15 14:15:55 UTC 2024 - eyadlorenzo@gmail.com
+
+- Update to version 1.1.12~0:
+
+  Arti 1.1.12 continues work on support for running onion services.
+  You can now launch an onion service and expect it to run,
+  though the user experience leaves a lot to be desired.
+  Don't rely on this onion service implementation for security yet;
+  there are a number of [missing security features]
+  we will need to develop before we can recommend them
+  for actual use.
+
+  https://gitlab.torproject.org/tpo/core/arti/-/blob/3c44d849f4c3332ccbb86328392d54e7c1d8e9b6/CHANGELOG.md
+
+- Updated the ignored RUSTSEC advisories, as per the project
+  recommended way of building the crate
+
+-------------------------------------------------------------------
+Fri Dec 08 22:07:44 UTC 2023 - eyadlorenzo@gmail.com
+
+- Update to version 1.1.11:
+
+  Arti 1.1.11 continues work on support for running onion services.
+  Onion services are now working in our testing, and we expect we'll
+  have something testable by others in our next release.
+
+  Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version)
+  to 1.70, in accordance with our [MSRV policy].
+
+  ### Onion service development
+
+  - Correct our handling of BEGIN and END messages to bring them
+    into conformance with the C Tor implementation and the specification.
+    ([#1077], [!1694], [!1738])
+  - In our key manager, use macros to define key specifiers, instead of
+    repeating the same boilerplate code. ([#1069], [#1093], [!1710],
+    [!1733])
+  - Refactoring and refinement on the definitions of onion-service-related
+    errors. ([!1718], [!1724], [!1750], [!1751], [!1779])
+  - Add a "time-store" mechanism for (as correctly as possible) storing and loading
+    future timestamps, even in the presence of system clock skew ([!1723], [!1774])
+  - Implement a replay-log backend to prevent INTRODUCE replay attacks
+    against onion services. ([!1725])
+  - Improved encoding for key-denotators in the key manager. ([#1063],
+    [#1070], [!1722])
+  - Allow a single key to have more than one denotator in its path.
+    ([#1112], [!1747])
+  - Use an order-preserving-encryption back-end to generate
+    monotonically increasing revision counters for onion service
+    descriptors.  We do this to ensure a reproducible series of counters
+    without leaking our clock skew.  ([#1053], [!1741], [!1744])
+  - Deprecate key types for INTRODUCE-based authentication:
+    C tor has never implemented this, and we do not plan to implement it
+    without additional specification work. ([#1037], [!1749])
+  - When establishing an introduction point, send the `intro_dos`
+    extension as appropriate. ([#723], [!1740])
+  - Added conversion functions and initial persistence support for
+    introduction point keys. ([!1756])
+  - Start work on introduction point persistence. ([!1755], [!1765]).
+  - Revert to our intended configuration format for onion service proxy rules.
+    ([#1058], [!1771])
+
+  ### Client features
+
+  - Backend and API code for the "ntor-v3" circuit-extension handshake.
+    This handshake adds the ability to send additional options
+    from the client to the relay when creating or extending a circuit,
+    and will eventually be used to negotiate protocol features like
+    RTT-based congestion control and UDP-over-Tor support.
+    ([!1720], [!1739])
+
+
+
+
+-------------------------------------------------------------------
+Mon Nov 13 17:17:23 UTC 2023 - eyadlorenzo@gmail.com
+
+- Update to version 1.1.10:
+
+  Arti 1.1.10 continues work on support for onion services in
+  Arti. At last, we can (technically) run as an onion service...
+  though not yet in a useful way. (Onion services don't yet recover
+  correctly after a restart, outdated keys are not removed, and we
+  are missing other important security features.)
