-
Notifications
You must be signed in to change notification settings - Fork 191
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x86_64-unknown-linux-gnux32 no longer works with 0.4.5 #311
Comments
I see, #300 made a bad assumption that "x86_64" always uses 64-bit digits, when we actually follow |
Merged
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this issue
Nov 1, 2024
# Arti 1.3.0 - 31 October 2024 Arti 1.3.0 is a significant milestone: we have achieved parity on most major client features with C Tor. The last big security feature needed for Onion Services (resistance to out-of-memory DoS) landed in this release. And, in Arti client 1.3.0, connecting to `.onion` domains is enabled by default. Much other major work is taking place, too! We have continued our work on Arti Relay. The work-in-progress RPC system is significantly more clearly defined and implementation is proceeding. ### Breaking changes * **Reject (managed) pluggable transport on non-localhost address:** If a pluggable transport we spawn tells us it is listening on a non-localhost address, reject that transport, since this is almost certainly a security risk. (The goal is to detect buggy PTs. We aren't aware of any such PTs.) ([!2454], [#1636]) * **API:** Several methods (mostly in `tor-chanmgr` and `tor-proto`) take new memory quota tracking arguments. If memory tracking is not required, you can create a no-op memory quota account with `SpecificAccount::new_noop()` or `Account::new_noop(). * **API:** New API for `tor-socksproto`, which is more robust and avoids many kinds of misuse, including bugs like TROVE-2024-010. The old `.handshake` method still available, but deprecated, and now part of the new `Handshake` trait. ([#1590], [#1627], [#1592], [!2436]) * **API:** Many places where a `SleepProvider` bound was used now also require `CoarseTimeProvider`. In-tree `SleepProvider`s all implement `CoarseTimeProvider`, so for most callers this can be fixed by propagating the bounds. ([!2482]) * **cargo features:** Some cargo features of lower-layer crates are no longer enabled by implication by higher-layer crates. External callers may need to add feature requesgts to `Cargo.toml`s. ([!2498]) ### Major new features * **Support memory quota tracking.** (Feature compiled in by default.) Specifically: Arti can now try to limit the amount of memory it uses for data that might be originated by untrusted parties. This is currently useful as DoS resistance measure for Hidden Services (`.onion` services). To actually enable this, a specific limit must be imposed in the `[system]` section of of the Arti configuration. ([!2459], [!2461], [!2484], [!2493], [!2508], [!2509], [!2518], [!2531], [!2536], [!2537], [!2545], [!2555], [!2560], [!2569], [#1682], [#351]) * **Enabled connecting to `.onion` addresses (Hidden Services) by default,** by making `allow_onion_addrs` default to `true` in the configuration. (This is appropriate now that we have Vanguard support.) [#1402], [!2506]) ### Bugfixes * Fixed the build of `arti-client` with just the features `experimental-api` and `onion-service-client` enabled. ([!2457], [#1638]) * Fixed the build on FreeBSD. ([!2533], [#1686]) * Fixed the build on NetBSD. ([!2540], [rust-pwd-grp#4], [rust-pwd-grp!25]) * Fixed config file watching (file notifier) on non-Windows platforms without inotify. ([!2547], [#1644], [notify-rs#644]) * Fixed a bug that rendered Arti unable to connect to the Tor network when built with certain library combinations. This could occur when an out-of-tree user of the Arti libraries ends up enabling `time-rs`'s `large-dates` cargo feature, by replacing `simple_asn1` dependency with `der-parser` in `tor-llcrypto`. ([!2462], [#1632], [simple_asn1#34], [simple_asn1!35], [time-rs#683]) * Fixed the logging of backtraces, when an internal error occurs. (Bug first appeared in Arti 1.2.7.) [!2588], [#1713]) * Removed a false claim that we don't support pluggable transports. ([!2507]) * Documented the `vanguards` cargo feature flag. ([!2507]) ### Other user-facing improvements * Warn if we're configured to listen for SOCKS or DNS queries on a non-localhost address, or if we're configured to use an externally-managed pluggable transport with a non-localhost address, These are very questionable configurations, but there may be unusual situations where this is a sensible setup. ([!2454], [#1636]) * Use new "restricted discovery" terminology throughout (for Hidden Services, aka `.onion` services), replacing previous (misleading) "client authorization". ([!2495], [#1476]) * Experimental ability to read private keys from C Tor's on-disk keystore. ([!2481], [!2514]) * Experimental proof-of-work client-side support for Hidden Services (`.onion` services). ([!2486], [!2026]) ### New library and API features * Added `general::SocketAddr` type for unifying IP and AF\_UNIX (and potentially other) sockets. ([!2519], [#1681], [!2553], [!2554], [#1701], [!2592]) * Added type-erased `DynTimeProvider` in `tor-rtcompat`. ([!2460], [!2500]) * Added `SinkTrySend` and `SinkCloseChannel` traits, making the functionality of `mpsc::Sender::try_send` and `::close` available as a trait method and implementable for other types. ([!2468], [!2485], [!2490]) * Added `SometimesUnboundedSink::as_inner` method. ([!2483]) * Guarantee that `Slug`s will never contain colons (`:`), and explain why. ([!2576]) * Moved `tor-config`'s `path` module to a new crate `tor-config-path`. ([!2590]) * Added `default-runtime` feature in `arti`, to simplify building without default features. ([!2551]) ### Relay development * Support multiple channels for a single relay ID. ([!2442], [#1633]) * Improved channel selection code. ([!2477], [#1602], [!2544]) * Much other cleanup and refactoring in `tor-chanmgr`. ([!2523], [!2538], [#1654], [!2566]) * Made `arti-relay` be a binary crate only, for now at least, and abolish the `relay` subcommand of the main `arti` CLI. ([!2525], [#1674], [!2542]) ### RPC system development * Reorganised RPC documentation; soon it will be a mdbook. ([!2581]) * Improved documentation for writing RPC callers, including a new Python tool to build RPC method and type documentation. ([!2479], [!2489] [!2574]) * Finalised specifications for how RPC clients should find the Arti RPC server, how the server should decide where to listen, and how authentication will be done. ([!2439], [!2440], [!2439], [#1521], [!2563], [#1702], [!2582], [#1711]) * Finalised specifications for version compatibility (interworking of newer/older Arti with newer/older RPC clients). ([!2475], [#1634], [!2510], [#1665], [!2511], [#1662], [!2512]) * Improvements to error handling, especially in the client library. ([!2556]) * Improved and clarified objectid/isolation rules in SOCKS interaction. ([!2474], [torspec!292], [proposal 351], [socks-extensions.md]) * Clarified (and weakened) guarantees provided on request cancellation. ([!2564], [#818]) * Changed `release` method to be a method on the object itself. ([!2573], [#1663]) * Other specification fixes/improvements. ([#1678], [!2539]) * Fixed the shared library extension on OSX and Windows. ([!2469]) * Removed the `Echo` testing/demo method. ([!2549], [#1525]) * Started a Python client API, and adopted it for some integration tests. ([!2515], [#1295], [!2567]) * Reduced the dependencies of the client library. ([!2522], [!2524]) * Internal cleanups. ([!2456], [#1587], [!2558]) ### Documentation * Clarified `launch_onion_service_with_hsid()`. ([!2494], [#1626]) * Use new "circuit stem" terminology. ([#1479], [!2410]) * Added missing docs for `keypair_specifier`. ([!2532]) ### Testing * Much better testing for the CircMgr. ([!2444], [!2513]) * Fixed the flaky `circuit::test::accept_valid_sendme` CI test. ([!2501]) * Added more miri tests. ([!2502]) * Avoid writing `_ => panic!