arti/_service

<services>
    <service name="obs_scm" mode="manual">
        <param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
        <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
        <param name="scm">git</param>
        <param name="revision">arti-1.2.1</param>
        <param name="match-tag">*</param>
        <param name="versionrewrite-pattern">arti-(\d+\.\d+\.\d+)</param>
        <param name="versionrewrite-replacement">\1</param>
        <param name="changesgenerate">enable</param>
    </service>

    <service name="set_version" mode="manual" />
    <service name="cargo_vendor" mode="manual">
        <param name="srcdir">arti</param>
        <param name="compression">zst</param>
        <param name="update">true</param>

        <!-- 
        From https://gitlab.torproject.org/tpo/core/arti/-/blob/2db5ccf16d2f977c073ba3f142513b920fb7b6a1/maint/cargo_audit
        -->

        <!--
        This is a real but theoretical unaligned read.  It might happen only on
        Windows and only with a custom global allocator, which we don't do in our
        arti binary.  The bad crate is depended on by env-logger and clap.
        This is being discussed by those crates' contributors here:
            https://github.com/clap-rs/clap/pull/4249
            https://github.com/rust-cli/env_logger/pull/246
        -->
        <param name="i-accept-the-risk">RUSTSEC-2021-0145</param>

        <!--
        As of 28 Nov 2023, all versions of the rsa crate have a variable
        timing attack that can leak private keys.
        
        We do not use (yet) do any private-key rsa operations in arti:
        we only use it to verify signatures.
        -->
        <param name="i-accept-the-risk">RUSTSEC-2023-0071</param>


        <!--
        This is not a vulnerability but an unmaintained warning for
        `generational-arena`. It is only used by arti-rpcserver (which is
        experimental).
        -->
        <param name="i-accept-the-risk">RUSTSEC-2024-0014</param>
        
    </service>

    <service name="cargo_audit" mode="manual">
        <param name="srcdir">arti</param>
    </service>


    <service name="tar" mode="buildtime" />
</services>
Accepting request 1119294 from home:VaiTon:branches:network arti is the new Tor runtime, written in rust OBS-URL: https://build.opensuse.org/request/show/1119294 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=1 2023-10-25 10:07:12 +02:00			`<services>`
			`<service name="obs_scm" mode="manual">`
			`<param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>`
			`<param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>`
			`<param name="scm">git</param>`
Accepting request 1164178 from home:VaiTon:branches:network - Added LICENSE-APACHE and LICENSE-MIT to %files - Added README.md and CHANGELOG.md to %files - Update to version 1.2.1: * Reorganize onion service code. * Design work for out-of-memory handling, which is necessary for onion service security. * Initial implementation work for onion service [vanguards], which are needed to improve onion service security. This is not yet complete. * Added support for unmanaged pluggable transports * Begun work to improve Tor's relay cell protocol with support for packed and fragmented messages - Update to version 1.2.0 * Initial support for running onion services. * Fixed a number of bugs and security issues. * Made the onion-service-service feature non-experimental. For a full changelog, refer to the package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) OBS-URL: https://build.opensuse.org/request/show/1164178 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=14 2024-04-02 19:52:43 +02:00			`<param name="revision">arti-1.2.1</param>`
Accepting request 1119294 from home:VaiTon:branches:network arti is the new Tor runtime, written in rust OBS-URL: https://build.opensuse.org/request/show/1119294 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=1 2023-10-25 10:07:12 +02:00			`<param name="match-tag">*</param>`
Accepting request 1164178 from home:VaiTon:branches:network - Added LICENSE-APACHE and LICENSE-MIT to %files - Added README.md and CHANGELOG.md to %files - Update to version 1.2.1: * Reorganize onion service code. * Design work for out-of-memory handling, which is necessary for onion service security. * Initial implementation work for onion service [vanguards], which are needed to improve onion service security. This is not yet complete. * Added support for unmanaged pluggable transports * Begun work to improve Tor's relay cell protocol with support for packed and fragmented messages - Update to version 1.2.0 * Initial support for running onion services. * Fixed a number of bugs and security issues. * Made the onion-service-service feature non-experimental. For a full changelog, refer to the package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) OBS-URL: https://build.opensuse.org/request/show/1164178 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=14 2024-04-02 19:52:43 +02:00			`<param name="versionrewrite-pattern">arti-(\d+\.\d+\.\d+)</param>`
Accepting request 1119294 from home:VaiTon:branches:network arti is the new Tor runtime, written in rust OBS-URL: https://build.opensuse.org/request/show/1119294 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=1 2023-10-25 10:07:12 +02:00			`<param name="versionrewrite-replacement">\1</param>`
			`<param name="changesgenerate">enable</param>`
			`</service>`

