6141145b8a
- Update to version 1.8.0: * Feat: Implemented a usage-based timeout for strongly isolated circuits, as specified in proposal 368. * Feat: New experimental arti hsc ctor-migrate command line invocation for migrating C Tor onion service client keys to the Arti keystore. * Security: Added Host header validation for non-CONNECT requests to HTTP CONNECT port, to prevent adversarial web pages from probing the version of Arti and its capabilities. * Fix: Arti no longer exits with an error if configured with a log file with no directory prefix. * Fix: fs-mistrust now has consistent behavior with stat and mkdir, which consider "" to be an invalid path, and all of its error messages now include the file name that triggered the error. * For a full changelog see /usr/share/doc/packages/arti/CHANGELOG.md - Update to version 1.7.0: * Improved output format from the experimental arti keys check-integrity command. * Arti now has experimental support for running as a HTTP CONNECT proxy. * Arti's experimental circuit padding support now allows first-hop padding to treat all the circuits on a channel as a single unit, for improved security and efficiency. * The restricted-discovery feature is no longer experimental. * Added user-facing documentation for the arti hss onion service administration tool. * For a full changelog see /usr/share/doc/packages/arti/CHANGELOG.md
Eyad Issa2025-12-26 02:15:46 +00:00
ee7f907881
- Update to version 1.6.0: * Arti now requires Rust 1.85.1 or later * Arti now requires tracing-subscriber v0.3.20, due to upstream security issue RUSTSEC-2025-0055 * Arti now includes experimental circuit padding support, based on the maybenot library * Arti now has mitigations for DropMark side-channel attacks for flow control * Arti now has a arti keys check-integrity command, to check the validity of stored keys * Fixed bug in congestion control that was causing timeouts when flowctl-cc was enabled * Added support for flow control consensus params * Improved arti hsc key management documentation * Documented arti hsc --batch flag * Various cleanups, bugfixes and refactors * For a full changelog see /usr/share/doc/packages/arti/CHANGELOG.md
Eyad Issa2025-10-07 15:21:55 +00:00
845a4bcf2f
- Use -p arti in cargo build, as recommended by the docs - Update to version 1.5.0: * Arti 1.5.0 continues development on important client features, including Counter Galois Onion encryption,Conflux, flow control and congestion control, and onion service proof of work. It also includes significant preliminary work for Arti relay support. * Arti now requires Rust 1.85 or later * We no longer count channel negotiation time against our circuit timeouts. * tor-proto now includes experimental backend support (unused, so far) for Conflux-based multi-path tunnels * Experimental support for congestion control for improved performance. (Not yet enabled by default) * Experimental support for proof-of-work in onion services, for resistance to denial-of-service attacks. * Experimental support for negotiating Counter Galois Onion cryptography * Improved CLI output when describing keys. * Design for a new key integrity checking subcommand. * Integration testing for arti keys subcommands. * Design work for a relay reactor backend. * Work on a new netdoc parser implementation for improved ergonomics and macro support.
Eyad Issa2025-09-30 10:26:33 +00:00
2e40ed2f95
- Add "AND LGPL-3.0-only" to the spec license tag, as arti links with Rust crates crates/equix and crates/hashx which are licensed under LGPL-3.0-only - Update to version 1.4.5: * Breaking: Console logging now goes to stderr instead of stdout. * Arti 1.4.5 continues development on xon-based (proposal 324) flow control and Conflux. In addition, we have drafted an initial design for the directory cache storage model, which will be needed for the core relay functionality, and for the directory authority implementation. * Decreased the minimum allowed duration of the hsdir_interval to 5 minutes * New experimental arti keys list and arti keys list-keystores subcommands for listing the existing keys and configured keystores * More work and bug fixes on the conflux implementation * Experimental support for launching a SOCKS proxy from a set of already bound listeners. * For a full changelog see /usr/share/doc/packages/arti/CHANGELOG.md
Eyad Issa2025-07-24 20:19:38 +00:00
7cfcb225e8
Accepting request 1287573 from network
Ana Guerrero2025-06-23 13:03:15 +00:00
83edf26ba9
- Use %global instead of %define in arti.spec - Update to version 1.4.4: * Arti now requires Rust 1.83 * Arti now supports Circuit Handshake Extensions * arti-ureq: We no longer enable the rustls feature by default * Continued development towards supporting Conflux tunnels in Arti * Continued development towards supporting Counter Galois Onion relay cell encryption in Arti * Arti no longer uses MiddleOnly relays for rendezvous points or introduction points * Continued progress on service-side Proof-of-Work (PoW) support * Arti no longer uses the ".z" suffix in directory URLs * tor-rtcompat: We no longer bundle an unused copy of the Lets Encrypt root certificate
