Accepting request 1179109 from home:VaiTon:branches:network

- Update to version 1.2.4: - Update to version 1.2.3: - Update to version 1.2.2: OBS-URL: https://build.opensuse.org/request/show/1179109 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=18
2024-06-06 23:54:32 +00:00 · 2024-06-06 23:54:32 +00:00 · 09b4ccb9ff
commit 09b4ccb9ff
parent 62177a1ba7
8 changed files with 55 additions and 17 deletions
--- a/10
+++ b/10
@ -3,9 +3,9 @@
        <param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
        <param name="versionformat">@PARENT_TAG@~@TAG_OFFSET@</param>
        <param name="scm">git</param>
-        <param name="revision">arti-1.2.1</param>
+        <param name="revision">arti-v1.2.4</param>
        <param name="match-tag">*</param>
-        <param name="versionrewrite-pattern">arti-(\d+\.\d+\.\d+)</param>
+        <param name="versionrewrite-pattern">arti-v(\d+\.\d+\.\d+)</param>
        <param name="versionrewrite-replacement">\1</param>
        <param name="changesgenerate">enable</param>
    </service>
@ -16,7 +16,7 @@
        <param name="compression">zst</param>
        <param name="update">true</param>

-        <!-- 
+        <!--
        From https://gitlab.torproject.org/tpo/core/arti/-/blob/2db5ccf16d2f977c073ba3f142513b920fb7b6a1/maint/cargo_audit
        -->

@ -33,7 +33,7 @@
        <!--
        As of 28 Nov 2023, all versions of the rsa crate have a variable
        timing attack that can leak private keys.
-        
+
        We do not use (yet) do any private-key rsa operations in arti:
        we only use it to verify signatures.
        -->
@ -46,7 +46,7 @@
        experimental).
        -->
        <param name="i-accept-the-risk">RUSTSEC-2024-0014</param>
-        
+
    </service>

    <service name="cargo_audit" mode="manual">
--- a/2
+++ b/2
@ -1,4 +1,4 @@
 <servicedata>
 <service name="tar_scm">
                <param name="url">https://gitlab.torproject.org/tpo/core/arti.git</param>
-              <param name="changesrevision">305f74b9bbe187ea2a48003ca93b5bde4b4d6e09</param></service></servicedata>
+              <param name="changesrevision">5217447873011338a5426898fcc8b96c8665babf</param></service></servicedata>
--- a/arti-1.2.1~0.obscpio
+++ b/arti-1.2.1~0.obscpio
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:53050008a4e11ac5ad9b693f8431aa8f1f7811376cbdb250c1319bc1a8ca3369
-size 60273678
--- a/arti-1.2.4~0.obscpio
+++ b/arti-1.2.4~0.obscpio
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:5a0dbd802da3a948fb2a36c87acd209d1ba64e930612b810fd34361e20acc519
+size 60828686
--- a/arti.changes
+++ b/arti.changes
@ -1,3 +1,41 @@
+-------------------------------------------------------------------
+Thu Jun 06 23:38:53 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
+
+- Update to version 1.2.4:
+  * Development on onion services, and on the RPC subsystem.
+  * This release restores the faravahar directory authority,
+    which has a new location and keys.
+  * Fixed two-medium security issues, tracked as TROVE-2024-005
+    and TROVE-2024-006.
+  * For a full changelog, refer to the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+
+- Update to version 1.2.3:
+  * Fixes a high-severity issue affecting onion services and
+    clients connecting to onion services with 'lite' vanguards
+    (the default) enabled. TROVE-2024-003
+  * This release also fixes a medium-severity issue affecting
+    'full' vanguards. TROVE-2024-004
+  * For a full changelog, refer to the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
+
+- Update to version 1.2.2:
+  * Arti now supports Vanguards for improved security
+    against guard discovery for onion service circuits.
+    By default, we use the vanguards-lite algorithm;
+    the vanguards-full algorithm can be configured.
+  * Update to use the new identity key for the tor26 directory
+    authority.
+  * Fix an inadvertent recursion bug when converting TorAddrError
+    to arti_client::Error.
+  * Improve reliability of bootstrap status reporting.
+  * Convert to use figment instead of config-rs as our
+    configuration backend, for improved error messages.
+  * For a full changelog, refer to the installed package changelog
+    (/usr/share/doc/packages/arti/CHANGELOG.md)
+
 -------------------------------------------------------------------
 Thu Apr  4 15:40:41 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>

@ -20,14 +58,14 @@ Tue Apr 02 16:00:31 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
    which are needed to improve onion service security.
    This is not yet complete.
  * Added support for unmanaged pluggable transports
-  * Begun work to improve Tor's relay cell protocol with support 
+  * Begun work to improve Tor's relay cell protocol with support
    for packed and fragmented messages

 - Update to version 1.2.0
  * Initial support for running onion services.
  * Fixed a number of bugs and security issues.
  * Made the onion-service-service feature non-experimental.
-  
+
  For a full changelog, refer to the package changelog
  (/usr/share/doc/packages/arti/CHANGELOG.md)

--- a/arti.obsinfo
+++ b/arti.obsinfo
@ -1,4 +1,4 @@
 name: arti
-version: 1.2.1~0
-mtime: 1712066536
-commit: 305f74b9bbe187ea2a48003ca93b5bde4b4d6e09
+version: 1.2.4~0
+mtime: 1717606582
+commit: 5217447873011338a5426898fcc8b96c8665babf
--- a/arti.spec
+++ b/arti.spec
@ -17,7 +17,7 @@


 Name:           arti
-Version:        1.2.1~0
+Version:        1.2.4~0
 Release:        0
 Summary:        An implementation of Tor, in Rust.
 License:        Apache-2.0 OR MIT
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:fa461218f81d8ab6d781a8379286233f8627559a59b727a305fe29530b579a14
-size 57700877
+oid sha256:8cec5a70eea1c9359f0fc032efb0a1638868346062382dbc59a0aaf9abd7ae08
+size 58087078