From 216218b214228f4514d9e50f6c6ecf2fcc6107763b5018bface490c68c24bdaf Mon Sep 17 00:00:00 2001 From: Eyad Issa Date: Sun, 14 Jul 2024 18:32:52 +0000 Subject: [PATCH] - Update to version 1.2.5: * Stop publishing the obsolete arti-hyper crate * Update curve25519-dalek to avoid a low-severity timing vulnerability. (TROVE-2024-007) * With full vanguards, client rendezvous circuits do not reuse the final vanguard as the rendezvous point. (TROVE-2024-008) * Some RPC development * Add skeleton, including (experimental): arti-relay crate, relay cargo feature in arti-client, relay command line argument to arti * Add a key material export facility for some of our TLS implementations. * Tolerate removal of files from Arti's cache directory. OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=23 --- .gitattributes | 23 +++++ .gitignore | 1 + _constraints | 10 ++ _service | 58 +++++++++++ _servicedata | 4 + arti-1.2.4~0.obscpio | 3 + arti-1.2.5~0.obscpio | 3 + arti.changes | 229 +++++++++++++++++++++++++++++++++++++++++++ arti.obsinfo | 4 + arti.spec | 55 +++++++++++ vendor.tar.zst | 3 + 11 files changed, 393 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 _constraints create mode 100644 _service create mode 100644 _servicedata create mode 100644 arti-1.2.4~0.obscpio create mode 100644 arti-1.2.5~0.obscpio create mode 100644 arti.changes create mode 100644 arti.obsinfo create mode 100644 arti.spec create mode 100644 vendor.tar.zst diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/_constraints b/_constraints new file mode 100644 index 0000000..bcf2770 --- /dev/null +++ b/_constraints @@ -0,0 +1,10 @@ + + + + 20 + + + 35 + + + diff --git a/_service b/_service new file mode 100644 index 0000000..c1ced9a --- /dev/null +++ b/_service @@ -0,0 +1,58 @@ + + + https://gitlab.torproject.org/tpo/core/arti.git + @PARENT_TAG@~@TAG_OFFSET@ + git + arti-v1.2.5 + * + arti-v(\d+\.\d+\.\d+) + \1 + enable + + + + + arti + zst + true + + + + + RUSTSEC-2021-0145 + + + RUSTSEC-2023-0071 + + + + RUSTSEC-2024-0014 + + + + + arti + + + + + diff --git a/_servicedata b/_servicedata new file mode 100644 index 0000000..2f09d82 --- /dev/null +++ b/_servicedata @@ -0,0 +1,4 @@ + + + https://gitlab.torproject.org/tpo/core/arti.git + ef4a4d3774ddf77eba7f23611dfea3c160fa77ef \ No newline at end of file diff --git a/arti-1.2.4~0.obscpio b/arti-1.2.4~0.obscpio new file mode 100644 index 0000000..37430f9 --- /dev/null +++ b/arti-1.2.4~0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:5a0dbd802da3a948fb2a36c87acd209d1ba64e930612b810fd34361e20acc519 +size 60828686 diff --git a/arti-1.2.5~0.obscpio b/arti-1.2.5~0.obscpio new file mode 100644 index 0000000..fd4a91f --- /dev/null +++ b/arti-1.2.5~0.obscpio @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:fecb37af7202137f2bcca66242a7cb4f48b94cf66fe79d7a51614985902c0817 +size 60880910 diff --git a/arti.changes b/arti.changes new file mode 100644 index 0000000..53eb11a --- /dev/null +++ b/arti.changes @@ -0,0 +1,229 @@ +------------------------------------------------------------------- +Sun Jul 14 18:25:45 UTC 2024 - Eyad Issa + +- Update to version 1.2.5: + * Stop publishing the obsolete arti-hyper crate + * Update curve25519-dalek to avoid a low-severity timing + vulnerability. (TROVE-2024-007) + * With full vanguards, client rendezvous circuits + do not reuse the final vanguard as the rendezvous point. + (TROVE-2024-008) + * Some RPC development + * Add skeleton, including (experimental): arti-relay crate, + relay cargo feature in arti-client, + relay command line argument to arti + * Add a key material export facility for some of our TLS + implementations. + * Tolerate removal of files from Arti's cache directory. + +------------------------------------------------------------------- +Thu Jun 27 13:19:29 UTC 2024 - Guillaume GARDET + +- Increase RAM needed per thread in %limit_build to avoid OOM on aarch64 + +------------------------------------------------------------------- +Thu Jun 06 23:38:53 UTC 2024 - Eyad Issa + +- Update to version 1.2.4: + * Development on onion services, and on the RPC subsystem. + * This release restores the faravahar directory authority, + which has a new location and keys. + * Fixed two-medium security issues, tracked as TROVE-2024-005 + and TROVE-2024-006. + * For a full changelog, refer to the installed package changelog + (/usr/share/doc/packages/arti/CHANGELOG.md) + + +- Update to version 1.2.3: + * Fixes a high-severity issue affecting onion services and + clients connecting to onion services with 'lite' vanguards + (the default) enabled. TROVE-2024-003 + * This release also fixes a medium-severity