()` even in tests. ([!2534]) * Allow more precise testing of conditional compilation which affects the configuration reader. ([!2561]) * Updated to the latest version of Shadow. ([!2585], [shadow!3428], [!2587]) * Include more output from Shadow in CI artifacts. ([!2586]) * Pin the version of Chutney used in Shadow tests to make arti.git CI more hermetic. ([!2596]) ### Cleanups and housekeeping * Updated the list of fallback directories. Clients use these to fetch directory information when they have no cached directory or guard nodes. ([!2589]) * Updated some previous entries in `CHANGELOG.md` to more fully document changes in `tor-circmgr` 0.23.0. * Now we run a typechecker, linter, and autoformatter, on all our Python scripts (and fix the issues identified). ([!2476], [!2578], [!2579], [#1689], [!2584]) * Minor cleanups and reformatting in `tor-key-forge`. ([!2552]) * Commented out (temporarily) ill-shaped `RelaySigningKeySpecifier`. ([!2527]) * Reduced the number of "unused" warnings arising from conditional compilation (eg, cargo features). ([!2431], [!2463], [#1645], [!2551]) * In `Cargo.toml`, avoid updating to a `typed-index-collections` which would break our MSRV by requiring Rust 1.81. ([!2471], [#1647]) * Tidied up the sealing of a pair of traits. ([!2472]) * Use `{u64,usize}::div_ceil` where applicable. ([!2473]) * Now we avoid some warnings about certain elided lifetimes. ([!2478], [!2575]) * Fixed docs-rs cargo feature decorations on certain items. ([!2487]) * Forbid hard tabs (in most files) in tree. ([!2488]) * Fixed `no_default_features = true` typo in many `Cargo.toml`. ([!2498]) * Bumped dependency requirements for `futures-*` `notify`. ([!2499]) * Fixed indentation in a doc comment to address a new clippy lint. ([!2516], [!2520]) * Changed to depend on `slotmap-careful` instead of `slotmap`. ([!2530], [#1531]) * Abolished unneeded use of `python-is-python3` package in CI. ([!2535]) * Reinstated the `tor-proto` circuit hop check in `test_create()`. ([!2546]) * Updated download size numbers (for Project 101 Q3-2024). ([!2571]) * Simplified `tor-config` path handling by using `path` feature of `shellexpand`. ([!2583]) * Work around a bug in `cargo license` by permitting a weird licence string. ([!2591], [cargo-license#78]) * Removed an obsolete TODO. ([!2562]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Morgan, and Neel Chauhan. Also, our welcome to Clara Engler as they join the team! Also, our deep thanks to [Zcash Community Grants], the [Bureau of Democracy, Human Rights and Labor], and our [other sponsors] for funding the development of Arti! # Arti 1.2.8 — 1 October 2024 Arti 1.2.8 continues development on onion services, the RPC subsystem, key management, and relay infrastructure. It also includes fixes for two security issues in handling the SOCKS protocol, the most severe of which is rated at "medium" according to our [security policy]. Arti 1.2.8 also increases our MSRV (Minimum Supported Rust Version) to 1.77, in accordance with our [MSRV policy]. ### Breaking changes - Arti now requires Rust 1.77 or later. ([!2421], [!2451]) - The `arti hsc` subcommand is now gated behind the experimental `hsc` feature until it is ready for general use. ([ab41a9d330ed1db]) ### Security fixes - Temporarily reject attempts to send optimistic data before the SOCKS handshake is complete. Previously, we would discard data in this case, which has the potential to cause mis-framing bugs that could enable cross-protocol attacks under some circumstances. This is tracked as TROVE-2024-010. We intend to add full support for optimistic data soon; this is a temporary workaround. ([#1627], [!2443]) - Prevent an infinite loop that could occur in our SOCKS code if a local connection was closed at the wrong time. This is tracked as TROVE-2024-011. ([#1635], [!2447]) ### Breaking changes in lower-level crates - The `tor-bytes` crate now reports `Incomplete` rather than `Truncated` for most reader types. ([#1614], [!2407]) - Removed some deprecated code in `tor-hsservice`. ([7a838da0ff2359f9]) - The "ephemeral keystore" feature in `tor-keymgr` is now marked as experimental, and available behind an `ephemeral-keystore` feature. ([!2426]) - The `tor-rtcompat` crate now supports AF_UNIX sockets, and provides a more generic API for opening and listening for network streams. To this end, several of its APIs have been renamed or refactored, and the `Runtime` trait now depends on more supertraits. ([#1152], [!2437]) - In `tor-rtcompat`, `TcpListener::accept()` no longer exists. Use `NetStreamListener::incoming()` instead. ([168f55df05f4b56f]) - In `arti-client`, the type for `StorageConfig::keystore` has changed. ([5e4e7b69b8cd2791]) - In `tor-circmgr`, the `CircMgr` `reload_persistent_state`, `store_persistent_state`, and `upgrade_to_owned_persistent_state` functions have been removed. ([!2420]) - In `tor-circmgr`, the function `CircMgr::new` now returns a `CircMgr` rather than an `Arc<CircMgr>`. ([!2420]) - In `tor-circmgr`, the deprecated `CircMgr::update_network_parameters` function has been removed. ([!2420]) - In `tor-hsservice`, numerous types related to initialization and status have been renamed or refactored. ([!2397], [!2413]) - In `tor-keymgr`, several types have been renamed. ([5e4e7b69b8cd279], [80095da1aa47978]) - In `tor-netdir`, several test-network construction callbacks now take an extra parameter. ([b2b75302ab095bc]) ### Onion service development - Remove the number of cases in which an onion service needs to know its secret identity key `KS_hs_id`. This will help with implementing offline key support. ([#1194], [!2393]) - Add support for adding externally generated keys; this will also help with offline key support. ([#1613], [!2396]) - Report onion service status correctly based on upload results. This includes major refactoring to onion service status reporting, and significant tests. ([#1572], [!2397]) - Remove setting for non-anonymous ("single onion") services. We don't actually support them yet. ([!2413]) - Defer generating service identity keys (`K_hs_id`) until the service is actually launched. This allows tools like `onion-name` to check whether these keys are present. ([!2417]) - The `arti hss onion-name` subcommand now has support for generating identity keys on demand. ([#1621], [!2419]) - Experimental support for launching onion service with user-provided identity keys. ([#1612], [!2402]) - Allow arti to run with onion services only, and SOCKS/DNS ports disabled. ([#1569], [!2423]) - Move onion service client key management functionality into a new `arti hsc key` sub-command, which supports key inspection, rotation, and deletion. The old `arti hsc get-key` subcommand is now deprecated. ([#1475], [!2432], [!2435]) - Support making an `InertTorClient` with an emphemeral key manager. ([#1610], [!2394]) - The "default" keystore has been renamed to "primary". ([!2438]) ### Relay development - Give `TorRelay` an instance of `ChanMgr` to keep track of open channels. ([!2361]) - Continued development on memory-quota support, to prevent memory-based denial-of-service attacks against relays and onion services. ([!2374], [!2404]) - New `tor-key-forge` crate for defining specific key and keypair wrappers, for use with relay keys. ([#1137], [#1619], [!2356], [!2430], [!2433]) - Define a set of high-level error wrappers for use by the `TorRelay` code. ([!2392]) - The channel manager now has (partial) support for receiving and handling incoming channels. ([!2389]) - Initial key generation and management support for relays. ([#1604], [!2411]) - Move Arti's (in-progress) `relay` subcommand to its own module. ([!2455) ### RPC development - Add support throughout the RPC stack for opening data streams and registering them with the RPC system, using the protocol developed in [proposal 351]. ([#1524], [!2373], [!2401], [!2406], [!2409], [!2434], [!2452]) - Update RPC specification draft to match current reality and plans. ([!2386], [!2453]) - Refactor the way that the RPC service handles errors, to ensure that framing errors are never silently tolerated, and other errors are handled uniformly. ([#1591], [!2400]) - Expose a list of object delegation types, to make it possible to