Tags: Neo54321/fred
Tags
2024-04-28 Freenet 0.7.5 build 1498 is now available. [overview] This release resolves the last blocker for Freenet / Hyphanet 0.8 by providing an official Debian package. Additionally it optimizes the networking and data transfer core and provides many improvements for website authors and user experience. Starting with this release, Freenet / Hyphanet has an official Debian package built automatically via github actions. This was the most important [high-impact-task][] and the last release blocker of version 0.8 in our [Roadmap][]. Big thanks go to DC*! With this finally realized, the next step is to get in contact with the many privacy focussed distributions which build on Debian to make `hyphanet-fred` available where it is most important. Once this is done, tools which build on Hyphanet — like FMS, but also jSite and tools from pyFreenet — can be packaged to work out of the box, using Hyphanet as an ordinary background service. That’s a step towards Hyphanet as decentralized, privacy-preserving communication backend for other applications. Another step towards this is accepting the Schema hypha[net] to simplify writing browser extensions that forward hypha:-links to Hyphanet. The networking layer was optimized significantly. Searching packet types is often stopped early and common or cheaper checks are done before less common or time-consuming checks. This gives significant reductions of CPU load, especially for very fast nodes. Juiceman fixed a bug limiting MTU to 1280 where not needed. And recently failed and data not found cooldown times were reduced to 5 minutes and 3 minutes, reducing one of the big annoyances when accessing a site quickly after upload. On the data transfer layer, healing was optimized. After 1495 strongly increased the amount of healing to keep large files available for longer, 1498 specializes healing to keys close to the node location. This reduces healing per file, but improves privacy, because healing inserts are then more similar to forwarding — they mostly send data close to the nodes location — and it reduces the network load of healing, because the specialized healing inserts need fewer hops to reach the optimal storage location in the network. In addition to these changes deep down, there are a number of directly visible improvements. The plugins KeepAlive and Sharesite are updated (the latter now uses the new Night Zen Garden style). The UPnP2 plugin is now visible in simple mode. It can replace UPnP and should work better. On the flipside the Library plugin is moved to advanced plugins, because it does not work reliably enough. The plugin list is easier to navigate by removing the defunct option to download plugins from the clearnet and by adding better styling. Downloading from the clearnet was an unnecessary privacy risk since we’ve been bundling essential plugins with the installer for a few years now. The noderef for friend-to-friend connections is shown in simple mode again, because it is robust enough with the changes in recent years. This should remove a barrier to adding direct connections and enabling fully confidential messages between friends. There are new configuration options to allow connecting via local services. That’s a step towards making it easy to add a second layer of security, for example confining connections to a local network. Thanks goes to s7r for these changes! When bandwidth detection fails, the upload bandwidth now defaults to 160KiB/s. Also the NLM config is now disabled statically. This was a testing setup which could still be active in old nodes, but it would break connectivity nowadays. The default bookmarks include the Opennet SeedNodes statistics, the generate media site to create decentralized streaming sites, and the high-impact-tasks. The bookmarks are also re-ordered to be a better match for newcomers. Starting category: first steps, clean spider, Index of Indexes. For the software category ordered by ease of use from fproxy. For website authors, more CSS elements, selectors and combinators (`:checked`, `word-wrap: anywhere`, `focus-within`, `^=`, `$=`, `*=`, `>`, `+`, `~`) and additional HTML elements (`summary`, `details`, `<meta name="Viewport"...>`) are available. This strongly expands the possibilities of websites authors in Hyphanet, because Javascript or webassembly are no viable options in an environment where a privacy breach could put people at risk. We’ve seen with Java applets, that untrusted code will always break out of its containment. The CSS improvements in contrast provide a safe way to enable limited interactivity. Streaming support via m3u lists was improved to allow accessing segments of up to 200MiB. And using `-1` as version in a USK now properly finds version `0`, if this is the only existing version. There were a number of Java 21 fixes, including all our tests (thanks to Bombe!), and improvement to the github actions (thanks to AHOHNMYC). In addition to that there was a lot of polish. Bert Massop and Veniamin Fernandes replaced our homegrown CurrentTimeUTC with modern Java options. Alex fixed the pronoun used in strings. Bombe added getters for all direct field access in the