Log Message:
arti: update to version 1.1.2

ChangeLog:

Arti 1.1.2 — 28 February 2023

Arti 1.1.2 continues our work on onion services, and builds out more of the \ 
necessary infrastructure, focusing on backend support for the onion service \ 
directories.

We've also done a significant revision on our handling of incoming messages on \ 
circuits, to avoid a fair amount of unnecessary copying, and defer message \ 
parsing until we're certain that the message type would be acceptable in a given \ 
context. Doing this turned up several bugs, which are now fixed too.
Breaking changes in lower level crates

    The APIs for tor-cell have changed significantly, to help implement #525 and \ 
prepare for #690. This has no downstream implications outside of tor-proto.
    Our IntegerMinutes type no longer has an erroneous days() accessor. (This \ 
accessor did not work correctly, and actually returned a number of minutes!) \ 
(bb2ab7c2a3e0994bb43)
    The PartialNetDir::fill_from_previous_netdir() function has changed its \ 
argument types and semantics. (f69d7f96ac40dda5)

(Breaking changes in experimental APIs are not noted here.)
New features

    We now have the facility to give a helpful "error hint" in \ 
response to a given failure. Right now, we use this to improve the error message \ 
given for file-system permission errors, so that it suggests either changing the \ 
permissions on a directory, or suppressing the error. (#578, #579, !976, !994, \ 
!1018)
    When we log an error message from inside our code (at "info" or \ 
higher), we now make sure to log a full error report, including the cause of the \ 
error, its cause, and so on. (#680, !997)
    When receiving messages on channels, circuits, and streams, we now defer \ 
parsing those messages until we know whether their types are acceptable. This \ 
shrinks our attack surface, simplifies our code, and makes our protocol handling \ 
less error-prone. (#525, !1008, !1013, !1017)
    We now copy relay cell bodies much less than previously. (#7, ca3b33a1afc58b84)
    We have support for handling link specifier types verbatim, for cases when \ 
we need to use them to contact a rendezvous point or introduction point without \ 
checking them. (!1029)

Onion service development

    We can now parse onion service descriptors, including all encrypted layers, \ 
with support for descriptor-based client authentication. (#744, !999, !1015)
    Our network directory code now supports deriving the HsDir directory ring, \ 
to find out where onion service descriptors should be uploaded and downloaded. \ 
(#687, !1012)
    We've refactored our implementation of onion service message extensions into \ 
a single place, to save on code and avoid type confusion. (5521df0909ff7afa)
    Our internal onion-service Cargo features have been renamed to start with \ 
hs-*. We're still using onion-* as the prefix for our high-level onion-service \ 
features. ([#756], [!1033])

Infrastructure

    All our shell scripts now work when bash is somewhere other than /bin. (!990)
    Our check_doc_features script is now a little more reliable. (!1023)
    Our coverage tools now perform better checks to make sure they have all of \ 
their dependencies. (#776, !1025)

Cleanups, minor features, and bugfixes

    The internal data structures in tor-netdir now use the \ 
typed_index_collections crate to ensure that the indices for one list are not \ 
mis-used as indices into another. (!1004)
    We no longer reject authority certificates that contain an unrecognized \ 
keyword. (#752, 266c61f7213dbec7)
    Our tor-netdoc parsing code now requires the caller to specify handling for \ 
unrecognized keywords explicitly, to avoid future instances of bug #752. (!1006)
    Several internal APIs and patterns in tor-netdoc have been streamlined. \ 
(#760, !1016, !1021)
    Make extension-handling code in for onion service message decoding more \ 
generic, since we'll reuse it a lot. (!1020)
    We now kill off circuits under more circumstances when the other side of the \ 
circuit violates the protocol. (#769, #773, !1026)
    We now expire router descriptors as soon as any of their internal expiration \ 
times has elapsed. Previously, we expired them when all of their expiration \ 
times had elapsed, which is incorrect. (#772, !1022)
    We are much more careful than previous about validating the correctness of \ 
various message types on half-closed streams. Previously, we had separate \ 
implementations for message validation; now, we use a single object to check \ 
messages in both cases. (#744, !1026)
    We now treat a RESOLVED message as closing a half-closed resolve stream. \ 
Previously, we left the stream open. (!1026)

Thanks to everyone who has contributed to this release, including Dimitris \ 
Apostolou, Emil Engler, and Shady Katy.

Also, our deep thanks to Zcash Community Grants for funding the development of Arti!