generate full documentation of which objects support which methods. ([#1624], [!2418]) - Add a (work-in-progress! unstable! experimental!) Python wrapper for our similarly unstable RPC client library. ([!2446]) ### Testing - Partially fix test nondeterminism in the `reload_cfg::watch_single_file` test. ([#1549], [!2375], [!2391]) - Improve performance for the `reload_cfg::watch_multiple` test. ([#1589], [!2387]) - [Chutney] network integration tests are now run inside the [Shadow] discrete event simulator. ([!2427]) ### Documentation - Typo fixes in our documentation. ([!2403]) - Improved documentation for onion service descriptor publication. ([#1216], [b87b9f44ae05d4f0]) - Clean up documentation for `InertTorClient`. ([!2414]) - Clarify behavior of `ArtiEphemeralKeystore`. ([!2424]) - New example: running an axum router as an onion service. ([!2445]) - Add an example for an onion service's `reject` option to our sample configuration ([!2458]) ### Infrastructure - Clean-ups to CI jobs that generate debian packages. ([!2368]) - Adjust exceptions for `downgrade-dependencies` script. ([!2398], [!2451], [cf7f25851ac0319f]) ### Cleanups, minor features, and bugfixes - Move Arti's `proxy` subcommand to its own module. ([!2416]) - Clean up needless abstraction, and add smarter abstraction, to make `tor-circmgr` easier to test. ([!2412], [!2420]) - When encountering truncated data, the `tor-bytes` crates now gives a lower-bound estimate for how much more data would be needed in order produce a successful parse. ([!2390]) - The `tor-bytes` crate now tracks whether its inputs are possibly incomplete, and only reports "Truncated" data as a recoverable error on a possibly incomplete data. This helps to prevent a category of bug (which it appears our code doesn't actually have) where we might erroneously keep reading more data without limit. ([#1614], [!2407]) - Fix a bug in our SOCKS handling that would cause us to exceed the bounds of a buffer, causing the SOCKS task to exit with a panic. ([dceeb82f7d115489]) - Upgrade to the latest versions of `float-cmp` and `derive-more`. ([!2450]) - Keystore configuration options have been significantly revised; there is now a `keystore.primary.kind` option to configure the primary keystore. ([!2441]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Adam Joseph, Alexander Hansen Færøy, Anonym, Morgan, Pier Angelo Vendrame, Steven Engler, tidely, and Wesley Aptekar-Cassels. Also, our welcome to Wesley Aptekar-Cassels as they join the team! Also, our deep thanks to [Zcash Community Grants], the [Bureau of Democracy, Human Rights and Labor], and our [other sponsors] for funding the development of Arti! # Arti 1.2.7 — 3 September 2024 Arti 1.2.7 continues development on onion service client authorization, the RPC subsystem, and relay infrastructure. ### Breaking changes in lower-level crates - In [`tor-hsservice`], `OnionServiceProxyConfigBuilder` no longer derives `Eq` and `PartialEq`, and `DescEncryptionConfig`, `DescEncryptionConfig`, `AuthorizedClientConfig,` and `AuthorizedClientParseError` are removed. ([!2266]) - In [`tor-ptmgr`], `PtClientMethod` is now exported from the top-level. ([5774dd456265ef4cb8771342538a07ba76e5a5d9]) ### RPC development - Expose the OS errno of the FFI error types that have one. ([!2311]) - Fix typos in an FFI comment. ([!2310]) - Always re-encode requests and responses, and preserve unrecognized struct fields. ([#1491], [!2312]) - Expose the object ID for the session object. ([!2318]) - Use `JsonValue` to re-encode responses and requests. ([#1512], [#1511], [!2315]) - Add support for request handles in our FFI code. ([!2317]) - Add an unstable RPC method to list every RPC method. ([!2332]) - Build [`arti-rpc-client-core`] as a C dynamic library. ([!2331]) - Use more sophisticated handling for `ConnectionError`s in `arti-rpcserver`. ([#1517], [!2335]) - New `slotmap-careful` crate to use when we mustn't re-use keys. ([!2298]) - Rename various identifiers in our FFI code. ([!2344]) - Use the new `slotmap-careful` instead of `generational-arena` in `arti-rpcserver`. ([#1282], [!2343]) - Implement RPC method delegation support. ([#1523], [!2342]) - Allow simultaneous calls to `arti_rpc_handle_wait()`. ([#1532], [!2360]) - Add experimental method to list SOCKS proxy addresses. ([#1523], [!2359]) ### Relay development - Add initial support for relay configuration. ([#1534], [!2352]) ### Internal cleanup and refactoring - Major refactoring to the `tor-proto` circuit reactor code, which simplifies the implementation and will enable us to support opportunistic packing for [proposal 340]. Introduce `StreamPollSet` for polling streams in priority order. ([!2285], [#1513], [!2319], [!2334]) - Refactoring in our key management code to prevent accidental misuse of relative key paths. ([#1494], [!2291]) - Refactor `KeyedFuturesUnordered` so that the underlying futures are accessible. ([!2321]) - Allow access to the inner streams of `StreamPollSet`, refactor `StreamMap` ([#1421], [!2326], [!2333]). - Make `GuardMgr` mandatory throughout our circuit management code. ([#1465], [!2339], [!2347]) - Encapsulate flow-control into a separate object, abstracting away the difference between window-based (legacy) flow control and xon-based ([proposal 324]) flow control. ([!2340], [!2358]) - Introduce a `PeekableStream` trait to get rid of redundant buffering. ([!2345]) ### Onion service development - Implement hidden service restricted discovery mode (previously known as "client authorization"). ([#1292], [!2266], [!2336], [!2316]) - Add support for live-reloading the restricted discovery configuration. ([#1505], [!2329], [!2353], [!2369]) - Provide an MPSC queue with memory quota tracking. ([#351], [!2292]) - Make arrangements in `tor-memquota` for memory tracking to be optional, and gate `MemoryQuotaTracker::new` behind the `memquota` feature. ([!2351]) ### Minor features - Stop requiring the TRANSPORT key in pluggable transport STATUS messages. ([#1488], [!2307]) - In [`fs-mistrust`], add a `CheckedDir::metadata()` function for retrieving file metadata. ([72c3a1a661284844806b34e9ca5e81a43b8d0913], [!2324]) - In [`tor-ptmgr`], make managed pluggable transports optional. ([#1334], [!2354]) - Add an `InertTorClient` for accessing client state. ([#1496], [!2370], [!2314]) - Move `tor_async_utils::oneshot` into a new [`oneshot-fused-workaround`] crate. ([!2371], [!2383]) ### Testing - Make the `hsc` subcommand documentation serve as a test case. ([!2304]) - In the expected output of the CLI tests, match any number of lines in the `-c` help. ([#1509], [!2313]) - Fix broken reference to `apt-install` script in the Shadow integration tests. ([!2309]) - Add a Shadow integration test for restricted discovery mode. ([#1292], [!2272]) - Don't explicitly set `storage.keystore.enabled` in the Shadow CI tests. ([222b0eae48ae88d1a64cf5f0c11e662bf61dda4d]) - Test `cbindgen` correctness in CI. ([#1502], [!2320], [!2322], [!2330]) - Add `LogState` tests in `tor-log-ratelim`. ([!2349]) - Fix `arti_socket_closed` RPC test, which was previously flakey on OSX. ([#1510], [!2348]) - Add an arti obfs4 managed pluggable transport client and a tor obfs4 server to the Shadow CI tests ([#1538], [!2355]). - Temporarily disable a flaky configuration watcher test. ([!2364]) - Add circuit reactor test for stream handling fairness. ([!2365]) - Rewrite the `hsc` tests using `InertTorClient`. ([#1496], [1d3e59f2e9572a9710de2c2a9c925c5c38a6874c]) - Set the `COLUMNS` env var in the CLI tests. ([#1574], [f1779cfbb3e27b04ba3cca9206170f1e1ea904db]) ### Documentation - Remove obsolete documentation from [`tor-proto`]. ([!2366]) - Discourage use of `tor_rtmock_test_with_*` macros. ([!2372]) ### Infrastructure - Add a few more Tor employees to exclude from our acknowledgments. ([!2306]) - Remove the no-longer-necessary `--cfg docsrs` flag from our rustdoc invocation. ([!2308]) - Fix handling of items ending in `;` in `check_doc_features` maintenance script. ([!2316]) - Use the `via-cargo-install-in-ci` maintenance script to cache `grcov` in the `coverage-aggregated` job. ([!2325]) - Add initial support for building an Arti deb package. ([!2323], [!2367]) - Add script for testing without any features enabled. ([7a9bf49870533cc052b12680336f067f77d87b34]) - Run tests of every crate, with all features disabled. ([!2350]) - Explicitly specify the deployment target of macOS to 10.7 to fix the failing `build-repro-macos` job. ([#1394], [#1507], [!2377], [!2346]) - Rename "Sponsor 101" to "Project 101". ([!2379]) ### Cleanups, minor features, and bugfixes - Make `arti hss onion-name` return a non-zero status if the service doesn't exist. ([!2305]) - Use `std::backtrace` instead of the [`backtrace`] crate. ([!2301]) - Add missing `docsrs` `cfg_attr` to fix a `cargo doc` warning. ([!2337]) - Resolve `unreachable_patterns` warnings from nightly. ([!2338]) - Make `blind_keypair` build without the `hsv3-client` feature. ([#1504], [!2341]) - Move `Qty` to [`tor-basic-utils`] as `ByteQty` and significantly improve it. ([!2363]) - Move `stream_peek` to [`tor-async-utils`]. ([!2362], [!2357]) - Various typo fixes in comments and messages. ([!2380]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Alexander Hansen Færøy, ambiso, Dimitris Apostolou, kn0sys, Kunal Mehta, NoisyCoil, opara, Robin Leander Schröder, and Steven Engler. Also, our welcome to Steven Engler as he joins the team! Also, our deep thanks to [Zcash Community Grants], the [Bureau of Democracy, Human Rights and Labor], and our [other sponsors] for funding the development of Arti! # Arti 1.2.6 — 1 August 2024 Arti 1.2.6 continues development on onion service client authorization, the RPC subsystem, and relay infrastructure. ### Security fixes - Update `openssl` to avoid undefined behavior in `MemBio::get_buf`. ([RUSTSEC-2024-0357], [TROVE-2024-009], [#1495], [!2276]) ### Major bugfixes - When opening a SQLite directory cache in read-only mode, do not attempt to create it. This bug would sometimes prevent Arti from starting correctly when running multiple processes at once. ([#1497], [!2283]) ### RPC development - Initial work on a [wrapper library][arti-rpc-client-core] for invoking Arti RPC functionality from other processes. ([!2270], [!2277], [!2279]) - Initial work on [FFI support][arti-rpc-client-core-header] for invoking Arti RPC functionality from other languages. ([#737], [!2273]) - Clean up the RPC method dispatch implementation, remove some unneeded functions, and refactor the syntax for declaring error types. ([!2284]) ### Relay development - Infrastructure work for out-of-memory prevention. ([#351], [!2280], [!2281]) ### Onion service development - New `arti hsc` command for managing client state and keys for connecting to onion services. ([#1281], [#1291], [!2212], [!2257]) - Support parsing client restricted discovery (a.k.a. "client authorization") keys from C Tor's `descriptor:x25519:<base32-encoded-x25519-public-key>` key format. ([!2246]) - Ensure that `hsc` subcommand can build correctly with unusual combinations of features. ([!2254]) - Remove some unused code for publishing and authentication support. ([!2251]) - Add an `OnionServiceBuilder` API; deprecate `OnionService::new()`. ([#1490], [!2262]) ### Minor features - The obsolete and unused "TAP" keys are now optional when parsing network documents. This is phase one of [our plan][prop350] to eventually remove them entirely. ([!2227], [prop350]) - New `TorClient::wait_for_stop` method, for code that needs to wait until a TorClient instance has definitely shut down. ([#1418], [!2259], [!2278]) - In `tor-netdoc`, expose fields from `AnnotatedRouterDesc` and `RouterAnnotation` when `dangerous-expose-struct-fields is set. ([#1469], [!2213]) ### Testing - Exclude `maint` and `examples` from coverage reports. ([!2256]) - More tests throughout RPC codebase. ([!2264]) - Improvements and clean-ups to circuit reactor tests. ([!2287]) - CLI tests for the `arti hss` and `arti hsc` subcommands. ([#1250], [!2275]) ### Documentation - Clarify meaning of `peer_cert` in `UnverifiedChannel`. ([!2260]) - Improve documentation for mocked time in `tor-rtmock`. ([!2286]) ### Infrastructure - Improvements in release process and utilities for managing the changelog. ([!2240]) - Fix gitlab CI to always use `amd64` architecture images. Previously, it would sometimes choose a docker image for the wrong architecture. ([!2249]) - Split and refactor reproducible-build CI job. ([!2252]) - Improvements to script for detecting crate ownership problems. ([#1485], [!2255]) - Script to make sure that every crate has a valid set of crates.io categories. ([#1481], [!2256]) - Move our commonly used rust maintenance scripts to a separate repository, imported with `git-subtree`. ([#1300], [!2267]) - In gitlab CI, pin the compiler version we use to build cargo-audit and some other tools. ([!2289], [!2290]) ### Cleanups, minor features, and bugfixes - Remove an unused constant from `equix`. ([!2243]) - Suppress and resolve a few warnings about documentation and dead code. ([!2244]) - Fix parsing time-periods from "key slug" identifiers. ([!2248]) - Fix error messages related to filesystem access failures, so that they do not all erroneously claim to be permissions failures. ([#1473], [!2253]) - Return correct error type when trying to extend a circuit via `ntor` to a relay with no known RSA identity. ([!2261]) - Fix a bug in the implementation of `ArtiNativeKeystore::contains()` that caused it to always return false. ([#1492], [!2274]) - Fixes for various new warnings from the nightly version of `clippy`. ([!2288]) - Disallow the error-prone `Path::exists()` function in our code, and use `try_exists()` instead. ([#1493], [!2293]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Alexander Færøy, Clara Engler, Jim Newsome, and trinity-1686a! Also, our deep thanks to [Zcash Community Grants], the [Bureau of Democracy, Human Rights and Labor], and our [other sponsors] for funding the development of Arti! # Arti 1.2.5 — 27 June 2024 ### Breaking - `TorClientBuilder::create_*` now take `&self`. ([!2198]) - Stop publishing the obsolete `arti-hyper` crate. ([!2225], [#1204]) ### Security fixes - Update curve25519-dalek to avoid a low-severity timing vulnerability. ([TROVE-2024-007], [#1468], [!2211]) - With full vanguards, client rendezvous circuits do not reuse the final vanguard as the rendezvous point. ([TROVE-2024-008], [#1474], [!2230]) ### RPC development - New overview document, at the crate root for `tor-rpcbase`. ([!2210]) - Much improvement to method invocation arrangements. ([!2190]) - Change approach to method invocation on data-stream-like objects. ([!2192]) ### Relay development - Add skeleton, including (experimental): arti-relay crate, `relay` cargo feature in `arti-client`, `relay` command line argument to `arti`. ([!2182]) - Add a key material export facility for some of our TLS implementations. ([IETF RFC 5705], [#1432], [!2185]) ### Bugfixes - Tolerate removal of files from Arti's cache directory. Fixes `Bad permissions in cache directory: File or directory ${HOME}/.cache/arti/dir_blobs/... not found`. ([#1466], [!2200]) - Ensure that obsolete files are removed from Arti's cache directory. ([!2200]) ### New features and other improvements - Add `TorClientBuilder::local_resource_timeout` feature, asking Arti to wait (a short while) for a previous instance to exit. ([#1464], [!2198]) - Improve memory usage by disabling built-in X.509 root certificates when building `tor-rtcompat` with openssl. ([!2203], [#1027]) - Improve memory usage by limiting the batch size when reading directory information from the on-disk cache. ([!2202], [#1027]) ### Documentation - Documentation tweaks in `tor_persist::StorageConfig`. ([!2197]) ### Testing - Use a new version of [Shadow]. ([!2195]) - Improvements to the tests to prevent a recurrence of [TROVE-2024-003] / [TROVE-2024-006]. ([!2199]) - Stop build-testing the `gsoc2023/download-manager` example (it uses an obsolete version of `hyper` and