node. Hiina reduced logging level of store warnings so no unneeded backtraces are created for node with large stores and Juiceman updated code to use more modern structures. Time-dependence of compressor selection was removed. This caused non-determinism for inserts and could cause keys to be non-reproducible on systems with faster or slower network. And finally the new [exe signing workflow][] we built to fulfill the requirements of SignPath, our new windows installer signing provider for the upcoming releases, runs the [verify-build script][] on every release to ensure that the jar we release has actually been built from the sources. This provides a second safety net, in addition to anonymous users running the script and posting the results (thanks to all who did this — please keep it up, otherwise people have to fully trust github). The release is not yet byte-by-byte reproducible, because the jar MANIFEST defines among other info the exact java version used to compile it, and the java version available differs by distribution and time, so it would get harder over time to verify the build. A special thanks goes to Bombe for many careful reviews! [high-impact-task]: https://github.com/hyphanet/wiki/wiki/High-Impact-tasks [Roadmap]: https://github.com/hyphanet/wiki/wiki/Roadmap [exe signing workflow]: https://github.com/hyphanet/sign-windows-installer [verify-build script]: https://github.com/hyphanet/scripts/blob/master/verify-build Thank you for using Freenet! - AB Developer changelog: 2024-04-28 Freenet 0.7.5 build 1498 is now available. [overview] Changes in 1498: merge debian package as default build action thanks to DC*/desyncr! This resolves one of our high impact tasks. Update KeepAlive to commit 86e47a101f26fd1d3be0437681a043aa4ae3f22c Update Sharesite to 0.5.1 Move UPnP2 to normal plugins. It does not seem broken, but UPnP does Move Library plugin to advanced plugins because new users tend to get lost with it 💄 Add better styling to the plugin list in winterfacey to make it easier to understand at a glance — thanks to Bombe 🔥 Remove option to load plugins from central server — thanks to Bombe! This was an unnecessary privacy risk, since we’re already bundling essential plugins with the installer, and it made plugin handling harder to understand. Add high-impact-tasks to bookmarks Add generate media site to the default bookmarks Add Opennet SeedNodes stats site Reorder starting bookmarks: FFS → clean spider → Index of Indexes Reorder default software bookmarks by ease of use from fproxy Disable activelink for Index of Indexes (workaround, because it fails) break early when condition is met — thanks to Juiceman Check the HashCode before equals. This saves ~20% method-runtime. Re-order or’ed MessageFilters so the most likely is checked first specialize healing to keys close to the node fix healing decision: do not divide 0-1 by MAX_VALUE — thanks to Bombe for the review! Reduce recently failed and data not found wait times CSS: Fix: checked only the first char of the key part of CSS selectors, Add test that would catch too lax filtering. CSS: Support pseudo-element checked. This enables limited interactivity via CSS. CSS: Support the attribute selectors ^= $= *=, Add tests. CSS: Support Combinators > + and ~, add test for ~ and simplify the implementation CSS: Support word-wrap: anywhere and CSS selector focus-within. HTML: allow summary and details html element. Thanks to naejadu HTML: accept <meta name="Viewport" ...>, thanks to torusrxxx Show the noderef in basic-mode: it is now robust enough accepting localhost in NodeIPPortDetector and allowBindToLocalhost configurable — thanks to s7r! Provide static methods for simpler boolean config creation Increase default bandwidth to 160KiB upload, when detection fails disable setting for new-load-management (NLM broke nodes) add utility to disable a config option, thanks to Bombe add m3u-player insertion test: is added at end of body [CI] Update actions, fix actions cache ♻️ add and use getters and setters for access to node fields Increase max transparent passthrough to 200MiB links in m3u-lists. Remove time-dependence of compressor selection. This caused non-determinism for inserts and could cause keys to be non-reproducible. improve date object construction in CurrentTimeUTC.get() Support Schema hypha[net] to simplify writing browser extensions that forward hypha://-links to Hyphanet. polish: show datastore size warning with GiB suffix Remove hash generation to native big integer to reduce dependencies. This had come in when merging an old pull request and added a new dependency without need. Replace indexOf with .contains() Change more string comparisons into .isEmpty() checks Capitalize L in literal longs Add missing Global flag to GetFailed FCP message. Thanks to oishii and Bombe! Fix links to mailing lists and IRC in CONTRIBUTING.md — thanks to Juiceman! Deprecated custom datetime handling class CurrentTimeUTC replace GregorianCalendar with java.time.OffsetDateTime in CurrentTimeUTC — thanks to Veniamin Fernandes Refine ClientRequestSelectorTest, PersistentJobRunnerImplTest, SplitFileFetcherStorageTest, and SplitFileInserterStorageTest — thanks to Veniamin Fernandes Change deprecated jcenter() maven repo to mavenCentral() — thanks to Veniamin Fernandes Added tests for PebbleUtils — thanks to Bombe! 