# # spec file for package libsignal # # Copyright (c) 2024 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # #Both electron and webrtc require SSE2 on the x86 port. So we can require SSE2 on all other code, too. %ifarch %ix86 ExclusiveArch: i586 i686 BuildArch: i686 %{expand:%%global optflags %(echo "%optflags") -march=pentium4 -mtune=generic} %{expand:%%global build_rustflags %(echo "%build_rustflags") -C target-cpu=pentium4 -Z tune-cpu=generic} %endif %global __provides_exclude ^lib.*\\.so.*$ Name: libsignal Version: 0.87.1 Release: 1.1 Summary: Signal protocol and cryptographic libraries License: AGPL-3.0-only AND Apache-2.0 AND BSD-3-Clause AND ISC AND MIT AND OpenSSL Group: System/Libraries Url: https://github.com/signalapp/libsignal/ # Source0: https://github.com/signalapp/libsignal/archive/refs/tags/v%{version}.tar.gz Source1: vendor.tar.zst Patch0: build_node_bridge-inject-options.patch # fix rust breaking gcc LTO Patch10: boringssl-sys-no-static.patch Patch24: libsignal-client-visibility-hidden.patch Patch27: cc-link-lib-no-static.patch Patch30: ring-no-static.patch # Patch32: dns_lookup-test-bsc1241387.patch # BuildRequires: cargo #see node_modules/@signalapp/libsignal-client/vendor/boring-sys/build.rs BuildRequires: git-core %if 0%{?suse_version} >= 1650 || 0%{?fedora} BuildRequires: gcc >= 14 BuildRequires: gcc-c++ >= 14 %else %if 0%{?suse_version} >= 1550 BuildRequires: gcc15-PIE BuildRequires: gcc15-c++ %else BuildRequires: gcc14-PIE BuildRequires: gcc14-c++ %endif %endif BuildRequires: jq # support for `optional` keyword is now required %if 0%{?fedora} BuildRequires: protobuf-compiler %endif BuildRequires: protobuf-devel >= 3.15 BuildRequires: pkgconfig(zlib) %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150700 || 0%{?fedora} %define PYVER 3 %else %define PYVER 3.11 BuildRequires: python311-base %endif BuildRequires: clang %if 0%{?fedora} BuildRequires: rust-srpm-macros %else BuildRequires: cargo-packaging >= 1.2.0+3 BuildRequires: cargo-auditable %endif BuildRequires: cmake BuildRequires: zstd Conflicts: signal-desktop < 7.15 # %description libsignal contains platform-agnostic APIs used by the official Signal clients and servers. This package contains the NodeJS native module used by `signal-desktop` and is not intended to be used outside that application. %prep %autosetup -p1 -a1 # https://blogs.gnome.org/mcatanzaro/2020/05/18/patching-vendored-rust-dependencies/ for i in \ boring-sys \ prost-build \ libloading \ bindgen \ rustix \ blake2 \ cc \ serde_derive \ ring \ aes-gcm \ aes-gcm-siv \ chacha20poly1305 \ libz-sys \ vcpkg \ ; do pushd vendor/$i jq -cj '.files={}' .cargo-checksum.json >tmp && mv tmp .cargo-checksum.json && popd done mkdir %{_builddir}/path #AWFUL HACK: Custom cmake wrapper to override CFLAGS because -g -O2 seems to get stripped by Rust no matter what i do otherwise #Compare openSUSE macros.cmake cat <<"EOF" > %{_builddir}/path/cmake #!/bin/bash if [[ "$1" = --build ]]; then exec %{_bindir}/cmake "$@" fi exec %{_bindir}/cmake "$@" -DCMAKE_C_FLAGS="${CFLAGS}" \ -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \ -DCMAKE_EXE_LINKER_FLAGS="$LDFLAGS -Wl,--as-needed -Wl,--no-undefined -Wl,-z,now" \ -DCMAKE_MODULE_LINKER_FLAGS="$LDFLAGS -Wl,--as-needed" \ -DCMAKE_SHARED_LINKER_FLAGS="$LDFLAGS -Wl,--as-needed -Wl,--no-undefined -Wl,-z,now" EOF cat %{_builddir}/path/cmake chmod +x %{_builddir}/path/* %build %if 0%{?suse_version} >= 1650 || 0%{?fedora} export CC=gcc export CXX=g++ export AR=gcc-ar export NM=gcc-nm export RANLIB=gcc-ranlib %else %if 0%{?suse_version} >= 1550 export CC=gcc-15 export CXX=g++-15 export AR=gcc-ar-15 export NM=gcc-nm-15 export RANLIB=gcc-ranlib-15 %else export CC=gcc-14 export CXX=g++-14 export AR=gcc-ar-14 export NM=gcc-nm-14 export RANLIB=gcc-ranlib-14 %endif %endif export RUSTFLAGS="%{build_rustflags} --verbose -Clinker=$CXX" export RUSTC_LOG='rustc_codegen_ssa::back::link=info' export RUST_BACKTRACE=1 export CARGO_TERM_VERBOSE=true # https://github.com/Firstyear/cargo-packaging/pull/10 export CARGO_INCREMENTAL=0 # upstream build script iterates over this, it can be empty mkdir -pv ~/.cargo/registry/src %if 0%{?suse_version} auditable='--auditable' %endif #[ 114s] npm ERR! error[E0554]: `#![feature]` may not be used on the stable release channel #[ 114s] npm ERR! --> /home/abuild/rpmbuild/BUILD/Signal-Desktop-5.55.0/node_modules/@signalapp/libsignal-client/vendor/polyval/src/lib.rs:80:5 export RUSTC_BOOTSTRAP=1 export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export MAKEFLAGS="%{_smp_mflags}" # use correct hardening defines also when generating headers for Rust # this does not (currently) affect the compiled binary at all but better safe than sorry # -fvisiblity=default works around a bug in bindgen export BINDGEN_EXTRA_CLANG_ARGS="$(echo " $CXXFLAGS " | sed 's/ -mtls-dialect=gnu2 / /') -fvisibility=default" export LDFLAGS="%{?build_ldflags}" # The `cc` crate tries to be too clever and passes some default cflags to cmake. # Disable these and use only the ones from CFLAGS env. variable export CRATE_CC_NO_DEFAULTS=1 # Ensure cmake gets the RelWithDebInfo profile export CARGO_PROFILE_RELEASE_DEBUG=2 # make cmake louder? export VERBOSE=1 export V=1 # make `ring crate` output build log export CC_ENABLE_DEBUG_OUTPUT=1 export RUSTDOCFLAGS="$RUSTFLAGS" python%PYVER ./node/build_node_bridge.py $auditable %install #It does not actually matter what the library is named as long as it's in the correct directory install -pvDm755 target/release/libsignal_node.so \ %{buildroot}%{_libexecdir}/signal-desktop/node_modules/@signalapp/libsignal-client/build/Release/signal_node.node %check pushd %{buildroot}%{_libexecdir}/signal-desktop #detect underlinking — compare electron_check_native macro pushd %{buildroot}%{_libexecdir} find . -name '*.node' -print0 | xargs -0 -t -IXXX sh -c '! ldd -d -r XXX | \ grep '\''^undefined symbol'\'' | \ grep -v '\''^undefined symbol: napi_'\'' ' popd # Sanity check that we did not mistakenly link system openssl instead of boringssl # since they have the same name and a similar set of exported symbols objdump -p node_modules/@signalapp/libsignal-client/build/Release/*.node >%{_builddir}/objdump cat %{_builddir}/objdump ! grep -F libcrypto %{_builddir}/objdump ! grep -F libssl %{_builddir}/objdump popd #rust tests %if 0%{?suse_version} >= 1650 || 0%{?fedora} export CC=gcc export CXX=g++ export AR=gcc-ar export NM=gcc-nm export RANLIB=gcc-ranlib %else %if 0%{?suse_version} >= 1550 export CC=gcc-15 export CXX=g++-15 export AR=gcc-ar-15 export NM=gcc-nm-15 export RANLIB=gcc-ranlib-15 %else export CC=gcc-14 export CXX=g++-14 export AR=gcc-ar-14 export NM=gcc-nm-14 export RANLIB=gcc-ranlib-14 %endif %endif export RUSTFLAGS="%{build_rustflags} --verbose -Clinker=$CXX" export RUSTC_LOG='rustc_codegen_ssa::back::link=info' export RUST_BACKTRACE=1 export CARGO_TERM_VERBOSE=true export CARGO_INCREMENTAL=0 %if 0%{?suse_version} auditable='--auditable' %endif export RUSTC_BOOTSTRAP=1 export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export MAKEFLAGS="%{_smp_mflags}" export BINDGEN_EXTRA_CLANG_ARGS="$(echo " $CXXFLAGS " | sed 's/ -mtls-dialect=gnu2 / /') -fvisibility=default" export CRATE_CC_NO_DEFAULTS=1 export CARGO_PROFILE_RELEASE_DEBUG=2 export VERBOSE=1 export V=1 export CC_ENABLE_DEBUG_OUTPUT=1 export LDFLAGS="%{?build_ldflags}" export RUSTDOCFLAGS="$RUSTFLAGS" python%PYVER ./node/build_node_bridge.py $auditable --check %files %defattr(-,root,root) %doc README.md RELEASE_NOTES.md %license LICENSE acknowledgments/acknowledgments.html %{_libexecdir}/signal-desktop %changelog * Wed Feb 18 2026 Bruno Pitrus - Update to version 0.87.1 for Signal 7.90.0 * Make ROOT_KEY_MAX_BYTES_FOR_SHO visible to the outside world * Expose "grpc.AccountsAnonymousLookupUsernameHash" remote config key. When enabled, the typed chat API `lookUpUsernameHash` will use gRPC instead of the default websocket-based implementation. This has no effect if "useH2ForUnauthChat" is unset, or if an H2 connection cannot be established for some other reason. * Remove PublicKey ordered comparison * Update dependencies * Thu Feb 12 2026 Bruno Pitrus - Update to version 0.86.16 for Signal 7.89.0 * SVR2: update production enclave * SVRB: add new production enclave to `current` set * Add accountExists() typed API * backups: Support for key transparency fields * Backup validator: validate group member labels * Limit the number of call link root key bytes used for CallLinkSecretParams derivation. * updated SVR2 and SVRB enclave configurations * Thu Jan 29 2026 Bruno Pitrus - Update to version 0.86.12 for Signal 7.87.0 * Adds the "useH2ForUnauthChat" remote config, for experimenting with running unauthenticated chat connections over H2. * Update to latest libcrux-ml-kem and spqr crates, addressing gh#signalapp/libsignal#641. * net: Address issue with TLS proxy connectivity when using certain kinds of TLS certificates * Backup validator: Blocks and unblocks in the Release Notes chat are no longer considered errors. * Backup validator: Errors about absent oneofs now mention whether the message also contained fields that libsignal doesn't know about. * Thu Jan 15 2026 Bruno Pitrus - Update to version 0.86.9 for Signal 7.85.0 * When chat connections fail and the server's TLS response suggests a captive network or similar, there's now a dedicated error: PossibleCaptiveNetworkError * Added `Net(work).connectProvisioning` and `ProvisioningConnectionListener`. Provisioning connections are used when linking secondary devices. * backups: Allow polls in 1:1 chats and increase question size limit * backups: Support pinned messages * backups: Add 'allow sealed sender from anyone' setting to AccountSettings * Usage of Nagle's Algoirthm is now configurable for `Network` with the 'disableNagleAlgorithm` Remote Config paramater. * keytrans: Fall back to search-with-version if self-monitor returns unexpected versions. * chat: Fixed parsing of 409/410 responses for sendMultiRecipientMessage. * backups: Support latest backup.proto definitions * Thu Dec 11 2025 Bruno Pitrus - Update to vers ion 0.86.3 for Signal 7.82.0 * backups: Allow "tombstones" from view once messages in takeout exports * backups: Refactor `BackupJsonExporter` for easier consumer usage * backups: Include more account fields into the exported JSON * backups: Throw validator errors if multiple contacts have the same username (a case-insensitive check) * backups: Add 'pinReminders' setting field to AccountSettings * backups: Add bioText & bioEmoji fields to AccountData * Rust: All serializable zkgroup types are now marked as Clone, since you could get the same effect from serializing and deserializing. * Backups / SVRB - add support for multiple SVRB backends when new enclaves need to roll out. * Backup validator: count grapheme clusters instead of characters in poll strings. * Incremental MAC validation now checks up front that the digest list is at least structurally valid (a concatenation of digests of the correct length). This was already being checked implicitly, but produced an obtuse error. * backups: The consolidated away wifiAutoDownloadSettings is now treated as unknown. * backups: Support poll reactions. * keytrans: Verify signatures from all auditors * Thu Oct 16 2025 Bruno Pitrus - Update to version 0.83.0 for Signal 7.75.0 * backups: Support polls in backup validator * spqr: Remove client-provided options to turn on/off SPQR, defaulting to on everywhere. * keytrans: Unify errors with other typed APIs * Locally-closed WebSocket connections now explicitly send close code 1000 instead of an empty close frame * net: Direct connections to the Signal servers will be tried as a fallback if connecting through an HTTP or SOCKS proxy fails or takes too long. - Leap: build with gcc >=14 - Fix broken underlinking test - Fix ftbfs with new rust * Thu Oct 2 2025 Bruno Pitrus - Update to version 0.81.1 for Signal 7.73.0 * Enable negotiating permessage-deflate support for chat websocket connections, if configured. * Net: remove Noise connection shadowing for staging Chat websocket connections. * Thu Sep 25 2025 dziobian - Update to version 0.81.0 for Signal 7.72.0 * KyberPreKeyStore.markKyberPreKeyAsUsed now takes three arguments, to allow tracking how the pre-key is used: the Kyber pre-key ID, the signed EC pre-key ID, and the session base key. * We now always defer to an HTTP/HTTPS proxy for DNS resolution. * backups: Add logging to BackupAuthCredentialRequestContext_ReceiveResponse internals * Sealed sender SenderCertificates can now use a `bytes` representation for the sender, and may avoid embedding their signing ServerCertificate in favor of referencing a "known" certificate baked into libsignal. See sealed_sender.proto and the `KNOWN_SERVER_CERTIFICATES` list in the source for more details. * Fri Sep 19 2025 Bruno Pitrus - Update to version 0.80.0 for Signal 7.71.0 * backups: relax restriction that backups with backup_tier == free cannot have backupsSubscriberData * Migrate crates to Rust 2024 edition. * Desktop: add a distinct error type for incremental mac verification failures. * The first "Typed API" service interface for chat-server, UnauthUsernamesService, has been added to libsignal's app layer. * The libsignal-net remote config option `chatRequestConnectionCheckTimeoutMillis` controls a new check: if a chat request hasn't been responded to in this amount of time, libsignal will check if the connection is using the preferred network interface, and close it early if not. * backups: Validate quote body length * Rust: libsignal-protocol's fingerprint-related operations have a dedicated error type now, FingerprintError, rather than reusing SignalProtocolError. * backups: validate presence of `OutgoingMessageDetails.dateReceived`, remove deprecated BackupLocator/AttachmentLocator/LocalLocator * Thu Aug 28 2025 Bruno Pitrus - update to version 0.78.3 for Signal 7.68.0 * keytrans: Distinguish self-monitoring from monitoring for others * Net: Shadow Chat websocket connections in staging with Noise Direct connections when enabled via remote config. * Thu Aug 21 2025 Bruno Pitrus - update to version 0.78.2 for Signal 7.67.0 * BackupForwardSecrecyTokens can now be used to derive MessageBackupKeys. * Downgraded some networking-related error logs to warnings. * SVR-B: Operations have been consistently renamed to `store` and `restore`. * SVR-B: `restore` now returns an object containing both the BackupForwardSecrecyToken for decryption, and "secret data" to be used in the first `store` after restoration. * `SvrB` now has a `createNewBackupChain` method, allowing you to locally persist the backup "secret data" *before* the first store to SVR-B for a fresh install. * SVR-B:With the first two changes, the secret data argument to `restore` is now required. See doc comments for more details. * backups: Add support for call link epochs. * Rust: libsignal_net_infra::ws2 has been merged into libsignal_net_infra::ws, with Connection and Config included directly and helper types available under ws::connection. The old ws::WebSocketConfig has been removed. Other Changes ------------- - Rust: `SessionRecord::has_usable_sender_chain` now takes an additional parameter to specify which criteria make a session "usable" beyond simply *having* a sender chain. The previous behavior can be requested by using `SessionUsabilityRequirements::NotStale`. * Thu Jul 31 2025 Bruno Pitrus - update to version 0.76.7 for Signal 7.64.0 * The backup validator accepts the new "forward secrecy" format as well as the existing "ciphertext only" format. * Added support for new CDSi and SVR2 enclaves. * Added HPKE operations to (EC)PublicKey---`seal`---and PrivateKey---`open`. * Tue Jul 22 2025 Bruno Pitrus - update to version 0.76.4 for Signal 7.63.0 * Making a chat connection now accepts a list of language codes, which will set the default language to be used for any requests on that connection if provided. * Thu Jul 10 2025 Bruno Pitrus - update to version 0.76.0 for Signal 7.61.0 * X3DH handling has been removed from libsignal; X3DH PreKey messages will now be rejected as invalid. * Node: All APIs now use Uint8Array instead of Buffer. This is a breaking change if you were relying on any of the APIs added to Buffer on top of Uint8Array, including the diverging behavior of `slice()` and `toString()`. * Require that device IDs in protocol addresses be in the range [1, 127]. This is a breaking change. * backups: Update validation to reject EncryptedDigest with no transit info * backups: Validate new backupTier field * The net-related RequestedInformation type has been renamed to ChallengeOption, and in some cases relocated, to reflect its broader usage. The cases within the type have not been changed. - drop remove-message-backup-test.patch * Fri Jul 4 2025 Bruno Pitrus - build_node_bridge-inject-options.patch: fix broken debuginfo - libsignal-client-visibility-hidden.patch: replace hack with an upstreamable solution * Sat Jun 28 2025 Bruno Pitrus - libsignal-client-visibility-hidden.patch: fix FTBFS with rust 1.88 * Thu Jun 26 2025 Bruno Pitrus - update to version 0.74.1 for Signal 7.59.0 * Support for starting sessions with pre-quantum X3DH has been removed. PQXDH will be required going forward. * Backups: the now-deprecated remote content locator fields are ignored and the new FilePointer.locator_info field must be set. * keytrans: Bridge to ffi * Integrate post-quantum ratchet in opt-in mode. * backups: Add integrityCheck to LocatorInfo - remove tcp_ssl-test-requires-network.patch * Wed May 28 2025 Bruno Pitrus - update to version 0.72.1 for Signal 7.56.0 * Unnecessary prefixes have been removed from file paths in log output. * CDSI: fix handling of rate-limit-exceeded error to correctly parse the server-requested delay. - Drop cdsi-test-requires-internet.patch - Add tcp_ssl-test-requires-network.patch * Wed May 21 2025 Bruno Pitrus - update to version 0.71.1 for Signal 7.55.0 * Support new CDSI enclave in production. * Rust: bump rand crate to v0.9.0 * A pre-key message sender's identity is stored after the message is decrypted. * Java, Node, Swift: changed IdentityKeyStore.saveIdentity to return an enum. * Node: RegistrationService.registerAccount takes account password as a string. * Connections to Signal services (and to Cloudflare's DNS-over-HTTPS server) will now require TLS v1.3, which they would already have been using. * Futures returned by ChatConnection.send() will now return more specific errors on failure. * New SVR2 enclaves for staging and production. * keytrans: Support multiple auditors. * Fixes a regression introduced in v0.68.1 where incoming PreKey messages would fail to decrypt if the local device had archived the corresponding session. - libsignal-client-visibility-hidden.patch: remove pqcrypto patch (the dependency has been removed by upstream) * Tue May 13 2025 Bruno Pitrus - update to version 0.70.0 for Signal 7.54.0 * Resuming an existing registration session now requires the phone number with for which the session was created. * Enable registering an account via the Node registration service client. * backups: Validate NotificationProfile::id * Node (GSE): Implement toToken() and encryptUserId() for CallLinkSecretParams * The Net class now stores a string-map of "remote config" information, intended for the same sort of server-provided configuration that the apps already have. * Add in new CDSI enclave ID, now supporting Kyber HFS Noise channels. * Net: Remove the fallback connect code paths for CDSI. This is a breaking change. * backups: Validate ChatFolder::id * Net: onConnectionInterrupted will now pass along ConnectedElsewhere and ConnectionInvalidated as disconnection reasons, when applicable. * backups: Release notes can now be included in a chat folder. * net: Fix a bug where DNS-over-HTTPs lookups wouldn't attempt to make IPv4 and IPv6 connections to the nameserver in parallel. - Add cdsi-test-requires-internet.patch * Thu Apr 17 2025 Bruno Pitrus - update to version 0.68.0 for Signal 7.51.0 * net: Add a client for the registration verification service. This is currently only available via the Node bindings. * backups: Enforce that messages with expiration timers < 24 hours are not included in Remote Backups. * backups: Add support for LocalLocator for local backups * Retire old SVR2 staging enclave * keytrans: Remove unused APIs * backups: Relax check on session switchover update message authors - Add dns_lookup-test-bsc1241387.patch to work around broken IP6 in OBS during test (bsc#1241387) * Thu Apr 3 2025 Bruno Pitrus - update to version 0.67.4 for Signal 7.49.0 * Net.preconnectChat will start the connection process for an authenticated chat connection without needing a username and password ready. * Rust: Update some dependencies (including boring) to the lastest compatible versions. * Net: Harmonized WebSocket PING interval with the client keep-alive interval to conserve resources. * Completely remove SVR3 support * Wed Mar 19 2025 Bruno Pitrus - update to version 0.67.3 for Signal 7.47.0 * Our DoH resolver will no longer connnect to IPv6 DoH resolvers while IPv6 is disabled. * Abstract Server(Private/Public)Params from endorsements. Reduces dependencies in clients and issuing servers. * Add EndorsementPublicRootKey accessor to ServerPublicParams. * Add support for avatarColor/svrPin fields in backup protos * Switch message chain key storage to store seed value rather than IV/MAC-key/key. * Net: try IPv6 in addition to IPv4 when connecting to the DNS-over-HTTPS resolver. * Thu Mar 13 2025 Bruno Pitrus - Update to version 0.67.0 for Signal 7.46.0 * Net: expose old and new CDSI connect logic. * Net: support uppercase scheme for proxy URL. * Net: retire an old SVR2 enclave. * Net: expose synchronous API for sending ChatConnection response. * Net: improve the handling of Chat errors and the associated messages and error codes. * Thu Feb 27 2025 Bruno Pitrus - Update to version 0.66.2 for Signal 7.44.0 * backups: Add system contact name fields to Contact * keytrans: Detect new versions of account data in monitor responses and invoke search * Thu Feb 20 2025 Bruno Pitrus - Update to version 0.66.1 for Signal 7.43.0 * Removes the ChatService APIs on all platforms. Existing code should be migrated to the newer ChatConnection APIs. * Reverts earlier CDSI connection attempt logic change * Thu Feb 13 2025 Bruno Pitrus - Update to version 0.65.5 for Signal 7.42.0 * Introduces an overload of `Net.setProxy()` that supports HTTP and SOCKS proxies in addition to the "transparent TLS proxies" already supported. Supported schemes: "socks5" (or just "socks"), "socks5h", "socks4", "socks4a", "https", "http", and "org.signal.tls". * `Net.setInvalidProxy()` disables new connections until the proxy settings are updated. * Desktop: `Net.setProxyFromUrl()` translates from URL syntax for specifying a proxy. * keytrans: Verify consistency proofs * Wed Feb 5 2025 Bruno Pitrus - Update to version 0.65.4 for Signal 7.41.0 * Net/Android: Expose new ChatConnection API that uses new connectivity internals to Java * Net: Migrate CDSI to new connectivity internals also used by ChatConnection * Net: Migrate DNS to new connectivity internals also used by ChatConnection * backup: Update to latest backup.proto * Thu Jan 30 2025 Bruno Pitrus - Update to version 0.65.2 for Signal 7.40.0 * Several backup validator improvements * Fixed a bug triggered by quickly connecting then disconnecting a chat connection. * Reduce the number of SNIs used when trying to connect using domain fronting. * Log on some important chat events. * Add a tag to log messages to distinguish the source of each. * Key Transparency: Sync with recent server protocol changes. * Thu Jan 23 2025 Bruno Pitrus - Update to version 0.65.0 for Signal 7.39.0 * Added a validity-checking function to AccountEntropyPool. * Rust: The EC key types have been moved to libsignal_core::curve. They are still exported through libsignal_protocol as before, but a few of the signatures have changed. * libsignal-net: enabled support for Ed25519 TLS certificates * Fixed username printing for discriminators under 10 * Many backup validator improvements * Removed support for the old AuthCredential versions * Removed SVR3 from all app bridges * Wed Jan 8 2025 Bruno Pitrus - Update to version 0.64.1 for Signal 7.37.0 * Backups: Support BackupInfo.currentAppVersion and firstAppVersion fields * Improve the performance of both the online and whole-file backup validation methods. * Import various backup validation proto changes, and tighten validation of distribution lists to disallow duplicate entries. * Update `boring` dependency to v4.13.0 * Introduce OnlineBackupValidator, while accepts serialized protobuf frames rather than processing an entire file at once. * ChatService will soon be replaced by ChatConnection, currently experimentally available in Node. (All of the networking-related APIs are still even more subject to change than the rest of libsignal. * Support for the CDSI option 'return_acis_without_uaks' was removed; it was already ignored by the service. * Further backup validator proto updates and performance improvements, including use of an extra worker thread for pipelining entire-file processing. ChatItem errors will now include the dateSent timestamp. * Further work on both key transparency and libsignal-net. * Wed Dec 4 2024 Bruno Pitrus - Update to version 0.62.0 for Signal 7.35.0 * Further backup validator updates: - Allow PNI-only contacts - Allow Chat.muteUntilMs of INT64_MAX ("mute forever") - Update Backup.proto (several fields now use `optional`) - Suppress repeated warnings about the same timestamp field - Buffer the input stream for all app languages * SHA-2 performance improved on 64-bit Linux * Rust: Add ServiceId::to_protocol_address (thanks, @rubdos!) * Net: Chat now throws RateLimitedError/RetryLaterException when the server requests a retry * Attest: Removed unused IAS attestation code and tests * Backup: Made timestamps optional for AttachmentLocator:uploadTimestamp and ChatItem:dateServerSent * Wed Nov 20 2024 Bruno Pitrus - Update to version 0.60.2 for Signal 7.34.0 * Add BackupKey.deriveThumbnailTransitEncryptionKey * Backup validator: Allow "unknown" restrictions for call links * Expose more key derivations to apps via new BackupKey class, as well as additional APIs on MessageBackupKey and AccountEntropyPool. * Adjust backup ID derivation from a BackupKey once more (hopefully the last time). * Internal change: Use new websocket event handler for attested connections. This should not produce any difference in behavior, but if any is observed this might be the cause. * Add BackupCredentialType to BackupAuthCredential, and rename the members of BackupLevel. This is a **breaking change**: old credentials will no longer work, and client and server have to agree on the credentials being used. BackupAuthCredential also now uses the "new" key derivation for the backup ID. * MessageBackupKey now supports the "new" key derivations using an "account entropy pool" string, as well as from a backup key and ID. The "old" derivation from a "master key" has been deprecated in all languages and will be removed in a future release. * The backup validator now requires a mediaRootBackupKey in the BackupInfo proto. * Provide additional information on CDSI errors. - Drop bindgen-llvm19-E0425.patch applied upstream * Thu Nov 7 2024 Bruno Pitrus - Update to version 0.59.0 for Signal 7.32.0 * Rename "pin" crate to "account-keys", to reflect expanding functionality * Backup: Be more precise about when expiration should have started * Node: Expose BackupAuthCredentialPresentation.getBackupId() and getBackupLevel() for mock-server * Add ViewOnceMessage to the backup validator * Make sender chain overflow an explicit SignalProtocolError * Rust: Move E164 type into libsignal-core - drop upstreamed signal-7.29.0-test-getBackupId.patch * Wed Nov 6 2024 Bruno Pitrus - Add backported bindgen-llvm19-E0425.patch fixing ftbfs with LLVM 19+ (gh#signalapp/boring#28) * Thu Oct 17 2024 Bruno Pitrus - Add backported signal-7.29.0-test-getBackupId.patch adding an API needed by the new test harness (but not the app itself) * Thu Sep 26 2024 Bruno Pitrus - Update to version 0.58.0 for Signal 7.26.0 * Backup: apply stricter rules for contacts and messages * SVR3: implement new protocol in libsignal-net. * Thu Sep 19 2024 Bruno Pitrus - Update to version 0.56.1 for Signal 7.25.0 * Internal work in SVR and libsignal-net * Renames of the "reconnect" libsignal-net ChatService types. * Several updates to the backup validator. - Remove bogus soname RPM provide. * Thu Aug 29 2024 Bruno Pitrus - Update to version 0.55.1 for Signal 7.22.0 * libsignal-net: auto-reconnect logic is removed for ChatService * Legacy SSv2 receive support removed * Further updates to the backup validator, including omitting the backup timestamp and sorting reactions in the canonical string * Update to boring v4.9.0 * The Net/Network class now exposes an "onNetworkChanged" event, which will clear certain caches and reset cooldowns * Thu Aug 15 2024 thod_@gmx.de - Update to version 0.54.0 for Signal 7.20.0 * Node, Swift: changes in the libsignal-net API * Internal improvements and housekeeping changes * Node: Split ChatService into AuthenticatedChatService and UnauthenticatedChatService. We plan to make a similar split for the other platforms in the future. * Node: Upload Breakpad syms files for debug info instead of using per-platform formats * Server: Added SealedSenderMultiRecipientMessage#serializedRecipientView, to save on repeated parsing * Backups: ComparableMessageBackup can be used to check message backups for equality * Java: ChatServiceException extends IOException * SVR3: implement migration support, improve resilience to connection failures - Add remove-message-backup-test.patch * Thu Jul 18 2024 Bruno Pitrus - Update to version 0.52.3 for Signal 7.16.0 * SVR3: Restores can now fall back to previous environments. * SVR3: Provide a migration API, for backing up to the latest environment and clearing from previous ones. * ChatService: 4xx messages from proxies will no longer be considered authoritative. * ChatService: Fixed a hang when the same instance was used for both auth and unauth connections. * Node: libsignal will drop log events if they are not being drained from the Node event loop fast enough, rather than continue to saturate the event loop. * Net: customize response status code sent to server * Backups: bugfix to prevent short file reads * Fri Jul 5 2024 Bruno Pitrus - Initial package of version 0.51.1 for Signal 7.15.0 - Import patches from signal-desktop package * boringssl-sys-no-static.patch * libsignal-client-visibility-hidden.patch * cc-link-lib-no-static.patch * ring-no-static.patch - Add build_node_bridge-inject-options.patch