the obsolete `arti-hyper` crate). ([!2225], [#1471]) - Fixes to test builds on MacOS, ([#1394], [!2226], [#1472], [!2234]) - Disable test builds on x32 (the not-widely-used Linux x86_64 32-bit hybrid ABI) ([#1480], [!2235], [!2236], [num-bigint#311](https://github.com/rust-num/num-bigint/issues/311)) ### Internal cleanup and refactoring - Improve the path construction logic to try to help avoid future bugs like [TROVE-2024-003] and [TROVE-2024-004]. ([#1459], [!2199], [!2205]) - Refactoring in the circuit reactor, including new `SometimesUnboundedSink`. ([!2172]) - Refactoring in the arti command line utility, pursuant to client support for hidden services with restricted discovery (previously misleadingly known as "client authorisation"). ([!2206]) - Rename the internal type `OptTimestamp` to `AtomicOptTimestamp` in `tor-proto`. ([!2218], [#1412]) - Fix a rustdoc warning. ([!2215]) - Update to new syntax for [`derive-deftly`] 0.12.1. ([!2209]) ### Infrastructure and support - Portability improvement to the script for maintaining links in this changelog. ([!2194], [#1460]) - New script for checking crate ownership on crates.io. ([!2196], [!2201], [!2220], [#1462]) - Try to work around bugs where container systems use images of the wrong architecture. ([!2207], [docker](https://github.com/docker/cli/issues/2590), [podman](https://github.com/containers/podman/issues/22998)) ### Acknowledgments Thanks to everybody who's contributed to this release, including Alexander Færøy, Gaba, Jim Newsome, juga, pinkforest, and trinity-1686a! Also, our deep thanks to [Zcash Community Grants], the [Bureau of Democracy, Human Rights and Labor], and our [other sponsors] for funding the development of Arti! # Arti 1.2.4 — 5 June 2024 Arti 1.2.4 continues development on onion services, and on the RPC subsystem. This release restores the `faravahar` directory authority, which has a new location and keys. We have also fixed two-medium security issues, tracked as [TROVE-2024-005] and [TROVE-2024-006], respectively, and a number of other, smaller bugs. [TROVE-2024-005] affects hidden service circuits using non-default vanguard configurations (where the vanguard mode is set to 'disabled' or 'full'), causing hidden service circuits to be built from circuit stubs that are incompatible with the circuit target, and to have an incorrect length. [TROVE-2024-006] affects hidden services and clients using non-default vanguard configurations, where the vanguard mode is set to 'disabled', or that have the `vanguards` feature compiled out. In some circumstances, this bug can lead to building hidden service circuits that contain the same relay in multiple positions. Both issues make users of this code more vulnerable to traffic analysis when running or accessing onion services. ### Network updates - Restore the `faravahar` directory authority, with new location and keys. ([!2175]) ### Major bugfixes - Ensure that `DataWriter::close()` actually closes its associated stream. Previously, this `close()` method would have no effect until the `DataReader` was also dropped. ([#1368], [!2170]) - Fix a bug where the vanguard circuit stub selection code would fail to ensure that the last two hops of the selected circuit stub are different from the circuit target. ([#1417], [!2167], [!2181]) - Fix a medium-severity issue causing the hidden service circuit pool code to ignore the configured vanguard mode. This is also tracked as [TROVE-2024-005]. ([#1424], [!2168]) - Use `HasRelayIds::has_any_relay_id_from` to check for relay equality when checking if a circuit contains duplicate relays. ([!2181]) - Fix a medium-severity issue, which would, in some circumstances, cause hidden service circuits to be built without applying the necessary same-hop restrictions. This is also tracked as [TROVE-2024-006]. ([#1425], [!2179]) ### Breaking changes in lower-level crates - The `Channel` type in `tor-proto` has been significantly refactored: it is now always wrapped in an explicit `Arc`, it no longer implements `Sink` on its own, and it can no longer be used to send raw cells from outside the `tor-proto` crate. ([!2163]) - `HsCircPool::reconfigure` has been removed - `VanguardConfig` and `VanguardConfigBuilder` are now reexported from the root of the `tor-guardmgr` crate. ([!2146]) - `SshKeyData` is now an opaque type - `SshKeyData::into_public` and `SshKeyData::into_private` have been removed ### Deprecated functionality - The `arti-hyper` example crate is now deprecated and unmaintained. ([!2127]) ### Onion service development - Major refactoring to reduce technical debt in key manager code. ([#1362], [#1367], [!2131], [!2141]) - Address various pending "TODO" items in the vanguard code. ([!2139]) - Adjust terminology for vanguard stub circuits. ([#1339], [!2161]) - Add tests for vanguard configuration, and configuration backend logic as needed to simplify some of the vanguard configuration code. ([!2146]) ### RPC development - Expose methods on TorClient to get and observe the status of the client object. ([#1384], [!2110], [!2130]) - Infrastructure to allow the RPC system to interact with SOCKS streams, provide them with context, and name them as RPC objects. ([!2143]) - Based on difficulties encountered with earlier RPC development, add an improved facility for RPC methods that can be invoked internally without serializing their inputs and outputs ([#1403], [!2152]) - Enforce consistent style and formatting on RPC method names. ([#823], [!2149]) - Other miscellaneous lower-level improvements to the RPC type system. ([!2124], [!2140], [!2142]) ### Other major features - If the circuit manager has retired all of its circuits, unconditionally retire all the circuits from the hidden service circuit pool. ([!2168]) ### Testing - Improved test layout in `tor-keymgr`. ([#1363], [!2125]) - Automate enforcement of our convention that scripts not be named with their implementation languages. ([!2153]) - Include script needed to generate `keymgr` test data. ([!2121]) - Add tests for vanguard state file serialization. ([!2167]) - Add a [Shadow] CI test involving an onion service that uses full vanguards. ([!2167]) - Add a test that ensures the hidden service circuit pool reads the vanguard mode from the configuration. ([!2168]) - Make the Shadow CI tests fail if any internal errors are reported in the logs. ([!2186]) ### Documentation - New example in arti-client for creating a one-hop circuit. ([!2148]) - Recommend `cargo --locked` in our examples, to encourage people to get audited versions of our dependencies. ([!2157]) - Clean up old changelogs to have a more uniform style, based on our updated `gen_md_links` script. ([!2126], [!2165]) ### Infrastructure - Disable automated Chutney tests in coverage CI. ([#1299], [!2120]) - Improve our `add_warning` script so that it can adjust our warnings during CI. Previously we used a compiler `--cfg` flag for conditional warnings, but unrecognized `cfg` flags now provoke a warning. ([#1395], [!2129]) - Use `add_warning` to maintain the list of lints in our examples. ([!2132]) - Improved scripts to list our crates, and publish our crates, to make accidents less likely while we're trying to release. ([#1390], [!2118], [!2138], [!2158]) - Improve our `gen_md_links` script to provide more uniform output, and generate its results in a more useful format. ([#1388], [!2126], [!2169]) - Ensure that our CI scripts delete unnecessary data on completion. (This helps keep us from running our infrastructure out of disk space and making the other gitlab users sad.) ([!2159]) - Adjust our license-checking code to accommodate license clarifications in `priority-queue` and `tinystr`. ([!2177]) ### Cleanups, minor features, and bugfixes - Resolve several Clippy warnings from the latest version of Rust. ([!2128]) - Clarify control-flow in our (currently convoluted) circuit reactor code. ([!2122]) - Refactor to avoid most use of `cfg(fuzzing)`. ([#1395], [!2134]) - The `DataStream` type now has a method to wait for a