🐛 Fix NPE when subsets are not initialized — thanks to Bombe reduce logging for too many excluded sub-arrays thanks to Hiina fix the flag size of nepal — thanks to Percept0r@NYZkOs7eQ…! Switch swiss flag to civil and state ensign — thanks to Percept0r@NY Thanks to Bombe all our tests work again on Java 21! 🐛 Fix JarClassLoader’s ability to work with ServiceLoader — thanks to Bombe! gzip: replace test workaround by fixing the output of the compressor — thanks to Bombe for the SingleOffsetReplacingOutputStream! fix: invalid max store size showed bytes with GiB suffix Also a special thanks to Bombe for many careful reviews! - AB --- AHOHNMYC (1): [CI] Update actions, fix actions cache Alex (1): Changed pronoun Arne Babenhauserheide (174): refactor the browser warning wizard page clean up auto-refactored method clean up more Update links in CONTRIBUTING.md and add a contact-section in README.md fix regression: default security level is normal fix: invalid max store size showed bytes with GiB suffix polish: also show datastore size warning with GiB suffix Sort peer-addresses to try by hostname -> ipv6 -> ipv4 Use Collections.addAll instead of manual set adding Prefer IPv6 over IPv4 for handshake address avoid possible Null Pointer Exception Prefer IPv6 over IPv4 in the InetAddressComparator prefer reachable addresses compare equal peer-instances by their addresses only sort if at least 2 addresses (performance) add two more logMINOR paths when using a USK with -1 as version, also find version 0. cache reachability for 100s, not only for 10s prefer reachable LAN addresses over reachable globally reachable addresses increase cache time to 5 minutes use the default max ping time for reachability prefer everything over broadcast addresses whitespace fix whitespace start test for USK -1 to 0, WIP gradle: undo change to disable preserving file timestamps Also build debian package on next update news whitespace build debian package from master build debian package from debian-pkg for quick experimentation disable -Zgzip mark debian version as 1497 include new deps in debian package add new required wrapper arguments for Java 11 in debian package switch debian java to 17 (from debian stable) build debian package from debian-package typo make debian/rules work on guix Add debian/changelog entry for 1497 manually update changelog again show debian diff debian 1497 sudo stay false Summary: first patch Debian init: name 1497 extract static PebbleUtils from WebTemlateToadlet for easier reuse Show the noderef in basic-mode: it is now robust enough Add generate media site to the default bookmarks Re-order default software bookmarks by ease of use from fproxy Reorder starting bookmarks: FFS → clean spider → Index of Indexes bookmarks: Add Opennet SeedNodes stats Update debian/freenet.init from the output of running on debian Version without -1 (try to get github runner working) revert the version change fix day of week in changelog hack: Do a local commit to get the package to work hack-1: Do a local commit to get the package to work noninteractive debian more hackery hackmore: format the patch output format-patch directly actually output the latest commit (HEAD^) output hack don’t try to get the patch Switch swiss flag to civil and state ensign — thanks to Percept0r@NY Remove no longer used showNoderef parameter Show the unencoded IP addresses before the noderef Provide default Key Type for File Insert Fix by reference comparison for review build from the current branch instead of hardcoded debian-package Also build the debian package on every pull-request fix: event pull-request → pull_request use head ref with fallback to ref if not avail use HEAD keep the debian package as asset remove trailing empty line copy package to relative path Use logging instead of backtrace for IPv6-addresses when unsupported fix the flag size of nepal — thanks to Percept0r@NYZkOs7eQ…! html-filter: allow summary and details html element. Thanks to naejadu Add test for article, details, wbr, and summary tags Fix whitespace Set the new load management option to ignored. Move Library to advanced plugins because new users tend to get lost Move UPnP2 to normal plugins. It does not seem broken, but UPnP does Fix merge error. Open module java.util.zip for tests gzip: replace test workaround by fixing the output of the compressor Support word-wrap: anywhere fix merge error add word-wrap test Add fallback for non-ArrayBuckets so every path fixes the OS byte Use the much nicer SingleOffsetReplacingOutputStream by Bombe — 💟 Shorten description of sharesite freesite for english Support the Schemas hypha: hyphanet: with web+ and ext+ Add tests for schema in FreenetURI Update sharesite plugin to 0.5.1 Update KeepAlive to commit 86e47a101f26fd1d3be0437681a043aa4ae3f22c update NEWS note Update Debian package to Version 1498 remove special casing of freenet: keys in WelcomeToadlet, because FreenetURI supports that already Add focus-within to NEWS specialize healing to keys close to the node remove unused imports