Eyad Issa
09b4ccb9ff
- Update to version 1.2.4: - Update to version 1.2.3: - Update to version 1.2.2: OBS-URL: https://build.opensuse.org/request/show/1179109 OBS-URL: https://build.opensuse.org/package/show/network/arti?expand=0&rev=18
207 lines
8.6 KiB
Plaintext
207 lines
8.6 KiB
Plaintext
-------------------------------------------------------------------
|
|
Thu Jun 06 23:38:53 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
|
|
|
|
- Update to version 1.2.4:
|
|
* Development on onion services, and on the RPC subsystem.
|
|
* This release restores the faravahar directory authority,
|
|
which has a new location and keys.
|
|
* Fixed two-medium security issues, tracked as TROVE-2024-005
|
|
and TROVE-2024-006.
|
|
* For a full changelog, refer to the installed package changelog
|
|
(/usr/share/doc/packages/arti/CHANGELOG.md)
|
|
|
|
|
|
- Update to version 1.2.3:
|
|
* Fixes a high-severity issue affecting onion services and
|
|
clients connecting to onion services with 'lite' vanguards
|
|
(the default) enabled. TROVE-2024-003
|
|
* This release also fixes a medium-severity issue affecting
|
|
'full' vanguards. TROVE-2024-004
|
|
* For a full changelog, refer to the installed package changelog
|
|
(/usr/share/doc/packages/arti/CHANGELOG.md)
|
|
|
|
|
|
- Update to version 1.2.2:
|
|
* Arti now supports Vanguards for improved security
|
|
against guard discovery for onion service circuits.
|
|
By default, we use the vanguards-lite algorithm;
|
|
the vanguards-full algorithm can be configured.
|
|
* Update to use the new identity key for the tor26 directory
|
|
authority.
|
|
* Fix an inadvertent recursion bug when converting TorAddrError
|
|
to arti_client::Error.
|
|
* Improve reliability of bootstrap status reporting.
|
|
* Convert to use figment instead of config-rs as our
|
|
configuration backend, for improved error messages.
|
|
* For a full changelog, refer to the installed package changelog
|
|
(/usr/share/doc/packages/arti/CHANGELOG.md)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Apr 4 15:40:41 UTC 2024 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Update constraints to build on more workers (especially for aarch64)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 2 16:34:04 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
|
|
|
|
- Added LICENSE-APACHE and LICENSE-MIT to %files
|
|
- Added README.md and CHANGELOG.md to %files
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Apr 02 16:00:31 UTC 2024 - Eyad Issa <eyadlorenzo@gmail.com>
|
|
|
|
- Update to version 1.2.1:
|
|
* Reorganize onion service code.
|
|
* Design work for out-of-memory handling, which is necessary for
|
|
onion service security.
|
|
* Initial implementation work for onion service [vanguards],
|
|
which are needed to improve onion service security.
|
|
This is not yet complete.
|
|
* Added support for unmanaged pluggable transports
|
|
* Begun work to improve Tor's relay cell protocol with support
|
|
for packed and fragmented messages
|
|
|
|
- Update to version 1.2.0
|
|
* Initial support for running onion services.
|
|
* Fixed a number of bugs and security issues.
|
|
* Made the onion-service-service feature non-experimental.
|
|
|
|
For a full changelog, refer to the package changelog
|
|
(/usr/share/doc/packages/arti/CHANGELOG.md)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 15 14:15:55 UTC 2024 - eyadlorenzo@gmail.com
|
|
|
|
- Update to version 1.1.12~0:
|
|
|
|
Arti 1.1.12 continues work on support for running onion services.
|
|
You can now launch an onion service and expect it to run,
|
|
though the user experience leaves a lot to be desired.
|
|
Don't rely on this onion service implementation for security yet;
|
|
there are a number of [missing security features]
|
|
we will need to develop before we can recommend them
|
|
for actual use.
|
|
|
|
https://gitlab.torproject.org/tpo/core/arti/-/blob/3c44d849f4c3332ccbb86328392d54e7c1d8e9b6/CHANGELOG.md
|
|
|
|
- Updated the ignored RUSTSEC advisories, as per the project
|
|
recommended way of building the crate
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 08 22:07:44 UTC 2023 - eyadlorenzo@gmail.com
|
|
|
|
- Update to version 1.1.11:
|
|
|
|
Arti 1.1.11 continues work on support for running onion services.
|
|
Onion services are now working in our testing, and we expect we'll
|
|
have something testable by others in our next release.
|
|
|
|
Arti 1.1.11 also increases our MSRV (Minimum Supported Rust Version)
|
|
to 1.70, in accordance with our [MSRV policy].
|
|
|
|
### Onion service development
|
|
|
|
- Correct our handling of BEGIN and END messages to bring them
|
|
into conformance with the C Tor implementation and the specification.