connection to complete. ([489aa72d1eee8a56]) - Clarify or resolve several dead-code warnings. ([#1383], [!2151]) - Explicitly enforce maxima on SENDME windows. (Formerly, we did this implicitly.) ([#1383], [!2150]) - Avoid the appearance of an infinite loop in `engage_padding_activities`. ([!2164]) - Refactor the `Channel` type to be more explicitly `Arc`, better documented, and to have less information shared between its front-end and reactor pieces. ([!2163]) - Refactor the `poll_ready` method on `ChannelSender` to have a more conventional interface. ([!2171]) - Replace debug assertions with internal errors in the post-build checks for vanguard circuits, to prevent issues such as [TROVE-2024-003] and [TROVE-2024-004]. ([!2167]) - When building vanguard circuits, ensure the target relay does not occur as one of the last two hops. ([!2186]] - Upgrade to the latest versions of [priority-queue]. ([!2177]) - Validate the properties of the circuits retrieved from the hidden service circuit pool. ([97868349ed695ec8]) - Fix hidden service circuit stubs sometimes being unnecessarily extended when lite vanguards are in use. ([#1458], [!2183]) - Refactor vanguards configuration handling to be less error-prone. ([#1456], [!2183]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Alexander Færøy, Gaba, Jim Newsome, juga, and pinkforest! Also, our deep thanks to [Zcash Community Grants] and our [other sponsors] for funding the development of Arti! # Arti 1.2.3 — 15 May 2024 Arti 1.2.3 fixes a high-severity issue affecting onion services and clients connecting to onion services with 'lite' vanguards (the default) enabled: when building anonymizing circuits to or from an onion service the circuit manager code would build the circuits with one hop too few. This makes users of this code more vulnerable to some kinds of traffic analysis when they run or visit onion services. This release also fixes a medium-severity issue affecting 'full' vanguards. With 'full' vanguards enabled, client HsDir circuits, client introduction circuits and service rendezvous-circuits are extended with an extra hop to minimize the linkability of the guard nodes. In some circumstances, the circuit manager would build circuits with one hop too few, making it easier for an adversary to discover the L2 and L3 guards of the affected clients and services. In Arti 1.2.1 and earlier, vanguards were still an experimental feature, or absent, so those versions are classified as "not affected", even though downgrading does not fix the security problem. ### Major bugfixes - Fix a high-severity issue affecting onion service circuits using 'lite' vanguards. Previously, with 'lite' vanguards enabled, any circuit to or from an onion service was one hop too short, making clients and services vulnerable to certain types of traffic analysis. This is also tracked as [TROVE-2024-003]. ([#1409]) - Fix a medium-severity issue affecting onion service circuits using 'full' vanguards. Previously, with 'full' vanguards enabled, *some* circuits to or from an onion service were one hop too short, making linkability attacks more likely to succeed. [TROVE-2024-004]. ([#1400]) [#1400]: https://gitlab.torproject.org/tpo/core/arti/-/issues/1400 [#1409]: https://gitlab.torproject.org/tpo/core/arti/-/issues/1409 [TROVE-2024-003]: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE [TROVE-2024-004]: https://gitlab.torproject.org/tpo/core/team/-/wikis/NetworkTeam/TROVE # Arti 1.2.2 — 30 April 2024 Arti 1.2.2 continues improvements on previous releases, by improving onion service security with [Vanguards]. This release also includes an as-yet-unused backend to help resist memory-exhaustion attacks, and numerous other smaller improvements. ### Breaking changes in lower-level crates - Refactor our [`Relay`] code to move low-level information into a [`RelayDetails`] type. ([#504], [!2057], [!2073]) - The internal API for the RPC object system has been greatly revised. ([!2079]) ### Network updates - Update to use the new identity key for the `tor26` directory authority. ([!2080]) ### Major bugfixes - Fix an inadvertent recursion bug when converting ` TorAddrError` to `arti_client::Error`. ([#1379], [3f2dcaca31992018f825]) - Improve reliability of bootstrap status reporting. ([!2107]) ### Onion service development - Arti now supports [Vanguards] for improved security against guard discovery for onion service circuits. By default, we use the `vanguards-lite` algorithm; the `vanguards-full` algorithm can be configured. ([#1272], [#1273], [#1275], [#1340], [#1353], [#1364], [#1366], [!2075], [!2082], [!2083], [!2088], [!2090], [!2093], [!2099], [!2102], [!2104], [!2105], [!2109], [!2111]) - Export `KeyMgrBuilderError` as a public type, to help external code construct its own [`KeyMgr`]. ([!2078]) - Initial implementation for an in-memory ephemeral key store, which will be useful in implementing ephemeral onion services. ([#1358], [!2076]) - Fix a bug that prevented reporting of onion service status updates. ([#1361], [!2086]) - Fix a bug that would cause onion service circuit pools to pre-build fewer circuits than actually desired. ([!2101]) ### RPC development - The RPC object system has been refactored to use `derive-deftly` and an improved system of method invocation. Together, these changes make it easier to write RPC methods, and allow support for RPC methods on generic types. ([#838], [#1380], [!2079], [!2084], [!2103]) ### Other major features - Convert to use [`figment`] instead of [`config-rs`] as our configuration backend, for improved error messages. ([#1267], [#1268], [!2041]) - New `tor-memquota` backend crate to keep track of our memory usage, and to help us react appropriately when we are out of memory. We will use this as part of our DoS-resistance system. ([#1381], [!2091], [!2100]) ### Documentation - Add cross-references to explain limitations of [`NetDir::by_ids`]. ([#1365], [!2081]) - Fix a link to our Code of Conduct. ([!2085]) - Miscellaneous documentation fixes. ([!2087]) - Document some tricky assumptions and requirements in `tor-proto`'s circuit reactor code. ([#1373], [!2089]) - Improve documentation and license presence for our two LGPL-licensed crates. ([#1375], [!2094], [!2106]) ### Testing - Add high-level tests for pluggable transport configuration. ([#1333]) ### Infrastructure - Adjust our license-checking code to accommodate license clarifications in `rustls-webpki` and `option-ext`. ([!2070]) - Fix compilation breakage in our relaymsg fuzzing code. ([#1349], [!2069]) - Add an option to the `fuzz_it_all` script for it to run only against the static corups. ([#1350], [!2071]) ### Cleanups, minor features, and bugfixes - Remove unused dependencies from several crates. ([!2068]) - Expose `BridgesConfig` from `TorClientConfig` so it can be inspected by other modules. ([c5a91130fff6af25]) - Refactor code for scheduling events in onion service code. ([#1259], [!2064]) - Update our code to use [`derive-deftly`], formerly called `derive-adhoc`. ([!2066]) - Refactor `same_relay_ids` to be automatically derived. ([!2072]) - Refactor `StreamMap`'s stream-counting code to be less error-prone. ([#1344], [!2058]) - Add an experimental method to expose the HS circuit pool from `TorClient`. ([!2077]) - Clean up new warnings from the nightly version of Clippy. ([!2096], [!2097]) - Upgrade to rustls version 0.23. ([#1377], [!2095]) - Suppress or resolve some dead-code warnings. ([!2098]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Alexander Færøy, Jim Newsome, Richard Pospesel, trinity-1686a, Wiktor Kwapisiewicz, and VaiTon. Also, our deep thanks to [Zcash Community Grants] and our [other sponsors] for funding the development of Arti! # Arti 1.2.1 — 2 April 2024 Arti 1.2.1 continues development on onion services, and adds several important security features. More such improvements are on the way. See [`doc/OnionService.md`] for instructions and caveats about running onion services with Arti today. This release also adds support for [unmanaged