issue affecting + 'full' vanguards. TROVE-2024-004 + * For a full changelog, refer to the installed package changelog + (/usr/share/doc/packages/arti/CHANGELOG.md) + + +- Update to version 1.2.2: + * Arti now supports Vanguards for improved security + against guard discovery for onion service circuits. + By default, we use the vanguards-lite algorithm; + the vanguards-full algorithm can be configured. + * Update to use the new identity key for the tor26 directory + authority. + * Fix an inadvertent recursion bug when converting TorAddrError + to arti_client::Error. + * Improve reliability of bootstrap status reporting. + * Convert to use figment instead of config-rs as our + configuration backend, for improved error messages. + * For a full changelog, refer to the installed package changelog + (/usr/share/doc/packages/arti/CHANGELOG.md) + +------------------------------------------------------------------- +Thu Apr 4 15:40:41 UTC 2024 - Guillaume GARDET + +- Update constraints to build on more workers (especially for aarch64) + +------------------------------------------------------------------- +Tue Apr 2 16:34:04 UTC 2024 - Eyad Issa + +- Added LICENSE-APACHE and LICENSE-MIT to %files +- Added README.md and CHANGELOG.md to %files + +------------------------------------------------------------------- +Tue Apr 02 16:00:31 UTC 2024 - Eyad Issa + +- Update to version 1.2.1: + * Reorganize onion service code. + * Design work for out-of-memory handling, which is necessary for + onion service security. + * Initial implementation work for onion service [vanguards], + which are needed to improve onion service security. + This is not yet complete. + * Added support for unmanaged pluggable transports + * Begun work to improve Tor's relay cell protocol with support + for packed and fragmented messages + +- Update to version 1.2.0 + * Initial support for running onion services. + * Fixed a number of bugs and security issues. + * Made the onion-service-service feature non-experimental. + + For a full changelog, refer to the package changelog + (/usr/share/doc/packages/arti/CHANGELOG.md) + +------------------------------------------------------------------- +Mon Jan 15 14:15:55 UTC 2024 - eyadlorenzo@gmail.com + +- Update to version 1.1.12~0: + + Arti 1.1.12 continues work on support for running onion services. + You can now launch an onion service and expect it to run, + though the user experience leaves a lot to be desired. + Don't rely on this onion service implementation for security yet; + there are a number of [missing security features] + we will need to develop before we can recommend them + for actual use. + + https://gitlab.torproject.org/tpo/core/arti/-/blob/3c44d849f4c3332ccbb86328392d54e7c1d8e9b6/CHANGELOG.md + +- Updated the ignored RUSTSEC advisories, as per the project + recommended way of building the crate + +------------------------------------------------------------------- +Fri Dec 08 22:07:44 UTC 2023 - eyadlorenzo@gmail.com + +- Update to version 1.1.11: + + Arti 1.1.11 continues work on support for running onion services. + Onion services are now working in our testing, and we expect we'll + have something testable by others in our next release. + + Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version) + to 1.70, in accordance with our [MSRV policy]. + + ### Onion service development + + - Correct our handling of BEGIN and END messages to bring them + into conformance with the C Tor implementation and the specification. + ([#1077], [!1694], [!1738]) + - In our key manager, use macros to define key specifiers, instead of + repeating the same boilerplate code. ([#1069], [#1093], [!1710], + [!1733]) + - Refactoring and refinement on the definitions of onion-service-related + errors. ([!1718], [!1724], [!1750], [!1751], [!1779]) + - Add a "time-store" mechanism for (as correctly as possible) storing and loading + future timestamps, even in the presence of system clock skew ([!1723], [!1774]) + - Implement a replay-log backend to prevent INTRODUCE replay attacks + against onion services. ([!1725]) + - Improved encoding for key-denotators in the key manager. ([#1063], + [#1070], [!1722]) + - Allow a single key to have more than one denotator in its path. + ([#1112], [!1747]) + - Use an order-preserving-encryption back-end to generate + monotonically increasing revision counters for onion service + descriptors. We do this to ensure a reproducible series of counters + without leaking our clock skew. ([#1053], [!1741], [!1744]) + - Deprecate key types for INTRODUCE-based authentication: + C tor has never implemented this, and we do not plan to implement