refactor: extract variable to avoid long long line Add high-impact-tasks to bookmarks Disable activelink for Index of Indexes (workaround, because it fails) Update NEWS Re-order or’ed MessageFilters so the most likely is checked first Call the match function with all arguments directly. Check the HashCode before equals. This saves ~20% method-runtime. Add TODOs with notes for optimization and commented out logging code. Increase default bandwidth to 160KiB upload, when detection fails Harmonize New wizard with old wizard Remove hash generation to native big integer to reduce dependencies. Do not divide 0-1 by MAX_VALUE — thanks to Bombe for the review! Improve legibility Pass in Bucket instead of RandomAccessBucket Extract HealingDecisionSupplier — thanks to Bombes review! Pass precise supplies to the HealingDecision instead of the node. Remove no longer needed imports Add test for healing in Darknet mode Add negative tests for the healing decision supplier Increase max transparent passthrough to 200MiB links in m3u-lists. Also remove the NativeBigInteger part of HashTest Revert "Add TODOs with notes for optimization and commented out logging code." FIx indentation (match surrounding code) Extend comment for review: last must match most frequently Add more tests for review by Bombe Add test around zero for review by Bombe Fix IntelliJ indentation (reindent + tabify) Extract helper methods for review by Bombe Support CSS Combinators > + and ~ Support CSS the attribute selectors ^= $= *= Support CSS pseudo-element checked Add CSS test for ~ and simplify the implementation Fix: checked only the first char of the key part of CSS selectors Add tests for ^= $= and *= Whitespace Add test that would catch too lax filtering remove trailing empty line Remove redundancy in CSS Filter Remove stray ; tabify CSSTokenizerFilter Fix: do not tabify in string Only link indexes via the index of indexes. Fix links to mailing lists and IRC in CONTRIBUTING.md — thanks to Juiceman! Remove time-dependence of compressor selection Remove translation keys for removed config Improve Log message for wrong minimum percentage Add missing Global flag to GetFailed FCP message. Thanks to oishii! Java 21 fix: int used as return type but integer required allow 127.0.0.1 in bindTo Make allowBindToLocalhost configurable Provide static methods for simpler boolean config creation Use simpler static config creation Fix static boolean callback creation method, only used specialized Add test for static method BooleanCallback.from(). Add description of allowBindToLocalhost — thanks to s7r! also make accepting localhost in NodeIPPortDetector configurable Reduce recently failed and data not found wait times Remove unused import make instance variable private Cleanup whitespace Add getter test. Shorten description Remove duplication of value in documentation add m3u-player insertion test: is added at end of body Fix merge error whitespace change reversal check that m3u-filter-tag starts with <script and test in own method Arne Babenhauserheide (freenet releases) (4): Update default bookmark editions Update default bookmark editions Update default bookmark editions Build 1498 Bert Massop (2): Deprecate freenet.support.CurrentTimeUTC Remove all Fred usages of deprecated CurrentTimeUTC DC* (30): Debian package continuation Delete freenet.ini Add functions to retrieve seednodes Remove seednodes.fref Update clean target Lintian warning and error fix ups Add missing dependencies for debian bookworm Add github action Build binary package only, add build dependencies Use gbp build package apt update Custom action and install deps Install build script dependencies Missing sudo for apt-get on GH actions Missing equivs dependency Missing privileges in GH actions Remove freenet deps .deb package Cache steps and gradle configuration Remove gradle.properties generation Streamline clean up task Update changelog Update maintainer name Update maintainer name Add attribution to original work Update package build descriptions Update github action to test package generation only on tags and master Remove unnecessary file entries Lintian overrides Build on debian-pkg branch Update changelog David ‘Bombe’ Roden (110): 🐛 Fix JarClassLoader’s ability to work with ServiceLoader ⬆️ Update Hamcrest dependency to 2.2 🐛 Fix NPE when subsets are not initialized ✅ Add test for L10nExtension ✅ Add test for PebbleUtils ✨ Allow registering of ignored options 🔥 Remove option to load plugins over HTTP(S) from web interface 🔥 Remove translation texts for removed options 🔥 Remove option that would always load plugins from central server 🔥 Remove code that has been obsoleted by removal of HTTP(S) downloads for official plugins 💄 Add a bit of styling to the plugin list (for winterfacey) 🔥 Remove http(s) download from user alert 🗑️ Add deprecated methods for legacy options ✨ Add output stream to fix other output streams ✅ Add more tests for writing buffers with offset != 0 ✅ Add test for Global flag in GetFailed message ♻️ Add FCPConnectionHandler.getServer() ♻️ Add FCPConnectionHandler.getSocket() ♻️ Add FCPConnectionHandler.getOutputHandler() ♻️ Add FCPServer.getCore() ♻️ Add FCPServer.getNode() ♻️ Add FCPServer.isEnabled() ♻️ Add FCPServer.getGlobalRebootClient() ♻️ Use FCPServer.getGlobalForeverClient() ♻️ Add NodeClientCore.getBandwidthStatsPutter() ♻️ Add NodeClientCore.getUskManager() ♻️ Add NodeClientCore.getRequestStarters() ♻️ Add NodeClientCore.getFormPassword() ♻️ Add NodeClientCore.getTempFilenameGenerator() ♻️ Add NodeClientCore.getPersistentFilenameGenerator() ♻️ Add NodeClientCore.getTempBucketFactory() ♻️ Add NodeClientCore.getPersistentTempBucketFactory() ♻️ Add NodeClientCore.getClientLayerPersister() ♻️ Add NodeClientCore.getNode() ♻️ Add NodeClientCore.getNodeStats() ♻️ Add NodeClientCore.getRandom() ♻️ Add NodeClientCore.getAlerts() ♻️ Use NodeClientCore.getDirectTMCI() ♻️ Add NodeClientCore.getStoreChecker() ♻️ Add NodeClientCore.getClientContext() ♻️ Add Node.getNodeStats() ♻️ Add Node.getConfig() ♻️ Add Node.getGetPubKey() ♻️ Add Node.getIpDetector() ♻️ Add Node.isDisableProbabilisticHTLs() ♻️ Add Node.getTracker() ♻️ Use Node.getLocationManager() ♻️ Add Node.getPeers() ♻️ Use Node.getNodeDir() ♻️ Add Node.getRandom() ♻️ Add Node.getSecureRandom() ♻️ Add Node.getFastWeakRandom() ♻️ Use Node.getUSM() ♻️ Add Node.getDarknetCrypto() ♻️ Use Node.getOpennet() ♻️ Add Node.getExecutor() ♻️ Add Node.getPacketSender() ♻️ Use Node.getTicker() ♻️ Add Node.getDNSRequester() ♻️ Add Node.getDispatcher() ♻️ Add Node.getUptimeEstimator() ♻️ Add Node.getOutputThrottle() ♻️ Add Node.isThrottleLocalData() ♻️ Add Node.isEnableARKs() ♻️ Add Node.isEnablePerNodeFailureTables() ♻️ Add Node.isEnableULPRDataPropagation() ♻️ Add Node.isEnableSwapping() ♻️ Add Node.isEnableSwapQueueing() ♻️ Add Node.isEnablePacketCoalescing() ♻️ Add Node.getCollector() ♻️ Add Node.getClientCore() ♻️ Add Node.getFailureTable() ♻️ Add Node.getLastVersion() ♻️ Add Node.getNodeUpdater() ♻️ Add Node.getSecurityLevels() ♻️ Use Node.getPluginManager() ♻️ Add Node.getFreenetLocalhostAddress() ♻️ Add Node.getArkFetcherContext() ♻️ Add Node.getLastBootId() ♻️ Add Node.getBootId() ♻️ Add Node.getStartupTime() ♻️ Add Node.getNonPersistentClientBulk() ♻️ Add Node.getNonPersistentClientRT() ♻️ Add Node.getOldPK() ♻️ Add Node.getOldPKCache() ♻️ Add Node.getOldPKClientCache() ♻️ Add OpennetManager.getNode() ♻️ Add OpennetManager.getCrypto() ♻️ Add OpennetManager.getAnnouncer() ♻️ Add OpennetManager.getSeedTracker() ♻️ Add NodeUpdateManager.getNode() ♻️ Add NodeUpdateManager.getRevocationChecker() ♻️ Add NodeUpdateManager.getUpdateOverMandatory() ♻️ Add NodeUpdateManager.getByteCounter() ♻️ Add NodeCrypto.getPacketMangler() ♻️ Add NodeCrypto.isOpennet() ♻️ Add NodeCrypto.getSocket() ♻️ Add NodeCrypto.getPortNumber() ♻️ Add NodeCrypto.getMyIdentity() ♻️ Add NodeCrypto.getIdentityHash() ♻️ Add NodeCrypto.getIdentityHashHash() ♻️ Add NodeCrypto.getEcdsaPubKeyHash() ♻️ Add NodeCrypto.getMyARK() ♻️ Add NodeCrypto.get/setMyARKNumber() ♻️ Add NodeCrypto.getConfig() ♻️ Add NodeCrypto.getDetector() ♻️ Use NodeCrypto.getAnonSetupCipher() ♻️ Add PluginManager.getSingleUpdaterRequestClient() ♻️ Add SimpleToadletServer.getPushDataManager() 🐛 Fix JarClassLoaderTest to work with newer Java versions Hiina (2): Change logging for "too many excluded sub-arrays" from normal to minor. Change logging for "too many excluded sub-arrays" from normal to minor. Juiceman (20): Add text further describing IPv6 limitations. Fix bug limiting MTU to 1280 Remove security lowering kludge. Change string comparison into a .isEmpty() check Remove now unnecessary parenthesis Apply sanity check for size Improve text of log message Fix some spelling and typos Capitalize L in literal longs Fix typo and remove extra unary operator Replace deprecated tag Typo in comment Change more string comparisons into a .isEmpty() checks Replace indexOf with .contains() Remove unnecessary semicolons Use Math.min and Math.max Revert "Typo in comment" Use switch statements break early when condition is met Remove parenthesis Veniamin Fernandes (17): Update junit to version 4.13.2 Change deprecated jcenter() maven repo to mavenCentral() remove unused code from ClientRequestSelectorTest make inner classes to be static in PersistentJobRunnerImplTest improve SplitFileFetcherStorageTest and SplitFileInserterStorageTest Improve other tests in the freenet.client package Minor improvements and code formatting according to hyphanet#826 review Replace charset string parameters with constants from StandardCharsets restore the Util.hashString() method Fix indentation according to code review comments in hyphanet#836 Use StandardCharsets.UTF_8 in the FileLoggerHook replace GregorianCalendar with java.time.OffsetDateTime in CurrentTimeUTC fix typo in the javadoc freenet.support.CurrentTimeUTC#getInMillis improve date object construction in CurrentTimeUTC.get() Replace OffsetDateTime with LocalDate in CurrentTimeUTC improve method deprecation guidelines in MasterKeys and DatabaseKey restore checked exception in the FileLoggerHook.logString() method signature
2023-02-28
Freenet 0.7.5 build 1497 is now available. [overview]
This release fixes a severe vulnerability in path folding that allowed
to distinguish between downloaders and forwarders with an adapted
node that is directly connected via opennet.
