Accepting request 1324425 from network

OBS-URL: https://build.opensuse.org/request/show/1324425
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/arti?expand=0&rev=18

_constraints

@@ -1,8 +1,8 @@
 <constraints>
   <hardware>
-    <memory>
-     <size unit="G">20</size>
-    </memory>
+    <physicalmemory>
+     <size unit="G">16</size>
+    </physicalmemory>
     <disk>
       <size unit="G">35</size>
     </disk>

_service

@@ -1,35 +1,23 @@
 <services>
-    <service name="obs_scm" mode="manual">
-        <param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
-        <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
-        <param name="scm">git</param>
-        <param name="revision">arti-v1.2.5</param>
-        <param name="match-tag">*</param>
-        <param name="versionrewrite-pattern">arti-v(\d+\.\d+\.\d+)</param>
-        <param name="versionrewrite-replacement">\1</param>
-        <param name="changesgenerate">enable</param>
-    </service>
+    <service name="download_files" mode="manual" />
 
-    <service name="set_version" mode="manual" />
     <service name="cargo_vendor" mode="manual">
-        <param name="srcdir">arti</param>
+        <param name="srcdir">arti-*.tar.gz</param>
         <param name="compression">zst</param>
         <param name="update">true</param>
 
         <!--
-        From https://gitlab.torproject.org/tpo/core/arti/-/blob/2db5ccf16d2f977c073ba3f142513b920fb7b6a1/maint/cargo_audit
+        From https://gitlab.torproject.org/tpo/core/arti/-/blob/arti-v1.4.2/maint/cargo_audit
         -->
 
         <!--
-        This is a real but theoretical unaligned read.  It might happen only on
+        This is a real but theoretical unaligned read. It might happen only on
         Windows and only with a custom global allocator, which we don't do in our
-        arti binary.  The bad crate is depended on by env-logger and clap.
+        arti binary. The bad crate is depended on by env-logger.
         This is being discussed by those crates' contributors here:
-            https://github.com/clap-rs/clap/pull/4249
             https://github.com/rust-cli/env_logger/pull/246
         -->
         <param name="i-accept-the-risk">RUSTSEC-2021-0145</param>
-
         <!--
         As of 28 Nov 2023, all versions of the rsa crate have a variable
         timing attack that can leak private keys.
@@ -38,21 +26,37 @@
         we only use it to verify signatures.
         -->
         <param name="i-accept-the-risk">RUSTSEC-2023-0071</param>
-
-
         <!--
-        This is not a vulnerability but an unmaintained warning for
-        `generational-arena`. It is only used by arti-rpcserver (which is
-        experimental).
-        -->
-        <param name="i-accept-the-risk">RUSTSEC-2024-0014</param>
+        instant is unmaintained.
 
+        The current dependency path is:
+        arti -> signal-hook-async-std -> futures-lite -> fastrand -> instant
+
+        The 'signal-hook-async-std' lib hasn't been updated in three years and depends on `futures-lite = "~1"`.
+        The latest 'futures-lite' 2.6.0 uses a version of 'fastrand' that does not depend on instant.
+
+        We should consider trying to upstream patches for 'signal-hook-async-std',
+        or remove arti's dependence on it.
+
+        https://gitlab.torproject.org/tpo/core/arti/-/issues/1867
+        -->
+        <param name="i-accept-the-risk">RUSTSEC-2024-0384</param>
+        <!--
+        paste is unmaintained.
+
+        We depend on it directly in crates like tor-error, tor-persist, tor-config,
+        and also transitively, for example via
+        futures-rustls -> rustls -> aws-lc-rc -> paste
+        and slotmap-careful -> paste.
+
+        In the long run, we should consider replacing it with another crate
+        (concat-idents?).
+        -->
+        <param name="i-accept-the-risk">RUSTSEC-2024-0436</param>
     </service>
 
     <service name="cargo_audit" mode="manual">
         <param name="srcdir">arti</param>
     </service>
 
