Update libsignal to 0.91.0

Co-authored-by: Scott Nonnenberg <scott@signal.org>
2026-04-17 15:23:36 +01:00 · 2026-04-01 18:38:15 -05:00
parent add36b24ff
commit 0a23a9256e
8 changed files with 46 additions and 23 deletions
--- a/ACKNOWLEDGMENTS.md
+++ b/ACKNOWLEDGMENTS.md
@@ -18684,7 +18684,7 @@ SOFTWARE.

 ```

-## derive-where 1.6.0
+## derive-where 1.6.1

 ```
 MIT License
@@ -18954,7 +18954,7 @@ IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
 DEALINGS IN THE SOFTWARE.
 ```

-## curve25519-dalek-derive 0.1.1, adler2 2.0.1, anyhow 1.0.100, async-trait 0.1.89, atomic-waker 1.1.2, auto_enums 0.8.7, derive_utils 0.15.0, displaydoc 0.2.5, dyn-clone 1.0.20, fastrand 2.3.0, home 0.5.11, itoa 1.0.17, linkme-impl 0.3.35, linkme 0.3.35, linux-raw-sys 0.11.0, linux-raw-sys 0.4.15, minimal-lexical 0.2.1, num_enum 0.7.5, num_enum_derive 0.7.5, once_cell 1.21.3, paste 1.0.15, pin-project-internal 1.1.10, pin-project-lite 0.2.16, pin-project 1.1.10, prettyplease 0.2.37, proc-macro-crate 3.4.0, proc-macro2 1.0.105, quote 1.0.43, ref-cast-impl 1.0.25, ref-cast 1.0.25, rustix 0.38.44, rustix 1.1.3, rustversion 1.0.22, semver 1.0.27, send_wrapper 0.6.0, serde 1.0.228, serde_core 1.0.228, serde_derive 1.0.228, serde_json 1.0.149, syn-mid 0.6.0, syn 1.0.109, syn 2.0.114, thiserror-impl 1.0.69, thiserror-impl 2.0.17, thiserror 1.0.69, thiserror 2.0.17, unicode-ident 1.0.22, utf-8 0.7.6, zmij 1.0.12
+## curve25519-dalek-derive 0.1.1, adler2 2.0.1, anyhow 1.0.100, async-trait 0.1.89, atomic-waker 1.1.2, auto_enums 0.8.7, derive_utils 0.15.0, displaydoc 0.2.5, dyn-clone 1.0.20, fastrand 2.3.0, home 0.5.11, itoa 1.0.17, linkme-impl 0.3.35, linkme 0.3.35, linux-raw-sys 0.11.0, linux-raw-sys 0.4.15, minimal-lexical 0.2.1, num_enum 0.7.5, num_enum_derive 0.7.5, once_cell 1.21.3, paste 1.0.15, pin-project-internal 1.1.10, pin-project-lite 0.2.16, pin-project 1.1.10, prettyplease 0.2.37, proc-macro-crate 3.4.0, proc-macro2 1.0.105, quote 1.0.43, ref-cast-impl 1.0.25, ref-cast 1.0.25, rustix 0.38.44, rustix 1.1.3, rustversion 1.0.22, semver 1.0.27, send_wrapper 0.6.0, serde 1.0.228, serde_core 1.0.228, serde_derive 1.0.228, serde_json 1.0.149, syn-mid 0.6.0, syn 2.0.114, thiserror-impl 1.0.69, thiserror-impl 2.0.17, thiserror 1.0.69, thiserror 2.0.17, unicode-ident 1.0.22, utf-8 0.7.6, zmij 1.0.12

 ```
 Permission is hereby granted, free of charge, to any
--- a/package.json
+++ b/package.json
@@ -115,7 +115,7 @@
  "dependencies": {
    "@indutny/mac-screen-share": "1.0.13",
    "@indutny/simple-windows-notifications": "2.0.16",
-    "@signalapp/libsignal-client": "0.90.0",
+    "@signalapp/libsignal-client": "0.91.0",
    "@signalapp/mute-state-change": "workspace:1.0.0",
    "@signalapp/ringrtc": "2.67.0",
    "@signalapp/sqlcipher": "3.2.1",
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
@@ -80,8 +80,8 @@ importers:
        specifier: 2.0.16
        version: 2.0.16
      '@signalapp/libsignal-client':
-        specifier: 0.90.0
-        version: 0.90.0
+        specifier: 0.91.0
+        version: 0.91.0
      '@signalapp/mute-state-change':
        specifier: workspace:1.0.0
        version: link:packages/mute-state-change
@@ -3714,8 +3714,8 @@ packages:
  '@signalapp/libsignal-client@0.89.2':
    resolution: {integrity: sha512-LGvE50XxiCB7vXHtx/TElPXl8sFr6kLO6CkZVh33pc5FME3j/PMtdTZnUE7bFDV15yxW//pCntFrpV0XzV5lSA==}