This vulnerability was reported to the Project by Prof. Ming Yang and
Prof. Zhen Ling from the School of Computer Science and Engineering,
Southeast University, Prof. Xinwen Fu from the Miner School of
Computer & Information Sciences, University of Massachusetts Lowell,
and Yonghuan Xu from School of Cyber Science and Engineering,
Southeast university.
Yonghuan also provided support in fixing the vulnerability. Thank you
very much!
To reduce the probability of hitting other problems in path folding,
we also merged the pull-request to completely avoid path folding at
HTL 17 or higher.
Thank you for using Freenet!
- AB
Developer changelog:
2023-02-28
Changes in 1497:
This release fixes a severe vulnerability in path folding that allowed
to distinguish between downloaders and forwarders with an adapted
node that is directly connected via opennet.
This vulnerability was reported to the Project by Prof. Ming Yang and
Prof. Zhen Ling from the School of Computer Science and Engineering,
Southeast University, Prof. Xinwen Fu from the Miner School of
Computer & Information Sciences, University of Massachusetts Lowell,
and Yonghuan Xu from School of Cyber Science and Engineering,
Southeast university.
Yonghuan also provided support in fixing the vulnerability. Thank you
very much!
To reduce the probability of hitting other problems in path folding,
we also merged the pull-request to completely avoid path folding at
HTL 17 or higher.
Due to changes in the infrastructure, this release has to re-use the
Windows Installer from 1496, so newly installed nodes on Windows will
still be vulnerable for a few minutes after installation until they
auto-update. This should get fixed in 1498.
Besides this change, there’s a German translation fix by an anonymous
contributor: Email → E-Mail.
And a fix for a test that points towards the need to check the
compression code on newer JDKs.
- AB
[include shortlogs of any installer or plugin changes]
---
Arne Babenhauserheide (3):
Fix l10n: Email → E-Mail. Anonymous contribution - thank you!
re-add delay; check noderef to match RequestHandler.finishOpennetInner
Do not send a duplicate Ack on path folding — thanks to Yonghuan
Arne Babenhauserheide (freenet releases) (2):
Update default bookmark editions
Build 1497
Matthew Toseland (5):
Don't relay noderefs at high HTL
Don't accept noderefs either at high HTL
Missing return, oops
Comments
Replace outdated comment with an assertion
Veniamin Fernandes (1):
Fix compression result comparison in the GzipCompressorTest for newer JDKs
2023-01-07
Freenet 0.7.5 build 1496 is now available.
Fix keepalive
-------------
This fixes breakage in keepalive by ignoring a negative maxsize.
This was broken by a fix to the client
to actually honor the maxsize which was ignored before,
so ignoring invalid values provides a compatibility layer
for old plugins.
Update translations
-------------------
Imported updated translations from transifex.
The biggest changes were done by the Russian team,
adding or updating almost 200 translations.
The German team changed over 70 translations.
And 1 to 7 changes were done by teams
es, fa, fi, fr, hu, it, ja, nb-no,
nl, pt (br and PT), sv, zh-cn and zh-tw.
A big thank you for your work!
Bookmark curation
-----------------
Replaced the unmaintained freemail site in the default bookmarks
by a maintained one — thanks to Cynthia!
Further changes
---------------
- add meta charset tests
- add missing test annotations — thanks to vwoodzell!
Thank you for using Freenet!
- AB
Developer changelog:
2023-01-07
Changes in 1496:
- fix keepalive regression — thanks to PlantEater for tracking it down and fixing it!
- fix negative maxsize per new fetch override
- also override maxTempLength
- LowLevelGetException also return the throwable because the error doesnt help, the real gets hidden
- update translations, thanks to the translators on transifex, especially the Russian ones!
- add meta charset tests
- replace unmaintained freemail site by maintained one — thanks to Cynthia!
- add missing test annotations — thanks to vwoodzell!