|
|
([#1077], [!1694], [!1738])
|
|
- In our key manager, use macros to define key specifiers, instead of
|
|
repeating the same boilerplate code. ([#1069], [#1093], [!1710],
|
|
[!1733])
|
|
- Refactoring and refinement on the definitions of onion-service-related
|
|
errors. ([!1718], [!1724], [!1750], [!1751], [!1779])
|
|
- Add a "time-store" mechanism for (as correctly as possible) storing and loading
|
|
future timestamps, even in the presence of system clock skew ([!1723], [!1774])
|
|
- Implement a replay-log backend to prevent INTRODUCE replay attacks
|
|
against onion services. ([!1725])
|
|
- Improved encoding for key-denotators in the key manager. ([#1063],
|
|
[#1070], [!1722])
|
|
- Allow a single key to have more than one denotator in its path.
|
|
([#1112], [!1747])
|
|
- Use an order-preserving-encryption back-end to generate
|
|
monotonically increasing revision counters for onion service
|
|
descriptors. We do this to ensure a reproducible series of counters
|
|
without leaking our clock skew. ([#1053], [!1741], [!1744])
|
|
- Deprecate key types for INTRODUCE-based authentication:
|
|
C tor has never implemented this, and we do not plan to implement it
|
|
without additional specification work. ([#1037], [!1749])
|
|
- When establishing an introduction point, send the `intro_dos`
|
|
extension as appropriate. ([#723], [!1740])
|
|
- Added conversion functions and initial persistence support for
|
|
introduction point keys. ([!1756])
|
|
- Start work on introduction point persistence. ([!1755], [!1765]).
|
|
- Revert to our intended configuration format for onion service proxy rules.
|
|
([#1058], [!1771])
|
|
|
|
### Client features
|
|
|
|
- Backend and API code for the "ntor-v3" circuit-extension handshake.
|
|
This handshake adds the ability to send additional options
|
|
from the client to the relay when creating or extending a circuit,
|
|
and will eventually be used to negotiate protocol features like
|
|
RTT-based congestion control and UDP-over-Tor support.
|
|
([!1720], [!1739])
|
|
|
|
|
|
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 13 17:17:23 UTC 2023 - eyadlorenzo@gmail.com
|
|
|
|
- Update to version 1.1.10:
|
|
|
|
Arti 1.1.10 continues work on support for onion services in
|
|
Arti. At last, we can (technically) run as an onion service...
|
|
though not yet in a useful way. (Onion services don't yet recover
|
|
correctly after a restart, outdated keys are not removed, and we
|
|
are missing other important security features.)
|
|
|
|
### Breaking changes in lower-level crates
|
|
|
|
- The [`IoErrorExt`] trait in [`tor-basic-utils`] is now
|
|
sealed. ([!1654])
|
|
- The [`Requestable`] trait in [`tor-dirclient`] is now sealed,
|
|
and most of its members are now private. ([!1679])
|
|
- In [`tor-cell`], stream and circuit IDs are now inherently
|
|
non-zero. To represent an ID that might be zero on the wire, we
|
|
now use
|
|
`Option<StreamId>` or `Option<CircId>`. ([#1080], [!1697])
|
|
- In [`tor-cell`], `CREATE2` handshake types are no longer raw
|
|
`u16` values. ([!1703])
|
|
- In [`tor-cert`], `encode_and_sign` now returns an
|
|
`Ed25519EncodedCert` rather than a raw `Vec<u8>`. ([!1702])
|
|
|
|
|
|
### Client features
|
|
|
|
- Arti can now be configured to listen for connections on
|
|
multiple arbitrary addresses—not just `localhost`. ([!1613])
|
|
|
|
### Key manager
|
|
|
|
- The key manager code now has improved support for generating
|
|
keypairs, keys with derived data, and other structures needed for
|
|
onion services. ([!1653])
|
|
- The key manager now encodes whether a key is private or public in its
|
|
file extension. ([!1672])
|
|
- The key manager now disallows path components that could lead
|
|
(under some programming errors) to directory traversal. ([!1661])
|
|
- We can now list keys by path and type; this is important so that
|
|
we can identify disused keys and eventually expire them. ([!1677])
|
|
|
|
See https://gitlab.torproject.org/tpo/core/arti/-/blob/c39857a8a63200ed5ed539d1f9231b05d7da7e0d/CHANGELOG.md
|
|
for more info
|
|
-------------------------------------------------------------------
|
|
Mon Oct 30 12:37:00 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
|
|
|
|
- Add _constraints file to avoid build failures
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Oct 25 21:58:30 UTC 2023 - Eyad Issa <eyadlorenzo@gmail.com>
|
|
|
|
- Run format_spec_file service
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 20 16:54:29 UTC 2023 - Eyad Issa <eyadlorenzo@gmail.com>
|
|
|
|
- Version 1.1.9
|