-
-    <service name="tar" mode="buildtime" />
 </services>

_servicedata

@@ -1,4 +0,0 @@
-<servicedata>
-<service name="tar_scm">
-                <param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
-              <param name="changesrevision">ef4a4d3774ddf77eba7f23611dfea3c160fa77ef</param></service></servicedata>

arti-1.2.5~0.obscpio

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fecb37af7202137f2bcca66242a7cb4f48b94cf66fe79d7a51614985902c0817
-size 60880910

arti-1.8.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:91c2d8dd2a89be01db64fa35a391582b4f66e6e3abae7d201b00e3da6f98888e
+size 5947008

arti.changes

@@ -1,9 +1,286 @@
+-------------------------------------------------------------------
+Wed Dec 24 13:03:24 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.8.0:
+  * Feat: Implemented a usage-based timeout for strongly isolated
+    circuits, as specified in proposal 368.
+  * Feat: New experimental arti hsc ctor-migrate command line
+    invocation for migrating C Tor onion service client keys to the
+    Arti keystore.
+  * Security: Added Host header validation for non-CONNECT requests
+    to HTTP CONNECT port, to prevent adversarial web pages from
+    probing the version of Arti and its capabilities.
+  * Fix: Arti no longer exits with an error if configured with a
+    log file with no directory prefix.
+  * Fix: fs-mistrust now has consistent behavior with stat and
+    mkdir, which consider "" to be an invalid path, and all of its
+    error messages now include the file name that triggered the
+    error.
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+- Update to version 1.7.0:
+  * Improved output format from the experimental arti keys
+    check-integrity command.
+  * Arti now has experimental support for running as a HTTP CONNECT
+    proxy.
+  * Arti's experimental circuit padding support now allows
+    first-hop padding to treat all the circuits on a channel as a
+    single unit, for improved security and efficiency.
+  * The restricted-discovery feature is no longer experimental.
+  * Added user-facing documentation for the arti hss onion service
+    administration tool.
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+
+-------------------------------------------------------------------
+Tue Oct  7 15:51:12 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Fix rpmlints: summary-ended-with-dot,
+  description-shorter-than-summary 
+
+-------------------------------------------------------------------
+Tue Oct  7 15:08:05 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.6.0:
+  * Arti now requires Rust 1.85.1 or later
+  * Arti now requires tracing-subscriber v0.3.20, due to upstream
+    security issue RUSTSEC-2025-0055
+  * Arti now includes experimental circuit padding support, based
+    on the maybenot library
+  * Arti now has mitigations for DropMark side-channel attacks for
+    flow control
+  * Arti now has a arti keys check-integrity command, to check the
+    validity of stored keys
+  * Fixed bug in congestion control that was causing timeouts when
+    flowctl-cc was enabled
+  * Added support for flow control consensus params
+  * Improved arti hsc key management documentation
+  * Documented arti hsc --batch flag
+  * Various cleanups, bugfixes and refactors
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+  
+-------------------------------------------------------------------
+Tue Sep 30 10:16:16 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Use -p arti in cargo build, as recommended by the docs
+
+- Update to version 1.5.0:
+  * Arti 1.5.0 continues development on important client features,
+    including Counter Galois Onion encryption,Conflux, flow control
+    and congestion control, and onion service proof of work.
+    It also includes significant preliminary work for Arti relay
+    support.
+  * Arti now requires Rust 1.85 or later
+  * We no longer count channel negotiation time against our circuit
+    timeouts.
+  * tor-proto now includes experimental backend support (unused, so
+    far) for Conflux-based multi-path tunnels
+  * Experimental support for congestion control for improved
+    performance. (Not yet enabled by default)
+  * Experimental support for proof-of-work in onion services,
+    for resistance to denial-of-service attacks.
+  * Experimental support for negotiating Counter Galois Onion
+    cryptography
+  * Improved CLI output when describing keys.
+  * Design for a new key integrity checking subcommand.
+  * Integration testing for arti keys subcommands.
+  * Design work for a relay reactor backend.
+  * Work on a new netdoc parser implementation for improved ergonomics
+    and macro support.
+
+-------------------------------------------------------------------
+Thu Jul 24 19:49:00 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Add "AND LGPL-3.0-only" to the spec license tag, as arti links
+  with Rust crates crates/equix and crates/hashx which are
+  licensed under LGPL-3.0-only
+
+- Update to version 1.4.5:
+  * Breaking: Console logging now goes to stderr instead of stdout.
+  * Arti 1.4.5 continues development on xon-based (proposal 324)
+    flow control and Conflux. In addition, we have drafted an
+    initial design for the directory cache storage model, which
+    will be needed for the core relay functionality, and
+    for the directory authority implementation.
+  * Decreased the minimum allowed duration of the hsdir_interval to
+    5 minutes
+  * New experimental arti keys list and arti keys list-keystores
+    subcommands for listing the existing keys and configured
+    keystores
+  * More work and bug fixes on the conflux implementation
+  * Experimental support for launching a SOCKS proxy from a set of
+    already bound listeners.
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+
+-------------------------------------------------------------------
+Sat Jun 14 13:19:34 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Use %global instead of %define in arti.spec
+
+- Update to version 1.4.4:
+  * Arti now requires Rust 1.83
+  * Arti now supports Circuit Handshake Extensions
+  * arti-ureq: We no longer enable the rustls feature by default