- AB
---
Arne Babenhauserheide (5):
Add meta Charset tests
bookmarks: replace unmaintained freemail site by maintained one — thanks to Cynthia!
fix: actually detect charset
de-horrify test :-)
CONTRIBUTING.md with easy to work with rule
Arne Babenhauserheide (freenet releases) (5):
update translations
remove more references to Frost from translations
update news
Update default bookmark editions
Build 1496
PlantEater (1):
- fix negative maxsize per new fetch override - also override maxTempLength - LowLevelGetException also return the throwable because the error doesnt help, the real gets hidden
Vaughan Woodzell (1):
Add missing test annotations
2022-12-03 Freenet 0.7.5 build 1495 is now available with many improvements. New users --------- There is a new firsttime wizard for single-step setup, contributed by redwerk and finally merged after resolving dependency-requirement. To further ease the start, the bookmarks are re-organized with "starting points" at the top. User experience --------------- For integration in browser extensions, TheSeeker added support for the schemes web+freenet and ext+freenet which do not need further allow-listing by browsers to use. CometZ@6DtYG~ created a new theme sky-dark-static, a clean dark scheme, simpler than Winterfacey. To enable more beautiful Freesites, Spider Admin, naejadu and vwoodzell extended the CSS filter to enable sticky, transition, and word-wrap. The m3u-player is now only inserted into sites which contain at least one video or audio tag. When a part of a stream fails, it is now skipped, allowing for continuous playback without user-intervention. Performance ----------- For better lifetime of larger files, the healing size is increased from 16 to 256 MiB, so a 512 MiB file will keep working if accessed once every 10 days. To keep alive files explicitly, you can use the keepalive plugin. And the pending keys optimizations by Eleriseth should reduce the CPU load on very fast nodes with many peers. Further technical improvements ------------------------------ - finally merged the HashingAPI by unixninja92, a GSoC project that had gotten lost in the pull requests. This provides an easy and well-tested way to create and verify different types of Hashes from byte arrays, including Sha256 and TigerTree. hyphanet#258 - old announcement fixes by toad were finally merged - unit tests were upgraded to junit4, thanks to vwoodzell! - the client getter method now honors the max size argument Thank you for using Freenet! - AB Developer changelog: 2022-12-03 Changes in 1495: - new firsttime wizard (single-step joining with clearer defaults) - Add web+freenet and ext+freenet as supported schemas to support extensions. Thanks to TheSeeker - new theme: sky-dark-static - thanks to CometZ@6DtYG~ - re-organize default bookmarks: first section has "starting points", thanks to vwoodzell for the review! - m3u-player: skip broken files - m3u-player: only inline the m3u player if the page contains media tags - Client getter honor max size argument - finally merged the HashingAPI by unixninja92, a GSoC project that had gotten lost in the pull requests. This provides an easy and well-tested way to create and verify different types of Hashes from byte arrays, including Sha256 and TigerTree. hyphanet#258 - upgrade unit tests to junit4, thanks to vwoodzell! - Eleriseth pending keys merged (performance) - healing size increased (better lifetime for popular files) - CSS: enable sticky — thanks to Spider Admin - CSS: enable transition and word-wrap — thanks to naejadu, thanks to vwoodzell for the review! - old announcement fixes by toad finally merged - AB (parts of the following ChangeLog are repeated due to merging with old branches) --- Arne Babenhauserheide (65): Update DatastoreUtil.java Fix translations and UpdatedVersionAvailableUserAlert.updateNowButton fix typo in l10n property name Document and increase max running healing inserts: heal up to 250MiB per download. refactor: replace MyFetchCallback by FetchCallbackForTestingSplitFileInserter kill sysout rename MyKey to SplitFileFetcherStorageKey randomize pitch black defense times remove unnecessary import remove more unnecessary imports use UTC clock wait at least 12 hours between pitch black mitigations change misleading naming — thanks to Steve for the review! bandwidth: parse bit suffix correctly fix parts of de-translation remove Frost on ChatForumsToadlet from non-updated translations (removed 2019 from the original english) m3u-player: more robust sizes, do not use overlay for audio. add opens jvmargs on java 17 remove old unconditional logging line that has been ignored for a decade now and pollutes the log Fix merge: Allow setting datastore size from outside again add dependencyVerification for pebble update pebble to 3.1.5 add pebble to dependencies.properties and document deps in README.md add unbescabe and slf4j-api as dependencies of pebble add pebble deps to dependencies.properties add missing type info in dependencies.properties bookmarks: Add Sharesite and move Software to second position. bookmarks: first section → Starting Points, add FFS, new jFniki url honor maxSize argument in ClientGetter#fetch(uri, maxsize, ...) recover build-clean.xml from the Gentoo ebuild to simplify packaging m3u-player: skip tracks that fail. resolve more merge errors add sky-dark-static theme by CometZ@6DtYG~ Add css transition and word-breaking support by naejadu prepare news for 1495 prepare news for 1495 Document getDefaultString return debounce changing the track to avoid skipping forward with error-storms Skip on wrong mime-type errors bookmarks: add infocalypse