it + without additional specification work. ([#1037], [!1749]) + - When establishing an introduction point, send the `intro_dos` + extension as appropriate. ([#723], [!1740]) + - Added conversion functions and initial persistence support for + introduction point keys. ([!1756]) + - Start work on introduction point persistence. ([!1755], [!1765]). + - Revert to our intended configuration format for onion service proxy rules. + ([#1058], [!1771]) + + ### Client features + + - Backend and API code for the "ntor-v3" circuit-extension handshake. + This handshake adds the ability to send additional options + from the client to the relay when creating or extending a circuit, + and will eventually be used to negotiate protocol features like + RTT-based congestion control and UDP-over-Tor support. + ([!1720], [!1739]) + + + + +------------------------------------------------------------------- +Mon Nov 13 17:17:23 UTC 2023 - eyadlorenzo@gmail.com + +- Update to version 1.1.10: + + Arti 1.1.10 continues work on support for onion services in + Arti. At last, we can (technically) run as an onion service... + though not yet in a useful way. (Onion services don't yet recover + correctly after a restart, outdated keys are not removed, and we + are missing other important security features.) + + ### Breaking changes in lower-level crates + + - The [`IoErrorExt`] trait in [`tor-basic-utils`] is now + sealed. ([!1654]) + - The [`Requestable`] trait in [`tor-dirclient`] is now sealed, + and most of its members are now private. ([!1679]) + - In [`tor-cell`], stream and circuit IDs are now inherently + non-zero. To represent an ID that might be zero on the wire, we + now use + `Option` or `Option`. ([#1080], [!1697]) + - In [`tor-cell`], `CREATE2` handshake types are no longer raw + `u16` values. ([!1703]) + - In [`tor-cert`], `encode_and_sign` now returns an + `Ed25519EncodedCert` rather than a raw `Vec`. ([!1702]) + + + ### Client features + + - Arti can now be configured to listen for connections on + multiple arbitrary addresses—not just `localhost`. ([!1613]) + + ### Key manager + + - The key manager code now has improved support for generating + keypairs, keys with derived data, and other structures needed for + onion services. ([!1653]) + - The key manager now encodes whether a key is private or public in its + file extension. ([!1672]) + - The key manager now disallows path components that could lead + (under some programming errors) to directory traversal. ([!1661]) + - We can now list keys by path and type; this is important so that + we can identify disused keys and eventually expire them. ([!1677]) + + See https://gitlab.torproject.org/tpo/core/arti/-/blob/c39857a8a63200ed5ed539d1f9231b05d7da7e0d/CHANGELOG.md + for more info +------------------------------------------------------------------- +Mon Oct 30 12:37:00 UTC 2023 - Guillaume GARDET + +- Add _constraints file to avoid build failures + +------------------------------------------------------------------- +Wed Oct 25 21:58:30 UTC 2023 - Eyad Issa + +- Run format_spec_file service + +------------------------------------------------------------------- +Fri Oct 20 16:54:29 UTC 2023 - Eyad Issa + +- Version 1.1.9 diff --git a/arti.obsinfo b/arti.obsinfo new file mode 100644 index 0000000..8a43630 --- /dev/null +++ b/arti.obsinfo @@ -0,0 +1,4 @@ +name: arti +version: 1.2.5~0 +mtime: 1719502875 +commit: ef4a4d3774ddf77eba7f23611dfea3c160fa77ef diff --git a/arti.spec b/arti.spec new file mode 100644 index 0000000..72990e0 --- /dev/null +++ b/arti.spec @@ -0,0 +1,55 @@ +# +# spec file for package arti +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: arti +Version: 1.2.5~0 +Release: 0 +Summary: An implementation of Tor, in Rust. +License: Apache-2.0 OR MIT +URL: https://gitlab.torproject.org/tpo/core/arti +Source0: %{name}-%{version}.tar +Source1: vendor.tar.zst +BuildRequires: cargo-packaging +BuildRequires: memory-constraints +BuildRequires: pkgconfig +BuildRequires: pkgconfig(openssl) +BuildRequires: pkgconfig(sqlite3) +ExclusiveArch: %{rust_tier1_arches} + +%description +An implementation of Tor, in Rust + +%prep +%autosetup -p1 -a1 + +%build +%limit_build -m 4400 +%{cargo_build} + +%install +%{cargo_install -p crates/arti} + +%check +%{cargo_test} + +%files +%doc CHANGELOG.md README.md +%license LICENSE-APACHE LICENSE-MIT +%{_bindir}/%{name} + +%changelog diff --git a/vendor.tar.zst b/vendor.tar.zst new file mode 100644 index 0000000..614357e --- /dev/null +++ b/vendor.tar.zst @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:efe8d480e1894c2d445f06ba00c2def5dbe61dd2bf0c552157ddb891154bb90e +size 58065960