pluggable transports][#755], and begins work to improve Tor's relay cell protocol with support for [packed and fragmented messages][prop340]. ### New versioning policy Starting with this version, we are no longer independently tracking breaking and non-breaking version changes for the `arti-client` crate and each of the `tor-*` crates below it. Instead, we will _assume_ that every release of these crates breaks API compatibility with the one before, and update our semantic versioning accordingly. (We will continue not to make gratuitous API compatiblity breaks on purpose.) Previously, our efforts to track which changes in these crates were breaking and which were not created a great deal of overhead in our development process, and tended to be somewhat error-prone. This change affects developers only; users should not be affected. This does not affect crates already at version `1.x` or higher, or published utility crates whose names don't start with `tor-` or `arti-`. See [`doc/Semver.md`] for more information on this policy. ([#1005], [!2051]) ### Breaking changes in lower-level crates - Refactored `tor-config` to hide implementation details. This will eventually allow us to migrate from `config-rs` to a configuration provider with better error handling. ([!2040]) - Renamed several types in `tor-ptmgr` to reflect new support for unmanaged pluggable transports. ([d63d966d79f0f988]) - The `tor_circmgr::path` module is now crate-private. ([4c1eb94173521bc5]) - The [`Runtime`] trait now includes functionality for "coarse" time, backed (by default) by the [`coarsetime`] crate. We use these timestamps in cases where we need fast time checking more than precision. Putting them into `Runtime` lets us replace them with mock functions for testing purposes. ([!2050], [!2052]) - The `tor-cell` relay cell API is significantly revised. ([!2034], [!2045], [prop340]) - The `allow_stream_requests()` method in `tor-proto` now takes an extra argument. ([!2047]) ### Onion service development - Reorganize onion service code, to remove an unnecessary (and inconsistently used) internal module, to simplify needless imports, and to generally tidy up the implementation. ([#1212], [!2020]) - Avoid using `futures::oneshot`: our own `tor_basic_utils::oneshot` is safer to use when `select!` may be involved. ([95ed432c13c2c4b2]) - Design work for out-of-memory handling, which is necessary for onion service security. ([!1997]) - Onion services have now support a `max_concurrent_streams_per_circuit` option. ([#1124], [!2047]) - Initial implementation work for onion service [vanguards], which are needed to improve onion service security. This is not yet complete. ([#1272], [#1275], [#1276], [#1277], [#1340], [!2035], [!2038], [!2046], [!2049], [!2053]) ### Other major features - New relay cell decoding API, in order to eventually handle packed and fragmented messages. ([!2034], [!2045], [prop340]) - We now support unmanaged pluggable transports. Previously, Arti only supported _managed_ pluggable transports: that is, ones that it launched itself. Now you can configure Arti to use a pluggable transport running at a known SOCKS port. ([#755], [!2043]) ### Documentation and examples - Improve windows documentation in `fslock-guard` and `test-temp-dir`. ([!2011]) - More documentation for our internal build and release tools. ([!2028]) - Fixed broken links in the documentation for `NetParameters`. ([!2054]) - Fixed the disclaimer about onion services in our configuration file. ([!2055]) ### Testing - More unit tests in `fslock-guard`. ([!2013]) - More tests for `arti_client::address`. ([!2029]) ### Cleanups, minor features, and bugfixes - We've fixed a bug in our arguments parser that previously caused `arti` to panic when run without arguments. ([#1311], [!2021]) - The `tor-checkable` module now uses checked time arithmetic, to avoid overflows or panics when extending tolerances. ([!2031]) - We now enforce Clippy's [`unchecked_duration_subtraction`] lint by default. ([#1304], [!2008]) - Refactor configuration watcher to receive a `Runtime`. Previously it took an entire `TorClient`, unnecessarily. ([!2017]) - We now ban `std::Path::display`, since it is lossy in an easy-to-overlook way. We've given it a `PathExt::display_lossy` implementation to be used instead. ([!2027]) - The `tor-bytes` module now behaves more sensibly (typically panicking) if someone tries to use `write_zeros` to extend a buffer beyond `usize::MAX`. Previously it might truncate its buffer. ([!2033]) - Refactoring and improvements on the `BackoffSchedule` logic. ([#1259], [!2024]) - Moved logic for picking relays into a new `tor-relay-selection` crate, to avoid duplicated code and the risk of missing necessary checks when picking or examining relays. ([#504], [#789], [!2002]) - Clarify implementation of onion service timeout calculation logic, to avoid possible confusion about the `hs_hops` variable. ([#1332], [!2044]) - Simplified logic and API for creating relay encryption layers. ([!2048]) - Various typo fixes in comments and messages. ([!2030], [!2032], [!2036]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Alexander Færøy, Brady Fomegne, Dimitris Apostolou, Jim Newsome, Neel Chauhan, Tobias Stoeckmann, and trinity-1686a. Also, our deep thanks to [Zcash Community Grants] and our [other sponsors] for funding the development of Arti! # Arti 1.2.0 — 4 March 2024 Arti 1.2.0 continues work on support for running onion services. You can now launch an onion service and expect it to run, although you may well encounter bugs. We have fixed a number of bugs and security issues, and have made the `onion-service-service` feature non-experimental. In the next releases, we will focus on implementing the missing security features and on improving stability. Don't rely on this onion service implementation for security yet; there are a number of [missing security features] we will need to develop before we can recommend them for actual use. See [`doc/OnionService.md`] for instructions and caveats. ### Major bugfixes - Empty DATA messages are a way to inject an undetected traffic signal, so we now reject empty DATA messages, and prevent them from being constructed through the [`tor-cell`] API. This is tracked as [TROVE-2024-001]. ([!1981], [#1269]) ### Breaking changes in lower-level crates - In [`tor-circmgr`], `Error::GuardNotUsable`, `Error::CircTimeout`, and `Error::Protocol` now contain the process-unique identifier of the circuit that caused the error. ([!2003]) - In [`tor-hsclient`], remove `HsClientNickname` and the nickname argument from `HsClientDescEncKeypairSpecifier::new`. ([!1998], [#1283]) - In [`tor-hsrproxy`], add a `String` representing the error message to `ProxyConfigError::UnrecognizedTargetType`, `ProxyConfigError::InvalidTargetAddr`, `ProxyConfigError::InvalidPort` ([!1973], [#1266]) - In [`tor-hsservice`], remove the unimplemented `max_concurrent_streams_per_circuit` configuration option from `OnionServiceConfigBuilder`. We may implement and reinstate it in a future release. ([!1996]) - In [`tor-keymgr`], rename `KeyInfoExtractor` to `KeyPathInfoExtractor`. ([bd85bffd0a388f57]) - In [`tor-keymgr`], rename `{to,from}_component()` to `{to,from}_slug()`. ([1040df929f643a2f]) ### Onion service development - Improve the key manager APIs. ([!1952], [#1115]) - Add more context to [`tor-hsrproxy`] configuration error messages. ([!1973]) - Design an API for vanguards. ([!1970]) - Make the descriptor publisher conform with the specification, by periodically republishing the hidden service descriptor. This fixes a serious reachability bug. ([!1971], [#1241], [#1280]) - Rotate old introduction point relays even if they are not working. ([72c021555e1095f1]) - Expire old on-disk introduction point state. ([!1977], [!1982], [#1198]) - Expose `HsNickname::new`. ([f3720ac2c0f16883]) - Design the client and service configuration, and a CLI subcommand, for hidden service client authorization. ([!1987]) - Improve the ergonomics of our key listing and removal