Eyad Issa2025-06-14 13:24:19 +00:00
1d946e045b
Accepting request 1282900 from network
Ana Guerrero2025-06-05 18:33:56 +00:00
6b1f12b482
- Use source urls to fetch sources - Update to version 1.4.3: * Arti 1.4.3 adds adds the framework for measuring metrics * Initial groundwork for the Counter Galois Onion proposal * Some of the groundwork for congestion control, in the form of handshake negotiation code * The arti hsc flags --quiet and --force have been consolidated into a single --batch flag * Arti now exits by default when it does not support a recommended or required protocol * Cleanup, minor fixes and documentation enhancements
Eyad Issa2025-05-06 11:36:28 +00:00
5a28e701f6
- Update to version 1.4.2: * Arti's RPC subsystem is now stable and ready for use! * This release continues development on Conflux, and also fixes a number of bugs and security issues. * Upgraded to ring version 0.17.13: fixes RUSTSEC-2025-0009 * Upgraded to rand version 0.9.0 * Longer-lived keys are now derived using a CautiousRng, which combines inputs from several sources, including OsRng, to minimize the likelihood of falling to a vulnerability in any particular one * Arti now imposes a maximum on its fallback estimated timeout, to prevent integer overflow * More Conflux development * More RPC development * For a full changelog see /usr/share/doc/packages/arti/CHANGELOG.md - Update to version 1.4.1: * Arti 1.4.1 contains significant behind-the-scenes groundwork for Conflux, a feature that improves performance and reliability by allowing data streams to tunnel over multiple circuits. * Arti now implements the client side of ID-based families (a.k.a. "Happy Families"). When deployed everywhere on the network, this feature will allow us to remove around 80-90% of the data from microdescriptors, and save some administrative complexity. * For a full changelog see /usr/share/doc/packages/arti/CHANGELOG.md - Update to version 1.4.0: * Arti 1.4.0 offers a new RPC interface, continues work on the
Eyad Issa2025-05-01 16:52:44 +00:00
b1b946a766
Accepting request 1230951 from network
Ana Guerrero2024-12-15 11:37:40 +00:00
cd8b47a206
- Update to version 1.3.1: * Continues development on onion services, the RPC subsystem, and relay infrastructure. * This release fixes a major bug in Arti's channel management code, where in some circumstances, canceled pending channel entries were not being cleaned up properly, preventing Arti from building new channels to their target relays.
Eyad Issa2024-12-14 01:58:38 +00:00
3e1f0cf5e2
Accepting request 1225982 from network
Ana Guerrero2024-11-24 10:04:33 +00:00
e4f5c51180
- Increase %limit_build value to 5000 to avoid OOM seen on aarch64
Eyad Issa2024-11-23 16:37:25 +00:00
4a69295f97
- Update to version 1.3.0: * Achieved parity on most major client features with C Tor. * Continued work on Arti Relay. * The work-in-progress RPC system is significantly more clearly defined and implementation is proceeding. * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) - Update to version 1.2.8: * Arti 1.2.8 continues development on onion services, the RPC subsystem, key management, and relay infrastructure. It also includes fixes for two security issues in handling the SOCKS protocol, the most severe of which is rated at "medium" according to our security policy. * Increased MSRV to 1.77 * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) - Update to version 1.2.7: * Arti 1.2.7 continues development on onion service client authorization, the RPC subsystem, and relay infrastructure. * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) - Update to version 1.2.6: * Arti 1.2.7 continues development on onion service client authorization, the RPC subsystem, and relay infrastructure. * More details can be found in the installed package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) * Update curve25519-dalek to avoid a low-severity timing * Add a key material export facility for some of our TLS
Eyad Issa2024-11-16 15:59:06 +00:00
216218b214
- Update to version 1.2.5: * Stop publishing the obsolete arti-hyper crate * Update curve25519-dalek to avoid a low-severity timing vulnerability. (TROVE-2024-007) * With full vanguards, client rendezvous circuits do not reuse the final vanguard as the rendezvous point. (TROVE-2024-008) * Some RPC development * Add skeleton, including (experimental): arti-relay crate, relay cargo feature in arti-client, relay command line argument to arti * Add a key material export facility for some of our TLS implementations. * Tolerate removal of files from Arti's cache directory.
Eyad Issa2024-07-14 18:32:52 +00:00
Dominique Leuenberger
Eyad Issa
Ana Guerrero
Dirk Mueller
Marcus Meissner