			`<service name="set_version" mode="manual" />`
			`<service name="cargo_vendor" mode="manual">`
			`<param name="srcdir">arti</param>`
- Update to version 1.1.10: OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=6 2023-11-13 18:24:57 +01:00			`<param name="compression">zst</param>`
Accepting request 1119294 from home:VaiTon:branches:network arti is the new Tor runtime, written in rust OBS-URL: https://build.opensuse.org/request/show/1119294 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=1 2023-10-25 10:07:12 +02:00			`<param name="update">true</param>`
Add link to ignored vulns OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=8 2023-11-14 21:25:00 +01:00
Accepting request 1164178 from home:VaiTon:branches:network - Added LICENSE-APACHE and LICENSE-MIT to %files - Added README.md and CHANGELOG.md to %files - Update to version 1.2.1: * Reorganize onion service code. * Design work for out-of-memory handling, which is necessary for onion service security. * Initial implementation work for onion service [vanguards], which are needed to improve onion service security. This is not yet complete. * Added support for unmanaged pluggable transports * Begun work to improve Tor's relay cell protocol with support for packed and fragmented messages - Update to version 1.2.0 * Initial support for running onion services. * Fixed a number of bugs and security issues. * Made the onion-service-service feature non-experimental. For a full changelog, refer to the package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) OBS-URL: https://build.opensuse.org/request/show/1164178 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=14 2024-04-02 19:52:43 +02:00			`<!--`
			`From https://gitlab.torproject.org/tpo/core/arti/-/blob/2db5ccf16d2f977c073ba3f142513b920fb7b6a1/maint/cargo_audit`
Add link to ignored vulns OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=8 2023-11-14 21:25:00 +01:00			`-->`

			`<!--`
			`This is a real but theoretical unaligned read. It might happen only on`
			`Windows and only with a custom global allocator, which we don't do in our`
			`arti binary. The bad crate is depended on by env-logger and clap.`
			`This is being discussed by those crates' contributors here:`
			`https://github.com/clap-rs/clap/pull/4249`
			`https://github.com/rust-cli/env_logger/pull/246`
			`-->`
			`<param name="i-accept-the-risk">RUSTSEC-2021-0145</param>`

			`<!--`
Accepting request 1138965 from home:VaiTon:branches:network - Update to version 1.1.12~0: Arti 1.1.12 continues work on support for running onion services. You can now launch an onion service and expect it to run, though the user experience leaves a lot to be desired. Don't rely on this onion service implementation for security yet; there are a number of [missing security features] we will need to develop before we can recommend them for actual use. https://gitlab.torproject.org/tpo/core/arti/-/blob/3c44d849f4c3332ccbb86328392d54e7c1d8e9b6/CHANGELOG.md - Updated the ignored RUSTSEC advisories, as per the project recommended way of building the crate OBS-URL: https://build.opensuse.org/request/show/1138965 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=12 2024-01-24 00:19:41 +01:00			`As of 28 Nov 2023, all versions of the rsa crate have a variable`
			`timing attack that can leak private keys.`

			`We do not use (yet) do any private-key rsa operations in arti:`
			`we only use it to verify signatures.`
Add link to ignored vulns OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=8 2023-11-14 21:25:00 +01:00			`-->`
Accepting request 1138965 from home:VaiTon:branches:network - Update to version 1.1.12~0: Arti 1.1.12 continues work on support for running onion services. You can now launch an onion service and expect it to run, though the user experience leaves a lot to be desired. Don't rely on this onion service implementation for security yet; there are a number of [missing security features] we will need to develop before we can recommend them for actual use. https://gitlab.torproject.org/tpo/core/arti/-/blob/3c44d849f4c3332ccbb86328392d54e7c1d8e9b6/CHANGELOG.md - Updated the ignored RUSTSEC advisories, as per the project recommended way of building the crate OBS-URL: https://build.opensuse.org/request/show/1138965 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=12 2024-01-24 00:19:41 +01:00			`<param name="i-accept-the-risk">RUSTSEC-2023-0071</param>`
Accepting request 1164178 from home:VaiTon:branches:network - Added LICENSE-APACHE and LICENSE-MIT to %files - Added README.md and CHANGELOG.md to %files - Update to version 1.2.1: * Reorganize onion service code. * Design work for out-of-memory handling, which is necessary for onion service security. * Initial implementation work for onion service [vanguards], which are needed to improve onion service security. This is not yet complete. * Added support for unmanaged pluggable transports * Begun work to improve Tor's relay cell protocol with support for packed and fragmented messages - Update to version 1.2.0 * Initial support for running onion services. * Fixed a number of bugs and security issues. * Made the onion-service-service feature non-experimental. For a full changelog, refer to the package changelog (/usr/share/doc/packages/arti/CHANGELOG.md) OBS-URL: https://build.opensuse.org/request/show/1164178 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=14 2024-04-02 19:52:43 +02:00

