Two TROVEs in the recent Arti release changelog, Update curve25519-dalek to avoid a low-severity timing vulnerability. (TROVE-2024-007, #1468, !2211) With full vanguards, client rendezvous circuits do not reuse the final vanguard as the rendezvous point. (TROVE-2024-008, #1474, !2230) Fixed in 1.2.5.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=188f716146fdc367fa38c17cee4814ab0e8e14e9 commit 188f716146fdc367fa38c17cee4814ab0e8e14e9 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-06-27 19:22:33 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-06-27 19:23:09 +0000 net-p2p/arti: drop 1.2.4 Bug: https://bugs.gentoo.org/935031 Signed-off-by: John Helmert III <ajak@gentoo.org> net-p2p/arti/Manifest | 80 ------ net-p2p/arti/arti-1.2.4.ebuild | 605 ----------------------------------------- 2 files changed, 685 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebca7e26f80833d8287b8f56850157fb63c72029 commit ebca7e26f80833d8287b8f56850157fb63c72029 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2024-06-27 19:15:50 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2024-06-27 19:23:02 +0000 net-p2p/arti: add 1.2.5 Bug: https://bugs.gentoo.org/935031 Signed-off-by: John Helmert III <ajak@gentoo.org> net-p2p/arti/Manifest | 61 +++++ net-p2p/arti/arti-1.2.5.ebuild | 586 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 647 insertions(+)