-  '@signalapp/libsignal-client@0.90.0':
-    resolution: {integrity: sha512-jNS5Xy7043QKXlcFYHA5HnxhrVvYHI+zaWgpeRLTKAdJLycYV6OesG6Y1lqxhkOWQcXjiOg/cDWt8ZOGl5pVYw==}
+  '@signalapp/libsignal-client@0.91.0':
+    resolution: {integrity: sha512-Gk/fq7Ki3sNfyTIfJ+46Eo0qt8dJoLVuVMMVb6P2utnab2J0zpQWlNFUXyFJkiftrHtdcVS8cKwaJf9Od1hAVA==}

  '@signalapp/minimask@1.0.1':
    resolution: {integrity: sha512-QAwo0joA60urTNbW9RIz6vLKQjy+jdVtH7cvY0wD9PVooD46MAjE40MLssp4xUJrph91n2XvtJ3pbEUDrmT2AA==}
@@ -14183,11 +14183,10 @@ snapshots:
      type-fest: 4.26.1
      uuid: 11.0.2

-  '@signalapp/libsignal-client@0.90.0':
+  '@signalapp/libsignal-client@0.91.0':
    dependencies:
      node-gyp-build: 4.8.4
      type-fest: 4.26.1
-      uuid: 11.0.2

  '@signalapp/minimask@1.0.1': {}

--- a/ts/RemoteConfig.dom.ts
+++ b/ts/RemoteConfig.dom.ts
@@ -97,6 +97,8 @@ const KnownDesktopLibsignalNetKeys = [
  'desktop.libsignalNet.grpc.AccountsAnonymousLookupUsernameHash.beta',
  'desktop.libsignalNet.grpc.AccountsAnonymousLookupUsernameLink.2',
  'desktop.libsignalNet.grpc.AccountsAnonymousLookupUsernameLink.2.beta',
+  'desktop.libsignalNet.grpc.AttachmentsGetUploadForm',
+  'desktop.libsignalNet.grpc.AttachmentsGetUploadForm.beta',
  'desktop.libsignalNet.grpc.MessagesAnonymousSendMultiRecipientMessage.2',
  'desktop.libsignalNet.grpc.MessagesAnonymousSendMultiRecipientMessage.2.beta',
  'desktop.libsignalNet.useH2ForAuthChat',
--- a/ts/textsecure/MessageReceiver.preload.ts
+++ b/ts/textsecure/MessageReceiver.preload.ts
@@ -1776,7 +1776,11 @@ export default class MessageReceiver
      destinationServiceId,
      Address.create(sealedSenderIdentifier, envelope.sourceDevice)
    );
-    const protocolAddress = ProtocolAddress.new(
+
+    const ourAci = this.#storage.user.getCheckedAci();
+    const ourDeviceID = this.#storage.user.getCheckedDeviceId();
+    const localAddress = ProtocolAddress.new(ourAci, ourDeviceID);
+    const sourceAddress = ProtocolAddress.new(
      sealedSenderIdentifier,
      envelope.sourceDevice
    );
@@ -1790,7 +1794,8 @@ export default class MessageReceiver
        if (message instanceof PreKeySignalMessage) {
          return signalDecryptPreKey(
            message,
-            protocolAddress,
+            sourceAddress,
+            localAddress,
            sessionStore,
            identityKeyStore,
            preKeyStore,
@@ -1800,7 +1805,7 @@ export default class MessageReceiver
        }
        return signalDecrypt(
          message,
-          protocolAddress,
+          sourceAddress,
          sessionStore,
          identityKeyStore
        );
@@ -1908,13 +1913,19 @@ export default class MessageReceiver
      }
      const preKeySignalMessage = PreKeySignalMessage.deserialize(ciphertext);