+  * Continued development towards supporting Conflux tunnels in
+    Arti
+  * Continued development towards supporting Counter Galois Onion
+    relay cell encryption in Arti
+  * Arti no longer uses MiddleOnly relays for rendezvous points or
+    introduction points
+  * Continued progress on service-side Proof-of-Work (PoW) support
+  * Arti no longer uses the ".z" suffix in directory URLs
+  * tor-rtcompat: We no longer bundle an unused copy of the Lets
+    Encrypt root certificate
+
+-------------------------------------------------------------------
+Tue Jun  3 22:50:55 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Re-run vendoring via obs-service-cargo
+- Increment rustc memory to 8GB/worker
+
+-------------------------------------------------------------------
+Tue May  6 11:33:05 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Use source urls to fetch sources
+
+- Update to version 1.4.3:
+  * Arti 1.4.3 adds adds the framework for measuring metrics
+  * Initial groundwork for the Counter Galois Onion proposal
+  * Some of the groundwork for congestion control, in the form of
+    handshake negotiation code
+  * The arti hsc flags --quiet and --force have been consolidated
+    into a single --batch flag
+  * Arti now exits by default when it does not support a
+    recommended or required protocol
+  * Cleanup, minor fixes and documentation enhancements
+
+-------------------------------------------------------------------
+Thu May 01 16:20:51 UTC 2025 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.4.2:
+  * Arti's RPC subsystem is now stable and ready for use!
+  * This release continues development on Conflux,
+    and also fixes a number of bugs and security issues.
+  * Upgraded to ring version 0.17.13: fixes RUSTSEC-2025-0009
+  * Upgraded to rand version 0.9.0
+  * Longer-lived keys are now derived using a CautiousRng,
+    which combines inputs from several sources,
+    including OsRng, to minimize the likelihood of falling
+    to a vulnerability in any particular one
+  * Arti now imposes a maximum on its fallback estimated timeout,
+    to prevent integer overflow
+  * More Conflux development
+  * More RPC development
+
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+
+- Update to version 1.4.1:
+  * Arti 1.4.1 contains
+    significant behind-the-scenes groundwork for Conflux,
+    a feature that improves performance and reliability
+    by allowing data streams to tunnel over multiple circuits.
+  * Arti now implements the client side of ID-based families
+    (a.k.a. "Happy Families"). When deployed everywhere on the
+    network, this feature will allow us to remove around 80-90%
+    of the data from microdescriptors, and save some administrative
+    complexity.
+
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+
+
+- Update to version 1.4.0:
+  * Arti 1.4.0 offers a new RPC interface, continues work on the
+    relay implementation, includes an overhaul of the in-tree
+    documentation.
+
+  * Relay: Major refactoring of the circuit reactor, to use
+    select!, lifting it from async Rust's low-level "poll" to
+    "async fn"
+  * Relay: Improved CLI and add config loading
+  * Relay: Initial KIST support (Linux-only) in tor-proto
+  * Relay: Congestion control
+
+  * RPC: Cookie authentication
+  * RPC: Implement request cancellation
+  * RPC: Other improvements
+
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+
+- Update to version 1.3.2:
+  * Arti 1.3.2 continues development on RPC,
+    and includes preparatory work for relay support and
+    service-side onion service denial-of-service resistance.
+  * The key-manager code can now store certificates as well as keys
+  * Initial implementation for RPC connect points, which will
+    provide a mechanism for applications to discover where Arti is
+    running, and connect to it securely.
+    This implementation is now working, but not yet fully
+    conformant to its specification.
+
+  * For a full changelog see
+    /usr/share/doc/packages/arti/CHANGELOG.md
+
+-------------------------------------------------------------------
+Sat Dec 14 01:54:45 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.3.1:
+  * Continues development on onion services, the RPC subsystem,
+    and relay infrastructure.
+  * This release fixes a major bug in Arti's channel management
+    code, where in some circumstances, canceled pending channel
+    entries were not being cleaned up properly, preventing Arti
+    from building new channels to their target relays.
+
+-------------------------------------------------------------------
+Thu Nov 21 11:11:22 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
+
+- Increase %limit_build value to 5000 to avoid OOM seen on aarch64
+
+-------------------------------------------------------------------
+Sat Nov 16 15:39:59 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.3.0:
+  * Achieved parity on most major client features with C Tor.
+  * Continued work on Arti Relay.
+  * The work-in-progress RPC system is significantly more clearly
+    defined and implementation is proceeding.
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+
+- Update to version 1.2.8:
+  * Arti 1.2.8 continues development on onion services,
+    the RPC subsystem, key management, and relay infrastructure.
+    It also includes fixes for two security issues in
+    handling the SOCKS protocol, the most severe of which is rated at
+    "medium" according to our security policy.
+  * Increased MSRV to 1.77
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+- Update to version 1.2.7:
+  * Arti 1.2.7 continues development on onion service client
+    authorization, the RPC subsystem, and relay infrastructure.
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+- Update to version 1.2.6:
+  * Arti 1.2.7 continues development on onion service client authorization,
+    the RPC subsystem, and relay infrastructure.
+  * More details can be found in the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
 -------------------------------------------------------------------
 Sun Jul 14 18:25:45 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
 
