2023-10-25 10:07:12 +02:00
|
|
|
<services>
|
|
|
|
|
<service name="obs_scm" mode="manual">
|
|
|
|
|
<param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
|
|
|
|
|
<param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
|
|
|
|
|
<param name="scm">git</param>
|
Accepting request 1132326 from home:VaiTon:branches:network
- Update to version 1.1.11:
Arti 1.1.11 continues work on support for running onion services.
Onion services are now working in our testing, and we expect we'll
have something testable by others in our next release.
Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version)
to 1.70, in accordance with our [MSRV policy].
### Onion service development
- Correct our handling of BEGIN and END messages to bring them
into conformance with the C Tor implementation and the specification.
([#1077], [!1694], [!1738])
- In our key manager, use macros to define key specifiers, instead of
repeating the same boilerplate code. ([#1069], [#1093], [!1710],
[!1733])
- Refactoring and refinement on the definitions of onion-service-related
errors. ([!1718], [!1724], [!1750], [!1751], [!1779])
- Add a "time-store" mechanism for (as correctly as possible) storing and loading
future timestamps, even in the presence of system clock skew ([!1723], [!1774])
- Implement a replay-log backend to prevent INTRODUCE replay attacks
against onion services. ([!1725])
- Improved encoding for key-denotators in the key manager. ([#1063],
[#1070], [!1722])
- Allow a single key to have more than one denotator in its path.
([#1112], [!1747])
- Use an order-preserving-encryption back-end to generate
monotonically increasing revision counters for onion service
descriptors. We do this to ensure a reproducible series of counters
without leaking our clock skew. ([#1053], [!1741], [!1744])
- Deprecate key types for INTRODUCE-based authentication:
C tor has never implemented this, and we do not plan to implement it
without additional specification work. ([#1037], [!1749])
OBS-URL: https://build.opensuse.org/request/show/1132326
OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=10
2023-12-10 17:29:39 +01:00
|
|
|
<param name="revision">arti-v1.1.11</param>
|
2023-10-25 10:07:12 +02:00
|
|
|
<param name="match-tag">*</param>
|
|
|
|
|
<param name="versionrewrite-pattern">arti-v(\d+\.\d+\.\d+)</param>
|
|
|
|
|
<param name="versionrewrite-replacement">\1</param>
|
|
|
|
|
<param name="changesgenerate">enable</param>
|
|
|
|
|
</service>
|
|
|
|
|
|
|
|
|
|
<service name="set_version" mode="manual" />
|
|
|
|
|
<service name="cargo_vendor" mode="manual">
|
|
|
|
|
<param name="srcdir">arti</param>
|
2023-11-13 18:24:57 +01:00
|
|
|
<param name="compression">zst</param>
|
2023-10-25 10:07:12 +02:00
|
|
|
<param name="update">true</param>
|
2023-11-14 21:25:00 +01:00
|
|
|
|
|
|
|
|
<!-- From
|
|
|
|
|
https://gitlab.torproject.org/tpo/core/arti/-/blob/58f578f9097b090b289f4ea59488044796428daf/maint/cargo_audit
|
|
|
|
|
-->
|
|
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
This is a real but theoretical unaligned read. It might happen only on
|
|
|
|
|
Windows and only with a custom global allocator, which we don't do in our
|
|
|
|
|
arti binary. The bad crate is depended on by env-logger and clap.
|
|
|
|
|
This is being discussed by those crates' contributors here:
|
|
|
|
|
https://github.com/clap-rs/clap/pull/4249
|
|
|
|
|
https://github.com/rust-cli/env_logger/pull/246
|
|
|
|
|
-->
|
|
|
|
|
<param name="i-accept-the-risk">RUSTSEC-2021-0145</param>
|
|
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
This is an API vulnerability in ed25519-dalek v1.x.x, to the
|
|
|
|
|
extent that it does not force you to store private and public
|
|
|
|
|
keys as a single keypair.
|
|
|
|
|
|
|
|
|
|
We have desigend our APIs to work around this, and believe we
|
|
|
|
|
are not affected. We should eventually upgrade to
|
|
|
|
|
ed25519-dalek >= 2, however.
|
|
|
|
|
-->
|
2023-11-13 21:44:55 +01:00
|
|
|
<param name="i-accept-the-risk">RUSTSEC-2022-0093</param>
|
2023-11-14 21:25:00 +01:00
|
|
|
|
|
|
|
|
<!--
|
|
|
|
|
This is a DOS vulnerability against rustls-webpki (only some versions)
|
|
|
|
|
and webpki (all versions) where some cert chains can cause
|
|
|
|
|
ridiculous CPU usage.