+
+  ### Breaking changes in lower-level crates
+
+  - The [`IoErrorExt`] trait in [`tor-basic-utils`] is now
+    sealed. ([!1654])
+  - The [`Requestable`] trait in [`tor-dirclient`] is now sealed,
+    and most of its members are now private. ([!1679])
+  - In [`tor-cell`], stream and circuit IDs are now inherently
+    non-zero. To represent an ID that might be zero on the wire, we
+    now use
+    `Option<StreamId>` or `Option<CircId>`. ([#1080], [!1697])
+  - In [`tor-cell`], `CREATE2` handshake types are no longer raw
+    `u16` values. ([!1703])
+  - In [`tor-cert`], `encode_and_sign` now returns an
+    `Ed25519EncodedCert` rather than a raw `Vec<u8>`. ([!1702])
+
+
+  ### Client features
+
+  - Arti can now be configured to listen for connections on
+    multiple arbitrary addresses—not just `localhost`. ([!1613])
+
+  ### Key manager
+
+  - The key manager code now has improved support for generating
+    keypairs, keys with derived data, and other structures needed for
+    onion services. ([!1653])
+  - The key manager now encodes whether a key is private or public in its
+    file extension. ([!1672])
+  - The key manager now disallows path components that could lead
+    (under some programming errors) to directory traversal. ([!1661])
+  - We can now list keys by path and type; this is important so that
+    we can identify disused keys and eventually expire them. ([!1677])
+
+  See https://gitlab.torproject.org/tpo/core/arti/-/blob/c39857a8a63200ed5ed539d1f9231b05d7da7e0d/CHANGELOG.md
+  for more info
+-------------------------------------------------------------------
+Mon Oct 30 12:37:00 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Add _constraints file to avoid build failures
+
+-------------------------------------------------------------------
+Wed Oct 25 21:58:30 UTC 2023 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Run format_spec_file service
+
+-------------------------------------------------------------------
+Fri Oct 20 16:54:29 UTC 2023 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Version 1.1.9
--- a/arti.obsinfo
+++ b/arti.obsinfo
@ -0,0 +1,4 @@
+name: arti
+version: 1.3.0~0
+mtime: 1730329696
+commit: 0a7ba1c3b5cd483efa50c02201b8ff50580d3f48
--- a/arti.spec
+++ b/arti.spec
@ -0,0 +1,55 @@
+#
+# spec file for package arti
+#
+# Copyright (c) 2024 SUSE LLC
+#
+# All modifications and additions to the file contributed by third parties
+# remain the property of their copyright owners, unless otherwise agreed
+# upon. The license for this file, and modifications and additions to the
+# file, is the same license as for the pristine package itself (unless the
+# license for the pristine package is not an Open Source License, in which
+# case the license is the MIT License). An "Open Source License" is a
+# license that conforms to the Open Source Definition (Version 1.9)
+# published by the Open Source Initiative.
+
+# Please submit bugfixes or comments via https://bugs.opensuse.org/
+#
+
+
+Name:           arti
+Version:        1.3.0~0
+Release:        0
+Summary:        An implementation of Tor, in Rust.
+License:        Apache-2.0 OR MIT
+URL:            https://gitlab.torproject.org/tpo/core/arti
+Source0:        %{name}-%{version}.tar
+Source1:        vendor.tar.zst
+BuildRequires:  cargo-packaging
+BuildRequires:  memory-constraints
+BuildRequires:  pkgconfig
+BuildRequires:  pkgconfig(openssl)
+BuildRequires:  pkgconfig(sqlite3)
+ExclusiveArch:  %{rust_tier1_arches}
+
+%description
+An implementation of Tor, in Rust
+
+%prep
+%autosetup -p1 -a1
+
+%build
+%limit_build -m 4400
+%{cargo_build}
+
+%install
+%{cargo_install -p crates/arti}
+
+%check
+%{cargo_test}
+
+%files
+%doc CHANGELOG.md README.md
+%license LICENSE-APACHE LICENSE-MIT
+%{_bindir}/%{name}
+
+%changelog
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:cd0aa2b555f75d52b05e619947927e7598285237d3d7480b9989cc179c685b6f
+size 62039606