			`<!--`
			`This is not a vulnerability but an unmaintained warning for`
			`generational-arena`. It is only used by arti-rpcserver (which is
			`experimental).`
			`-->`
			`<param name="i-accept-the-risk">RUSTSEC-2024-0014</param>`

Accepting request 1119294 from home:VaiTon:branches:network arti is the new Tor runtime, written in rust OBS-URL: https://build.opensuse.org/request/show/1119294 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=1 2023-10-25 10:07:12 +02:00			`</service>`
Accepting request 1132326 from home:VaiTon:branches:network - Update to version 1.1.11: Arti 1.1.11 continues work on support for running onion services. Onion services are now working in our testing, and we expect we'll have something testable by others in our next release. Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version) to 1.70, in accordance with our [MSRV policy]. ### Onion service development - Correct our handling of BEGIN and END messages to bring them into conformance with the C Tor implementation and the specification. ([#1077], [!1694], [!1738]) - In our key manager, use macros to define key specifiers, instead of repeating the same boilerplate code. ([#1069], [#1093], [!1710], [!1733]) - Refactoring and refinement on the definitions of onion-service-related errors. ([!1718], [!1724], [!1750], [!1751], [!1779]) - Add a "time-store" mechanism for (as correctly as possible) storing and loading future timestamps, even in the presence of system clock skew ([!1723], [!1774]) - Implement a replay-log backend to prevent INTRODUCE replay attacks against onion services. ([!1725]) - Improved encoding for key-denotators in the key manager. ([#1063], [#1070], [!1722]) - Allow a single key to have more than one denotator in its path. ([#1112], [!1747]) - Use an order-preserving-encryption back-end to generate monotonically increasing revision counters for onion service descriptors. We do this to ensure a reproducible series of counters without leaking our clock skew. ([#1053], [!1741], [!1744]) - Deprecate key types for INTRODUCE-based authentication: C tor has never implemented this, and we do not plan to implement it without additional specification work. ([#1037], [!1749]) OBS-URL: https://build.opensuse.org/request/show/1132326 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=10 2023-12-10 17:29:39 +01:00
Accepting request 1119294 from home:VaiTon:branches:network arti is the new Tor runtime, written in rust OBS-URL: https://build.opensuse.org/request/show/1119294 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=1 2023-10-25 10:07:12 +02:00			`<service name="cargo_audit" mode="manual">`
			`<param name="srcdir">arti</param>`
			`</service>`

Accepting request 1132326 from home:VaiTon:branches:network - Update to version 1.1.11: Arti 1.1.11 continues work on support for running onion services. Onion services are now working in our testing, and we expect we'll have something testable by others in our next release. Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version) to 1.70, in accordance with our [MSRV policy]. ### Onion service development - Correct our handling of BEGIN and END messages to bring them into conformance with the C Tor implementation and the specification. ([#1077], [!1694], [!1738]) - In our key manager, use macros to define key specifiers, instead of repeating the same boilerplate code. ([#1069], [#1093], [!1710], [!1733]) - Refactoring and refinement on the definitions of onion-service-related errors. ([!1718], [!1724], [!1750], [!1751], [!1779]) - Add a "time-store" mechanism for (as correctly as possible) storing and loading future timestamps, even in the presence of system clock skew ([!1723], [!1774]) - Implement a replay-log backend to prevent INTRODUCE replay attacks against onion services. ([!1725]) - Improved encoding for key-denotators in the key manager. ([#1063], [#1070], [!1722]) - Allow a single key to have more than one denotator in its path. ([#1112], [!1747]) - Use an order-preserving-encryption back-end to generate monotonically increasing revision counters for onion service descriptors. We do this to ensure a reproducible series of counters without leaking our clock skew. ([#1053], [!1741], [!1744]) - Deprecate key types for INTRODUCE-based authentication: C tor has never implemented this, and we do not plan to implement it without additional specification work. ([#1037], [!1749]) OBS-URL: https://build.opensuse.org/request/show/1132326 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=10 2023-12-10 17:29:39 +01:00
Accepting request 1119294 from home:VaiTon:branches:network arti is the new Tor runtime, written in rust OBS-URL: https://build.opensuse.org/request/show/1119294 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=1 2023-10-25 10:07:12 +02:00			`<service name="tar" mode="buildtime" />`
			`</services>`