 - Update to version 1.2.5:
   * Stop publishing the obsolete arti-hyper crate
-  * Update curve25519-dalek to avoid a low-severity timing 
+  * Update curve25519-dalek to avoid a low-severity timing
     vulnerability. (TROVE-2024-007)
   * With full vanguards, client rendezvous circuits
     do not reuse the final vanguard as the rendezvous point.
@@ -12,10 +289,10 @@ Sun Jul 14 18:25:45 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
   * Add skeleton, including (experimental): arti-relay crate,
     relay cargo feature in arti-client,
     relay command line argument to arti
-  * Add a key material export facility for some of our TLS 
+  * Add a key material export facility for some of our TLS
     implementations.
   * Tolerate removal of files from Arti's cache directory.
- 
+
 -------------------------------------------------------------------
 Thu Jun 27 13:19:29 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
 

arti.obsinfo

@@ -1,4 +0,0 @@
-name: arti
-version: 1.2.5~0
-mtime: 1719502875
-commit: ef4a4d3774ddf77eba7f23611dfea3c160fa77ef

arti.spec

@@ -1,7 +1,8 @@
 #
 # spec file for package arti
 #
-# Copyright (c) 2024 SUSE LLC
+# Copyright (c) 2025 SUSE LLC and contributors
+# Copyright (c) 2025 Eyad Issa <eyadlorenzo@gmail.com>
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -16,30 +17,39 @@
 #
 
 
+%global git_hash 6c79dfb9a31e2fdde6230da4edcb71cc082ca7d9
+
 Name:           arti
-Version:        1.2.5~0
+Version:        1.8.0
 Release:        0
-Summary:        An implementation of Tor, in Rust.
-License:        Apache-2.0 OR MIT
+Summary:        A WIP implementation of Tor, in Rust
+License:        (Apache-2.0 OR MIT) AND LGPL-3.0-only
 URL:            https://gitlab.torproject.org/tpo/core/arti
-Source0:        %{name}-%{version}.tar
+Source0:        https://gitlab.torproject.org/tpo/core/arti/-/archive/arti-v%{version}/%{name}-%{version}.tar.gz
 Source1:        vendor.tar.zst
 BuildRequires:  cargo-packaging
 BuildRequires:  memory-constraints
 BuildRequires:  pkgconfig
+BuildRequires:  rust >= 1.85.1
 BuildRequires:  pkgconfig(openssl)
 BuildRequires:  pkgconfig(sqlite3)
 ExclusiveArch:  %{rust_tier1_arches}
 
 %description
-An implementation of Tor, in Rust
+Arti is a work in progress Rust-based implementation of the Tor
+anonymity protocols, designed to be modular, reusable and easy to
+audit.
+
+Arti can act as a SOCKS proxy that uses the Tor network.
+
+This package provides the `arti` binary.
 
 %prep
-%autosetup -p1 -a1
+%autosetup -p1 -a1 -n arti-arti-v%{version}-%{git_hash}
 
 %build
-%limit_build -m 4400
-%{cargo_build}
+%limit_build -m 8000
+%{cargo_build} -p arti
 
 %install
 %{cargo_install -p crates/arti}

vendor.tar.zst

@@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:efe8d480e1894c2d445f06ba00c2def5dbe61dd2bf0c552157ddb891154bb90e
-size 58065960
+oid sha256:6b7d03090e8afe65d892db7f8b2c69f8a1b9d0e6a90073202f74836386731649
+size 62645517