+      const ourAci = this.#storage.user.getCheckedAci();
+      const ourDeviceID = this.#storage.user.getCheckedDeviceId();
+      const localAddress = ProtocolAddress.new(ourAci, ourDeviceID);
+      const sourceAddress = ProtocolAddress.new(identifier, sourceDevice);
+
      const plaintext = await signalProtocolStore.enqueueSessionJob(
        address,
        async () =>
          this.#unpad(
            await signalDecryptPreKey(
              preKeySignalMessage,
-              ProtocolAddress.new(identifier, sourceDevice),
+              sourceAddress,
+              localAddress,
              sessionStore,
              identityKeyStore,
              preKeyStore,
--- a/ts/textsecure/OutgoingMessage.preload.ts
+++ b/ts/textsecure/OutgoingMessage.preload.ts
@@ -376,11 +376,13 @@ export default class OutgoingMessage {

  async getCiphertextMessage({
    identityKeyStore,
-    protocolAddress,
+    destinationAddress,
+    localAddress,
    sessionStore,
  }: {
    identityKeyStore: IdentityKeys;
-    protocolAddress: ProtocolAddress;
+    destinationAddress: ProtocolAddress;
+    localAddress: ProtocolAddress;
    sessionStore: Sessions;
  }): Promise<CiphertextMessage> {
    const { message } = this;
@@ -391,7 +393,8 @@ export default class OutgoingMessage {

    return signalEncrypt(
      this.getPlaintext(),
-      protocolAddress,
+      destinationAddress,
+      localAddress,
      sessionStore,
      identityKeyStore
    );
@@ -422,7 +425,7 @@ export default class OutgoingMessage {
    // We don't send to ourselves unless sealedSender is enabled
    const ourNumber = itemStorage.user.getNumber();
    const ourAci = itemStorage.user.getCheckedAci();
-    const ourDeviceId = itemStorage.user.getDeviceId();
+    const ourDeviceId = itemStorage.user.getCheckedDeviceId();
    if ((serviceId === ourNumber || serviceId === ourAci) && !sealedSender) {
      // oxlint-disable-next-line no-param-reassign
      deviceIds = reject(
@@ -443,6 +446,7 @@ export default class OutgoingMessage {
      signalProtocolStore,
      ourServiceId: ourAci,
    });
+    const localAddress = ProtocolAddress.new(ourAci, ourDeviceId);

    return (
      Promise.all(
@@ -455,13 +459,13 @@ export default class OutgoingMessage {
          return signalProtocolStore.enqueueSessionJob<MessageType>(
            address,
            async () => {
-              const protocolAddress = ProtocolAddress.new(
+              const destinationAddress = ProtocolAddress.new(
                serviceId,
                destinationDeviceId
              );

              const activeSession =
-                await sessionStore.getSession(protocolAddress);
+                await sessionStore.getSession(destinationAddress);
              if (!activeSession) {
                throw new Error(
                  'OutgoingMessage.doSendMessage: No active session!'
@@ -474,7 +478,8 @@ export default class OutgoingMessage {
              if (sealedSender && senderCertificate) {
                const ciphertextMessage = await this.getCiphertextMessage({
                  identityKeyStore,
-                  protocolAddress,
+                  destinationAddress,
+                  localAddress,
                  sessionStore,
                });

@@ -494,7 +499,7 @@ export default class OutgoingMessage {

                const buffer = await sealedSenderEncrypt(
                  content,
-                  protocolAddress,
+                  destinationAddress,
                  identityKeyStore
                );

@@ -508,7 +513,8 @@ export default class OutgoingMessage {

              const ciphertextMessage = await this.getCiphertextMessage({
                identityKeyStore,
-                protocolAddress,
+                destinationAddress,
+                localAddress,
                sessionStore,
              });
              const type = ciphertextMessageTypeToEnvelopeType(
--- a/ts/textsecure/storage/User.dom.ts
+++ b/ts/textsecure/storage/User.dom.ts
@@ -151,6 +151,12 @@ export class User {
    return parseInt(value, 10);
  }

+  public getCheckedDeviceId(): number {
+    const deviceId = this.getDeviceId();
+    strictAssert(deviceId !== undefined, 'Must have our own deviceId');
+    return deviceId;
+  }
+
  public getDeviceCreatedAt(): number | undefined {
    return this.storage.get('deviceCreatedAt');
  }
--- a/ts/util/zkgroup.node.ts
+++ b/ts/util/zkgroup.node.ts
@@ -33,7 +33,6 @@ import * as Bytes from '../Bytes.std.ts';
 import { toServiceIdObject } from './ServiceId.node.ts';
 import { strictAssert } from './assert.std.ts';

-// oxlint-disable-next-line no-barrel-file
 export * from '@signalapp/libsignal-client/zkgroup.js';

 // Scenarios