APIs. ([!1988], [#1271]) - Include the `ArtiPath` in key path errors. ([!1960], [#1115]) - Improve circuit error logging by including the process-unique identifier of the circuit in error messages. ([!2003], [#1297]) - Improve status reporting from onion services. ([!1966], [#1083]) - Design an API for bandwidth rate limiting. ([!1965]) - Improve descriptor publisher error reporting. ([!1991]) - Remove the client nickname from onion service client key specifiers. ([!1998], [#1283]) - When reconfiguring an onion service, reject any changes that are inappropriate or would put the service in a bad state. ([!1996], [#1209]) - Remove the keystore directory configuration option, pending design work relating to RPC and multi-user Arti. ([!1995], [#1202]) - Mark `onion-service-service` and every feature it depends on as non-experimental. ([!1993], [#1182]) - Fix a bug that prevented the descriptor publisher from fully processing the results of publish tasks, causing it to republish the descriptor unnecessarily in some circumstances. ([!1983]) ### Other major new features in our Rust APIs - [`tor-persist`] now provides new `state_dir` APIs for instance iteration and expiry needed for onion service state expiry. ([!1968], [#1163]) ### Documentation and examples - Fix the casing of our recognized key paths. ([1a900081e945679e]) - Minor updates to the release process. ([!1959], [!1963]) - Fix typos in the [`tor-guardmgr`] README. ([!1980]) - Reword the [`tor-keymgr`] README for clarity. ([489a2555f28daa6d]) - Update onion service documentation. ([!1994], [#1287]) - Clarify the onion service configuration instructions from `doc/OnionService.md`, remove unsupported "unix:" example ([!1972], [#1266]) ### Testing - Improve replay log fork test. ([!1974], [!2010], [#1264]) - In the introduction point manager tests, avoid reusing the RNG seed. ([b515baf27f194470]) - Our [Shadow] CI tests now use the latest versions of `shadow` and `tgen`, and no longer pull `libigraph` from bullseye. ([!1958]) - Upgrade docker image for reproducible builds. ([!2016]) - Fix several tests on Windows. ([!2015]) ### Cleanups, minor features, and bugfixes - Allow overriding `cargo` in [`semver-checks`]. ([83c29b0d805f908e]) - Introduce a [`list_crates_publish`] script. ([b03e5d5e11c52faf]) - Fix compilation with musl. ([!1961], [#1264]) - Add `fixup-features` to the main workspace, make various improvements to `fixup-features`, `check_toposort`, `list_crates` ([!1969], [#1263]) - Use `std::default::Default` instead of [educe]'s `Default` in a number of places in preparation for the upgrade to educe 0.5. ([!1975], [#1257]) - Require the Fast and Stable flags as appropriate. ([!1976], [#1100]) - Refactor and improve error hinting in [`arti`] and [`arti-client`]. ([!1986], [#1165]) - Do not output ANSI escape codes when logging to file. ([!1999], [#1298]) - Upgrade our dependency on [curve25519-dalek] from 4.1.1 to 4.1.2 ([!2000]) - Upgrade to the latest versions of [event-listener], [rusqlite], [async-broadcast], [signature], [config]. ([!2001], [!2004], [!2451]) - Fix `ArtiPath` creation on Windows. ([!2012]) - Fix compilation and warnings on Windows. ([!2014], [!2009]) - Gate `RpcConfig` behind `rpc` feature. ([6c9e70e39ab279aa]]) ### Acknowledgments Thanks to everybody who's contributed to this release, including Alexander Færøy, Jim Newsome, Tobias Stoeckmann, and trinity-1686a. Also, our deep thanks to [Zcash Community Grants] and our [other sponsors] for funding the development of Arti! # Arti 1.1.13 — 5 February 2024 Arti 1.1.13 continues work on support for running onion services. You can now launch an onion service and expect it to run. We have fixed a number of bugs. The user experience is still not great, and the onion-service-service feature is still experimental. We have reorganised the on-disk state and key storage, to make it more sensible; we hope (but don't promise!) it's now the final layout. Don't rely on this onion service implementation for security yet; there are a number of [missing security features] we will need to develop before we can recommend them for actual use. See `doc/OnionService.md` for instructions and caveats. ### Breaking changes in lower-level crates - [`tor-hsclient`]\: Replaced `HsClientKeyRole`, `HsClientSecretKeySpecifier` with `HsClientDescEncKeypairSpecifier`. Renamed `HsClientSpecifier` to `HsClientNickname`. ([!1864], [!1931]) - [`tor-hscrypto`]\: `AesOpeKey::encrypt` now takes a `SrvPeriodOffset`; Replaced `TimePeriodOffset` with `SrvPeriodOffset`; Removed `TimePeriod::offset_within_period`. ([!1904], [#1166]) - [`tor-netdir`]\: `hs_dirs_download` parameters changed; `hs_intro_*_lifetime` parameters renamed. ([!1903], [!1904], [#1254]) ### Onion service development - Complete overhaul of the way the hidden service code stores non-key persistent state. Pathnames have changed as a result. ([!1853], [#1183], [!1941]) - Many improvements to keystore, key and `KeySpecifier` handling, including incompatible changes to on-disk key paths. ([!1864], [!1863], [!1883], [#1260], [!1949], [#1074], [!1948]) - Fix "service fails after approx 12 hours" bug. ([#1242], [!1901]) - Fix time period processing bugs including `HSS: "internal error" "current wallclock time not within TP?!"`. ([#1155], [#1166], [#1254], [!1903], [!1904], [!1914]) - Correctly rate-limit descriptor publication. ([!1951]) - Fixes to services shutdown. ([!1875], [!1895], [!1897], [#1236], [!1899], [!1917], [!1921]) - Improve error and corner case handling in descriptor publisher. ([!1861]) - Work on expiring keys: we expire descriptor keys now (although we don't actually properly delete all keys when we need to, yet). ([!1909]) - Only choose Stable relays for introduction points. ([!1884], [#1240], [#1211]) - Better handling of introduction point establishment failures. ([!1889], [!1915]) - Better handling of anomalous situations (including excessive requests) on introduction circuits. ([#1188], [#1189], [!1892], [!1916]) - Tolerate `INTRO_ESTABLISHED` messages with (unknown) extensions. ([!1898]) - Correct and improve various timing and tuning parameters. ([!1911], [!1924]) - Improve status reporting from hidden services. ([!1902]) - Public API of `tor-hsservice` crate overhauled. ([#1227], [#1220], [!1887]) - Mark lower-level hs-service features non-experimental. ([!1908]) - Defend against partial writes of introduction point replay log entries. ([!1920]) - Corrections to error handling, including to handling of introduction point failures, and attempts to launch the same service concurrently. ([!1906], [#1237], [#1225], [#1255]) - Detect and reject configurations with onion services, when onion-service-server support has been compiled out. ([!1885], [#1184]) - Temporarily disable parsing of AF_UNIX socket addresses (which aren't implemented right now anyway). ([!1886]) - Rate limit one log message, downgrade one, and remove another. ([!1871], [!1951]) - Add higher-level documentation to tor-hsservice (and fix a broken docs link). ([!1918], [!1945]) - Hide the `OnionServiceState` type. ([!1946], [#1261]) - Many internal cleanups including much triage of TODO comments in the code. ([!1859], [!1862], [!1861], [!1868], [!1866], [!1863], [!1870], [!1874]) ([!1872], [!1869], [!1876] !1867 [!1873], [!1877], [!1878], [!1875]) ([!1879], [!1882], [!1881], [!1880], [!1894], [!1888], [!1887], [!1896]) ([!1864], [!1951]) ### Other major new features in our Rust APIs - New `fslock-guard` crate for on-disk lockfiles which can be deleted, and which have a Rust API that returns a guard object. [fslock!15](https://github.com/brunoczim/fslock/pull/15) !1900 !1910 - `tor-persist` has a `Slug` type which is used for nicknames, key paths, etc., un…
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
x86_64-unknown-linux-gnux32
compiled fine with 0.4.4, but no longer does 0.4.5.I don't actually use that target, but it happened to be in our CI, so i'm letting you know.
The text was updated successfully, but these errors were encountered: