# # spec file for package libsignal # # Copyright (c) 2024 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # #Both electron and webrtc require SSE2 on the x86 port. So we can require SSE2 on all other code, too. %ifarch %ix86 ExclusiveArch: i586 i686 BuildArch: i686 %{expand:%%global optflags %(echo "%optflags") -march=pentium4 -mtune=generic} %{expand:%%global build_rustflags %(echo "%build_rustflags") -C target-cpu=pentium4 -Z tune-cpu=generic} %endif %global __provides_exclude ^lib.*\\.so.*$ Name: libsignal Version: 0.83.0 Release: 1.1 Summary: Signal protocol and cryptographic libraries License: AGPL-3.0-only AND Apache-2.0 AND BSD-3-Clause AND ISC AND MIT AND OpenSSL Group: System/Libraries Url: https://github.com/signalapp/libsignal/ # Source0: https://github.com/signalapp/libsignal/archive/refs/tags/v%{version}.tar.gz Source1: vendor.tar.zst Patch0: build_node_bridge-inject-options.patch # fix rust breaking gcc LTO Patch10: boringssl-sys-no-static.patch Patch24: libsignal-client-visibility-hidden.patch Patch27: cc-link-lib-no-static.patch Patch30: ring-no-static.patch # Patch32: dns_lookup-test-bsc1241387.patch # BuildRequires: cargo #see node_modules/@signalapp/libsignal-client/vendor/boring-sys/build.rs BuildRequires: git-core %if 0%{?suse_version} >= 1650 || 0%{?fedora} BuildRequires: gcc >= 14 BuildRequires: gcc-c++ >= 14 %else %if 0%{?suse_version} >= 1550 BuildRequires: gcc15-PIE BuildRequires: gcc15-c++ %else BuildRequires: gcc14-PIE BuildRequires: gcc14-c++ %endif %endif BuildRequires: jq # support for `optional` keyword is now required %if 0%{?fedora} BuildRequires: protobuf-compiler %endif BuildRequires: protobuf-devel >= 3.15 BuildRequires: pkgconfig(zlib) %if 0%{?suse_version} >= 1550 || 0%{?sle_version} >= 150700 || 0%{?fedora} %define PYVER 3 %else %define PYVER 3.11 BuildRequires: python311-base %endif BuildRequires: clang %if 0%{?fedora} BuildRequires: rust-srpm-macros %else BuildRequires: cargo-packaging >= 1.2.0+3 BuildRequires: cargo-auditable %endif BuildRequires: cmake BuildRequires: zstd Conflicts: signal-desktop < 7.15 # %description libsignal contains platform-agnostic APIs used by the official Signal clients and servers. This package contains the NodeJS native module used by `signal-desktop` and is not intended to be used outside that application. %prep %autosetup -p1 -a1 # https://blogs.gnome.org/mcatanzaro/2020/05/18/patching-vendored-rust-dependencies/ for i in \ boring-sys \ prost-build \ libloading \ bindgen \ rustix \ blake2 \ cc \ serde_derive \ ring \ aes-gcm \ aes-gcm-siv \ chacha20poly1305 \ libz-sys \ vcpkg \ ; do pushd vendor/$i jq -cj '.files={}' .cargo-checksum.json >tmp && mv tmp .cargo-checksum.json && popd done mkdir %{_builddir}/path #AWFUL HACK: Custom cmake wrapper to override CFLAGS because -g -O2 seems to get stripped by Rust no matter what i do otherwise #Compare openSUSE macros.cmake cat <<"EOF" > %{_builddir}/path/cmake #!/bin/bash if [[ "$1" = --build ]]; then exec %{_bindir}/cmake "$@" fi exec %{_bindir}/cmake "$@" -DCMAKE_C_FLAGS="${CFLAGS}" \ -DCMAKE_CXX_FLAGS="${CXXFLAGS}" \ -DCMAKE_EXE_LINKER_FLAGS="$LDFLAGS -Wl,--as-needed -Wl,--no-undefined -Wl,-z,now" \ -DCMAKE_MODULE_LINKER_FLAGS="$LDFLAGS -Wl,--as-needed" \ -DCMAKE_SHARED_LINKER_FLAGS="$LDFLAGS -Wl,--as-needed -Wl,--no-undefined -Wl,-z,now" EOF cat %{_builddir}/path/cmake chmod +x %{_builddir}/path/* %build %if 0%{?suse_version} >= 1650 || 0%{?fedora} export CC=gcc export CXX=g++ export AR=gcc-ar export NM=gcc-nm export RANLIB=gcc-ranlib %else %if 0%{?suse_version} >= 1550 export CC=gcc-15 export CXX=g++-15 export AR=gcc-ar-15 export NM=gcc-nm-15 export RANLIB=gcc-ranlib-15 %else export CC=gcc-14 export CXX=g++-14 export AR=gcc-ar-14 export NM=gcc-nm-14 export RANLIB=gcc-ranlib-14 %endif %endif export RUSTFLAGS="%{build_rustflags} --verbose -Clinker=$CXX" export RUSTC_LOG='rustc_codegen_ssa::back::link=info' export RUST_BACKTRACE=1 export CARGO_TERM_VERBOSE=true # https://github.com/Firstyear/cargo-packaging/pull/10 export CARGO_INCREMENTAL=0 # upstream build script iterates over this, it can be empty mkdir -pv ~/.cargo/registry/src %if 0%{?suse_version} auditable='--auditable' %endif #[ 114s] npm ERR! error[E0554]: `#![feature]` may not be used on the stable release channel #[ 114s] npm ERR! --> /home/abuild/rpmbuild/BUILD/Signal-Desktop-5.55.0/node_modules/@signalapp/libsignal-client/vendor/polyval/src/lib.rs:80:5 export RUSTC_BOOTSTRAP=1 export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export MAKEFLAGS="%{_smp_mflags}" # use correct hardening defines also when generating headers for Rust # this does not (currently) affect the compiled binary at all but better safe than sorry # -fvisiblity=default works around a bug in bindgen export BINDGEN_EXTRA_CLANG_ARGS="$(echo " $CXXFLAGS " | sed 's/ -mtls-dialect=gnu2 / /') -fvisibility=default" export LDFLAGS="%{?build_ldflags}" # The `cc` crate tries to be too clever and passes some default cflags to cmake. # Disable these and use only the ones from CFLAGS env. variable export CRATE_CC_NO_DEFAULTS=1 # Ensure cmake gets the RelWithDebInfo profile export CARGO_PROFILE_RELEASE_DEBUG=2 # make cmake louder? export VERBOSE=1 export V=1 # make `ring crate` output build log export CC_ENABLE_DEBUG_OUTPUT=1 export RUSTDOCFLAGS="$RUSTFLAGS" python%PYVER ./node/build_node_bridge.py $auditable %install #It does not actually matter what the library is named as long as it's in the correct directory install -pvDm755 target/release/libsignal_node.so \ %{buildroot}%{_libexecdir}/signal-desktop/node_modules/@signalapp/libsignal-client/build/Release/signal_node.node %check pushd %{buildroot}%{_libexecdir}/signal-desktop #detect underlinking — compare electron_check_native macro pushd %{buildroot}%{_libexecdir} find . -name '*.node' -print0 | xargs -0 -t -IXXX sh -c '! ldd -d -r XXX | \ grep '\''^undefined symbol'\'' | \ grep -v '\''^undefined symbol: napi_'\'' ' popd # Sanity check that we did not mistakenly link system openssl instead of boringssl # since they have the same name and a similar set of exported symbols objdump -p node_modules/@signalapp/libsignal-client/build/Release/*.node >%{_builddir}/objdump cat %{_builddir}/objdump ! grep -F libcrypto %{_builddir}/objdump ! grep -F libssl %{_builddir}/objdump popd #rust tests %if 0%{?suse_version} >= 1650 || 0%{?fedora} export CC=gcc export CXX=g++ export AR=gcc-ar export NM=gcc-nm export RANLIB=gcc-ranlib %else %if 0%{?suse_version} >= 1550 export CC=gcc-15 export CXX=g++-15 export AR=gcc-ar-15 export NM=gcc-nm-15 export RANLIB=gcc-ranlib-15 %else export CC=gcc-14 export CXX=g++-14 export AR=gcc-ar-14 export NM=gcc-nm-14 export RANLIB=gcc-ranlib-14 %endif %endif export RUSTFLAGS="%{build_rustflags} --verbose -Clinker=$CXX" export RUSTC_LOG='rustc_codegen_ssa::back::link=info' export RUST_BACKTRACE=1 export CARGO_TERM_VERBOSE=true export CARGO_INCREMENTAL=0 %if 0%{?suse_version} auditable='--auditable' %endif export RUSTC_BOOTSTRAP=1 export CFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export CXXFLAGS="%{optflags} -fpic -fno-semantic-interposition -fno-fat-lto-objects -fvisibility=hidden" export MAKEFLAGS="%{_smp_mflags}" export BINDGEN_EXTRA_CLANG_ARGS="$(echo " $CXXFLAGS " | sed 's/ -mtls-dialect=gnu2 / /') -fvisibility=default" export CRATE_CC_NO_DEFAULTS=1 export CARGO_PROFILE_RELEASE_DEBUG=2 export VERBOSE=1 export V=1 export CC_ENABLE_DEBUG_OUTPUT=1 export LDFLAGS="%{?build_ldflags}" export RUSTDOCFLAGS="$RUSTFLAGS" python%PYVER ./node/build_node_bridge.py $auditable --check %files %defattr(-,root,root) %doc README.md RELEASE_NOTES.md %license LICENSE acknowledgments/acknowledgments.html %{_libexecdir}/signal-desktop %changelog * Thu Oct 16 2025 Bruno Pitrus - Update to version 0.83.0 for Signal 7.75.0 * backups: Support polls in backup validator * spqr: Remove client-provided options to turn on/off SPQR, defaulting to on everywhere. * keytrans: Unify errors with other typed APIs * Locally-closed WebSocket connections now explicitly send close code 1000 instead of an empty close frame * net: Direct connections to the Signal servers will be tried as a fallback if connecting through an HTTP or SOCKS proxy fails or takes too long. - Leap: build with gcc >=14 - Fix broken underlinking test - Fix ftbfs with new rust * Thu Oct 2 2025 Bruno Pitrus - Update to version 0.81.1 for Signal 7.73.0 * Enable negotiating permessage-deflate support for chat websocket connections, if configured. * Net: remove Noise connection shadowing for staging Chat websocket connections. * Thu Sep 25 2025 dziobian - Update to version 0.81.0 for Signal 7.72.0 * KyberPreKeyStore.markKyberPreKeyAsUsed now takes three arguments, to allow tracking how the pre-key is used: the Kyber pre-key ID, the signed EC pre-key ID, and the session base key. * We now always defer to an HTTP/HTTPS proxy for DNS resolution. * backups: Add logging to BackupAuthCredentialRequestContext_ReceiveResponse internals * Sealed sender SenderCertificates can now use a `bytes` representation for the sender, and may avoid embedding their signing ServerCertificate in favor of referencing a "known" certificate baked into libsignal. See sealed_sender.proto and the `KNOWN_SERVER_CERTIFICATES` list in the source for more details. * Fri Sep 19 2025 Bruno Pitrus - Update to version 0.80.0 for Signal 7.71.0 * backups: relax restriction that backups with backup_tier == free cannot have backupsSubscriberData * Migrate crates to Rust 2024 edition. * Desktop: add a distinct error type for incremental mac verification failures. * The first "Typed API" service interface for chat-server, UnauthUsernamesService, has been added to libsignal's app layer. * The libsignal-net remote config option `chatRequestConnectionCheckTimeoutMillis` controls a new check: if a chat request hasn't been responded to in this amount of time, libsignal will check if the connection is using the preferred network interface, and close it early if not. * backups: Validate quote body length * Rust: libsignal-protocol's fingerprint-related operations have a dedicated error type now, FingerprintError, rather than reusing SignalProtocolError. * backups: validate presence of `OutgoingMessageDetails.dateReceived`, remove deprecated BackupLocator/AttachmentLocator/LocalLocator * Thu Aug 28 2025 Bruno Pitrus - update to version 0.78.3 for Signal 7.68.0 * keytrans: Distinguish self-monitoring from monitoring for others * Net: Shadow Chat websocket connections in staging with Noise Direct connections when enabled via remote config. * Thu Aug 21 2025 Bruno Pitrus - update to version 0.78.2 for Signal 7.67.0 * BackupForwardSecrecyTokens can now be used to derive MessageBackupKeys. * Downgraded some networking-related error logs to warnings. * SVR-B: Operations have been consistently renamed to `store` and `restore`. * SVR-B: `restore` now returns an object containing both the BackupForwardSecrecyToken for decryption, and "secret data" to be used in the first `store` after restoration. * `SvrB` now has a `createNewBackupChain` method, allowing you to locally persist the backup "secret data" *before* the first store to SVR-B for a fresh install. * SVR-B:With the first two changes, the secret data argument to `restore` is now required. See doc comments for more details. * backups: Add support for call link epochs. * Rust: libsignal_net_infra::ws2 has been merged into libsignal_net_infra::ws, with Connection and Config included directly and helper types available under ws::connection. The old ws::WebSocketConfig has been removed. Other Changes ------------- - Rust: `SessionRecord::has_usable_sender_chain` now takes an additional parameter to specify which criteria make a session "usable" beyond simply *having* a sender chain. The previous behavior can be requested by using `SessionUsabilityRequirements::NotStale`. * Thu Jul 31 2025 Bruno Pitrus - update to version 0.76.7 for Signal 7.64.0 * The backup validator accepts the new "forward secrecy" format as well as the existing "ciphertext only" format. * Added support for new CDSi and SVR2 enclaves. * Added HPKE operations to (EC)PublicKey---`seal`---and PrivateKey---`open`. * Tue Jul 22 2025 Bruno Pitrus - update to version 0.76.4 for Signal 7.63.0 * Making a chat connection now accepts a list of language codes, which will set the default language to be used for any requests on that connection if provided. * Thu Jul 10 2025 Bruno Pitrus - update to version 0.76.0 for Signal 7.61.0 * X3DH handling has been removed from libsignal; X3DH PreKey messages will now be rejected as invalid. * Node: All APIs now use Uint8Array instead of Buffer. This is a breaking change if you were relying on any of the APIs added to Buffer on top of Uint8Array, including the diverging behavior of `slice()` and `toString()`. * Require that device IDs in protocol addresses be in the range [1, 127]. This is a breaking change. * backups: Update validation to reject EncryptedDigest with no transit info * backups: Validate new backupTier field * The net-related RequestedInformation type has been renamed to ChallengeOption, and in some cases relocated, to reflect its broader usage. The cases within the type have not been changed. - drop remove-message-backup-test.patch * Fri Jul 4 2025 Bruno Pitrus - build_node_bridge-inject-options.patch: fix broken debuginfo - libsignal-client-visibility-hidden.patch: replace hack with an upstreamable solution * Sat Jun 28 2025 Bruno Pitrus - libsignal-client-visibility-hidden.patch: fix FTBFS with rust 1.88 * Thu Jun 26 2025 Bruno Pitrus - update to version 0.74.1 for Signal 7.59.0 * Support for starting sessions with pre-quantum X3DH has been removed. PQXDH will be required going forward. * Backups: the now-deprecated remote content locator fields are ignored and the new FilePointer.locator_info field must be set. * keytrans: Bridge to ffi * Integrate post-quantum ratchet in opt-in mode. * backups: Add integrityCheck to LocatorInfo - remove tcp_ssl-test-requires-network.patch * Wed May 28 2025 Bruno Pitrus - update to version 0.72.1 for Signal 7.56.0 * Unnecessary prefixes have been removed from file paths in log output. * CDSI: fix handling of rate-limit-exceeded error to correctly parse the server-requested delay. - Drop cdsi-test-requires-internet.patch - Add tcp_ssl-test-requires-network.patch * Wed May 21 2025 Bruno Pitrus - update to version 0.71.1 for Signal 7.55.0 * Support new CDSI enclave in production. * Rust: bump rand crate to v0.9.0 * A pre-key message sender's identity is stored after the message is decrypted. * Java, Node, Swift: changed IdentityKeyStore.saveIdentity to return an enum. * Node: RegistrationService.registerAccount takes account password as a string. * Connections to Signal services (and to Cloudflare's DNS-over-HTTPS server) will now require TLS v1.3, which they would already have been using. * Futures returned by ChatConnection.send() will now return more specific errors on failure. * New SVR2 enclaves for staging and production. * keytrans: Support multiple auditors. * Fixes a regression introduced in v0.68.1 where incoming PreKey messages would fail to decrypt if the local device had archived the corresponding session. - libsignal-client-visibility-hidden.patch: remove pqcrypto patch (the dependency has been removed by upstream) * Tue May 13 2025 Bruno Pitrus - update to version 0.70.0 for Signal 7.54.0 * Resuming an existing registration session now requires the phone number with for which the session was created. * Enable registering an account via the Node registration service client. * backups: Validate NotificationProfile::id * Node (GSE): Implement toToken() and encryptUserId() for CallLinkSecretParams * The Net class now stores a string-map of "remote config" information, intended for the same sort of server-provided configuration that the apps already have. * Add in new CDSI enclave ID, now supporting Kyber HFS Noise channels. * Net: Remove the fallback connect code paths for CDSI. This is a breaking change. * backups: Validate ChatFolder::id * Net: onConnectionInterrupted will now pass along ConnectedElsewhere and ConnectionInvalidated as disconnection reasons, when applicable. * backups: Release notes can now be included in a chat folder. * net: Fix a bug where DNS-over-HTTPs lookups wouldn't attempt to make IPv4 and IPv6 connections to the nameserver in parallel. - Add cdsi-test-requires-internet.patch * Thu Apr 17 2025 Bruno Pitrus - update to version 0.68.0 for Signal 7.51.0 * net: Add a client for the registration verification service. This is currently only available via the Node bindings. * backups: Enforce that messages with expiration timers < 24 hours are not included in Remote Backups. * backups: Add support for LocalLocator for local backups * Retire old SVR2 staging enclave * keytrans: Remove unused APIs * backups: Relax check on session switchover update message authors - Add dns_lookup-test-bsc1241387.patch to work around broken IP6 in OBS during test (bsc#1241387) * Thu Apr 3 2025 Bruno Pitrus - update to version 0.67.4 for Signal 7.49.0 * Net.preconnectChat will start the connection process for an authenticated chat connection without needing a username and password ready. * Rust: Update some dependencies (including boring) to the lastest compatible versions. * Net: Harmonized WebSocket PING interval with the client keep-alive interval to conserve resources. * Completely remove SVR3 support * Wed Mar 19 2025 Bruno Pitrus - update to version 0.67.3 for Signal 7.47.0 * Our DoH resolver will no longer connnect to IPv6 DoH resolvers while IPv6 is disabled. * Abstract Server(Private/Public)Params from endorsements. Reduces dependencies in clients and issuing servers. * Add EndorsementPublicRootKey accessor to ServerPublicParams. * Add support for avatarColor/svrPin fields in backup protos * Switch message chain key storage to store seed value rather than IV/MAC-key/key. * Net: try IPv6 in addition to IPv4 when connecting to the DNS-over-HTTPS resolver. * Thu Mar 13 2025 Bruno Pitrus - Update to version 0.67.0 for Signal 7.46.0 * Net: expose old and new CDSI connect logic. * Net: support uppercase scheme for proxy URL. * Net: retire an old SVR2 enclave. * Net: expose synchronous API for sending ChatConnection response. * Net: improve the handling of Chat errors and the associated messages and error codes. * Thu Feb 27 2025 Bruno Pitrus - Update to version 0.66.2 for Signal 7.44.0 * backups: Add system contact name fields to Contact * keytrans: Detect new versions of account data in monitor responses and invoke search * Thu Feb 20 2025 Bruno Pitrus - Update to version 0.66.1 for Signal 7.43.0 * Removes the ChatService APIs on all platforms. Existing code should be migrated to the newer ChatConnection APIs. * Reverts earlier CDSI connection attempt logic change * Thu Feb 13 2025 Bruno Pitrus - Update to version 0.65.5 for Signal 7.42.0 * Introduces an overload of `Net.setProxy()` that supports HTTP and SOCKS proxies in addition to the "transparent TLS proxies" already supported. Supported schemes: "socks5" (or just "socks"), "socks5h", "socks4", "socks4a", "https", "http", and "org.signal.tls". * `Net.setInvalidProxy()` disables new connections until the proxy settings are updated. * Desktop: `Net.setProxyFromUrl()` translates from URL syntax for specifying a proxy. * keytrans: Verify consistency proofs * Wed Feb 5 2025 Bruno Pitrus - Update to version 0.65.4 for Signal 7.41.0 * Net/Android: Expose new ChatConnection API that uses new connectivity internals to Java * Net: Migrate CDSI to new connectivity internals also used by ChatConnection * Net: Migrate DNS to new connectivity internals also used by ChatConnection * backup: Update to latest backup.proto * Thu Jan 30 2025 Bruno Pitrus - Update to version 0.65.2 for Signal 7.40.0 * Several backup validator improvements * Fixed a bug triggered by quickly connecting then disconnecting a chat connection. * Reduce the number of SNIs used when trying to connect using domain fronting. * Log on some important chat events. * Add a tag to log messages to distinguish the source of each. * Key Transparency: Sync with recent server protocol changes. * Thu Jan 23 2025 Bruno Pitrus - Update to version 0.65.0 for Signal 7.39.0 * Added a validity-checking function to AccountEntropyPool. * Rust: The EC key types have been moved to libsignal_core::curve. They are still exported through libsignal_protocol as before, but a few of the signatures have changed. * libsignal-net: enabled support for Ed25519 TLS certificates * Fixed username printing for discriminators under 10 * Many backup validator improvements * Removed support for the old AuthCredential versions * Removed SVR3 from all app bridges * Wed Jan 8 2025 Bruno Pitrus - Update to version 0.64.1 for Signal 7.37.0 * Backups: Support BackupInfo.currentAppVersion and firstAppVersion fields * Improve the performance of both the online and whole-file backup validation methods. * Import various backup validation proto changes, and tighten validation of distribution lists to disallow duplicate entries. * Update `boring` dependency to v4.13.0 * Introduce OnlineBackupValidator, while accepts serialized protobuf frames rather than processing an entire file at once. * ChatService will soon be replaced by ChatConnection, currently experimentally available in Node. (All of the networking-related APIs are still even more subject to change than the rest of libsignal. * Support for the CDSI option 'return_acis_without_uaks' was removed; it was already ignored by the service. * Further backup validator proto updates and performance improvements, including use of an extra worker thread for pipelining entire-file processing. ChatItem errors will now include the dateSent timestamp. * Further work on both key transparency and libsignal-net. * Wed Dec 4 2024 Bruno Pitrus - Update to version 0.62.0 for Signal 7.35.0 * Further backup validator updates: - Allow PNI-only contacts - Allow Chat.muteUntilMs of INT64_MAX ("mute forever") - Update Backup.proto (several fields now use `optional`) - Suppress repeated warnings about the same timestamp field - Buffer the input stream for all app languages * SHA-2 performance improved on 64-bit Linux * Rust: Add ServiceId::to_protocol_address (thanks, @rubdos!) * Net: Chat now throws RateLimitedError/RetryLaterException when the server requests a retry * Attest: Removed unused IAS attestation code and tests * Backup: Made timestamps optional for AttachmentLocator:uploadTimestamp and ChatItem:dateServerSent * Wed Nov 20 2024 Bruno Pitrus - Update to version 0.60.2 for Signal 7.34.0 * Add BackupKey.deriveThumbnailTransitEncryptionKey * Backup validator: Allow "unknown" restrictions for call links * Expose more key derivations to apps via new BackupKey class, as well as additional APIs on MessageBackupKey and AccountEntropyPool. * Adjust backup ID derivation from a BackupKey once more (hopefully the last time). * Internal change: Use new websocket event handler for attested connections. This should not produce any difference in behavior, but if any is observed this might be the cause. * Add BackupCredentialType to BackupAuthCredential, and rename the members of BackupLevel. This is a **breaking change**: old credentials will no longer work, and client and server have to agree on the credentials being used. BackupAuthCredential also now uses the "new" key derivation for the backup ID. * MessageBackupKey now supports the "new" key derivations using an "account entropy pool" string, as well as from a backup key and ID. The "old" derivation from a "master key" has been deprecated in all languages and will be removed in a future release. * The backup validator now requires a mediaRootBackupKey in the BackupInfo proto. * Provide additional information on CDSI errors. - Drop bindgen-llvm19-E0425.patch applied upstream * Thu Nov 7 2024 Bruno Pitrus - Update to version 0.59.0 for Signal 7.32.0 * Rename "pin" crate to "account-keys", to reflect expanding functionality * Backup: Be more precise about when expiration should have started * Node: Expose BackupAuthCredentialPresentation.getBackupId() and getBackupLevel() for mock-server * Add ViewOnceMessage to the backup validator * Make sender chain overflow an explicit SignalProtocolError * Rust: Move E164 type into libsignal-core - drop upstreamed signal-7.29.0-test-getBackupId.patch * Wed Nov 6 2024 Bruno Pitrus - Add backported bindgen-llvm19-E0425.patch fixing ftbfs with LLVM 19+ (gh#signalapp/boring#28) * Thu Oct 17 2024 Bruno Pitrus - Add backported signal-7.29.0-test-getBackupId.patch adding an API needed by the new test harness (but not the app itself) * Thu Sep 26 2024 Bruno Pitrus - Update to version 0.58.0 for Signal 7.26.0 * Backup: apply stricter rules for contacts and messages * SVR3: implement new protocol in libsignal-net. * Thu Sep 19 2024 Bruno Pitrus - Update to version 0.56.1 for Signal 7.25.0 * Internal work in SVR and libsignal-net * Renames of the "reconnect" libsignal-net ChatService types. * Several updates to the backup validator. - Remove bogus soname RPM provide. * Thu Aug 29 2024 Bruno Pitrus - Update to version 0.55.1 for Signal 7.22.0 * libsignal-net: auto-reconnect logic is removed for ChatService * Legacy SSv2 receive support removed * Further updates to the backup validator, including omitting the backup timestamp and sorting reactions in the canonical string * Update to boring v4.9.0 * The Net/Network class now exposes an "onNetworkChanged" event, which will clear certain caches and reset cooldowns * Thu Aug 15 2024 thod_@gmx.de - Update to version 0.54.0 for Signal 7.20.0 * Node, Swift: changes in the libsignal-net API * Internal improvements and housekeeping changes * Node: Split ChatService into AuthenticatedChatService and UnauthenticatedChatService. We plan to make a similar split for the other platforms in the future. * Node: Upload Breakpad syms files for debug info instead of using per-platform formats * Server: Added SealedSenderMultiRecipientMessage#serializedRecipientView, to save on repeated parsing * Backups: ComparableMessageBackup can be used to check message backups for equality * Java: ChatServiceException extends IOException * SVR3: implement migration support, improve resilience to connection failures - Add remove-message-backup-test.patch * Thu Jul 18 2024 Bruno Pitrus - Update to version 0.52.3 for Signal 7.16.0 * SVR3: Restores can now fall back to previous environments. * SVR3: Provide a migration API, for backing up to the latest environment and clearing from previous ones. * ChatService: 4xx messages from proxies will no longer be considered authoritative. * ChatService: Fixed a hang when the same instance was used for both auth and unauth connections. * Node: libsignal will drop log events if they are not being drained from the Node event loop fast enough, rather than continue to saturate the event loop. * Net: customize response status code sent to server * Backups: bugfix to prevent short file reads * Fri Jul 5 2024 Bruno Pitrus - Initial package of version 0.51.1 for Signal 7.15.0 - Import patches from signal-desktop package * boringssl-sys-no-static.patch * libsignal-client-visibility-hidden.patch * cc-link-lib-no-static.patch * ring-no-static.patch - Add build_node_bridge-inject-options.patch