|
|
|
|
|
|
|
|
|
|
We've upgraded our rustls-webpki usage, but webpki (which is
|
|
|
|
|
unmaintained) is still used by tls-api, which we use from
|
|
|
|
|
arti-hyper.
|
|
|
|
|
|
|
|
|
|
I've opened https://github.com/stepancheg/rust-tls-api/issues/45
|
|
|
|
|
for this issue, but I'm not sure whether `tls-api` is maintained.
|
|
|
|
|
|
|
|
|
|
See https://gitlab.torproject.org/tpo/core/arti/-/issues/1016
|
|
|
|
|
-->
|
|
|
|
|
<param name="i-accept-the-risk">RUSTSEC-2023-0052</param>
|
2023-10-25 10:07:12 +02:00
|
|
|
</service>
|
Accepting request 1132326 from home:VaiTon:branches:network
- Update to version 1.1.11:
Arti 1.1.11 continues work on support for running onion services.
Onion services are now working in our testing, and we expect we'll
have something testable by others in our next release.
Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version)
to 1.70, in accordance with our [MSRV policy].
### Onion service development
- Correct our handling of BEGIN and END messages to bring them
into conformance with the C Tor implementation and the specification.
([#1077], [!1694], [!1738])
- In our key manager, use macros to define key specifiers, instead of
repeating the same boilerplate code. ([#1069], [#1093], [!1710],
[!1733])
- Refactoring and refinement on the definitions of onion-service-related
errors. ([!1718], [!1724], [!1750], [!1751], [!1779])
- Add a "time-store" mechanism for (as correctly as possible) storing and loading
future timestamps, even in the presence of system clock skew ([!1723], [!1774])
- Implement a replay-log backend to prevent INTRODUCE replay attacks
against onion services. ([!1725])
- Improved encoding for key-denotators in the key manager. ([#1063],
[#1070], [!1722])
- Allow a single key to have more than one denotator in its path.
([#1112], [!1747])
- Use an order-preserving-encryption back-end to generate
monotonically increasing revision counters for onion service
descriptors. We do this to ensure a reproducible series of counters
without leaking our clock skew. ([#1053], [!1741], [!1744])
- Deprecate key types for INTRODUCE-based authentication:
C tor has never implemented this, and we do not plan to implement it
without additional specification work. ([#1037], [!1749])
OBS-URL: https://build.opensuse.org/request/show/1132326
OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=10
2023-12-10 17:29:39 +01:00
|
|
|
|
2023-10-25 10:07:12 +02:00
|
|
|
<service name="cargo_audit" mode="manual">
|
|
|
|
|
<param name="srcdir">arti</param>
|
|
|
|
|
</service>
|
|
|
|
|
|
Accepting request 1132326 from home:VaiTon:branches:network
- Update to version 1.1.11:
Arti 1.1.11 continues work on support for running onion services.
Onion services are now working in our testing, and we expect we'll
have something testable by others in our next release.
Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version)
to 1.70, in accordance with our [MSRV policy].
### Onion service development
- Correct our handling of BEGIN and END messages to bring them
into conformance with the C Tor implementation and the specification.
([#1077], [!1694], [!1738])
- In our key manager, use macros to define key specifiers, instead of
repeating the same boilerplate code. ([#1069], [#1093], [!1710],
[!1733])
- Refactoring and refinement on the definitions of onion-service-related
errors. ([!1718], [!1724], [!1750], [!1751], [!1779])
- Add a "time-store" mechanism for (as correctly as possible) storing and loading
future timestamps, even in the presence of system clock skew ([!1723], [!1774])
- Implement a replay-log backend to prevent INTRODUCE replay attacks
against onion services. ([!1725])
- Improved encoding for key-denotators in the key manager. ([#1063],
[#1070], [!1722])
- Allow a single key to have more than one denotator in its path.
([#1112], [!1747])
- Use an order-preserving-encryption back-end to generate
monotonically increasing revision counters for onion service
descriptors. We do this to ensure a reproducible series of counters
without leaking our clock skew. ([#1053], [!1741], [!1744])
- Deprecate key types for INTRODUCE-based authentication:
C tor has never implemented this, and we do not plan to implement it
without additional specification work. ([#1037], [!1749])
OBS-URL: https://build.opensuse.org/request/show/1132326
OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=10
2023-12-10 17:29:39 +01:00
|
|
|
|
2023-10-25 10:07:12 +02:00
|
|
|
<service name="tar" mode="buildtime" />
|
|
|
|
|
</services>
|