and pyFreenet sharesite only include the inline m3u player if the page contains media-tags fix: adjust to API change (hash.verify() returns result instead of throwing) note the HashingAPI web+freenet junit4 CSS Remove duplicate if-else branches thank you for reviews NEWS: move unreviewed PRs into next section for now fix: \ needs to be escaped typo Simplify boolean check src/freenet/client/filter/HTMLFilter.java — thank you! recover description for FLIP — thank to Steve for the review! refactor: rename isPasswordEmpty to isPasswordAlreadySet + invert if fix: ensure that the storage limit uses the proper format for html fix: only add redirect script if JS is enabled + refactor link doc: note that the JS wizard is only used if JS supported fix: add compatible minimum for storage limit Add title to wizard in a way that’s visible in winterfacey Adjust default values in new wizard Get the minStorageLimit for the pebble template from the node recover comment about storage limit fix sha256-hash of pebble (copy-paste error) fix: downloading one-letter or two-letter files failed fix test for now cleaner m3u player tag insertion Arne Babenhauserheide (freenet releases) (9): Update default bookmark editions updated NEWS updated NEWS Update default bookmark editions Update default bookmark editions Update default bookmark editions Update default bookmark editions Update default bookmark editions Build 1495 Eleriseth (8): Remove impossible checks Put all single-key listeners on separate queues KeyListenerTracker.removePendingKey(Has*): move synchronized Don't salt SSK keys Use KeyListener/KeyListener[] instead of ArrayList<KeyListener> PeerNode.shouldAcceptAnnounce never added uid to runningAnnounceUIDs PeerNode.completedAnnounce was completely broken [ this is the actual bug fix, not the cleanup ] Cleanup, thanks Eleriseth, this is the rest of "PeerNode.completedAnnounce was completely broken", not including the stuff about double announcement (which isn't relevant). Matthew Toseland (3): Document what these methods are for. Fix return value of completedAnnounce(), thanks Eleriseth. Fix unnecessary array copying. Add error messages for exceptional cases. Don't assert. Not the same as Eleriseth's patch, but thanks Eleriseth for pointing out the issue. Oleh Shklyar (45): add new first time wizard page validate form intermediate commit, needed to check setStoreSize logic fix min datastore size validation refactoring: move maxDatastoreSize() and autodetectDatastoreSize() to util class comment and clean maxDatastoreSize() check free disc space clean prepare cases to save save bandwidth limit save opennet/darknet choice save password & set security level add form password add to new First time wizard BandwidthLimit Detection some javadoc fix form state after validation failed - change js add redirect if js enabled clean fix file.separator get storageLimit from config fix Storage field min value and total value that depends on caches also formatting (braces) change exceptions that throws BandwidthManipulator.detectBandwidthLimits method formatting firsttimewizard.js merge next add pebbletemplates remove password if already set fix validations add very large limits setting default valu when switching "have a monthly bandwidth limit" (may affect validation) bandwidth monthly limit validation copy comment from nextgens to source docs formatting allow /imagecreator/?width=200&height=100&text=200x100 url from freesites Path availability Fix (using link filter) Validate image size Optimization of maximum font size algorithm Validate image size Clean Clean Timestamp ImageCreatorToadletTest Removed alignment using spaces To date, there is no reason to open access Reducing opened API Spider-Admin (2): add support for CSS selector focus-within. Update CSSTokenizerFilter.java TheSeeker (1): Fix prefix detection to support https, web+freenet: and ext+freenet: Trivuele (6): Make it easier to build without network access Allow only doing a single wizard step User alert if datastore is below 10% of available space -- rebased without new datastore settings Disable write local to datastore functionality when opennet enabled Nothing ever triggers onAbortDownstreamTransfers() Stop storing blocks twice Vaughan Woodzell (9): Separate TagVerifierTest from ContentFilterTest Convert TempBucketTest test suite to junit4 style Rename assertEquals to assertBlockArrayEquals Remove ConfigTest constructor Convert Asserts to junit4 style Convert derived classes to junit4 style Add missing epsilon argument Convert remaining tests to junit4 style Add tests for BaseL10n.getDefaultString() freedom-of-depression (1): fix FOAFMitigationHack skydome (1): fix unit test for bandwidth field parsing unixninja92 (3): JceLoader: log warning on limited policy file Add hashing API and tests Enable assertions in gradle
2022-06-24
Freenet 0.7.5 build 1494 is now available.
This build improves four broad areas:
- streaming on demand,
- configuration,
- security, and
- bugfixes.
Streaming provides improved video and audio:
Video sizes are more robust when the size changes between subsequent videos.
Audio tags no longer try to display the overlay.
This finally enables convenient Samizdat Radio
To help modernize the configuration of existing nodes,
Freenet now shows a user alert once every Freenet update if the datastore is
below 10% of available space with a link to the store size wizard page
to make it easy to increase the store. Thanks to Trivuele!
Also the bandwidth settings now parse the bit suffix correctly
(lowercase b in kbps is bit, not byte).
The security received improvements both for friend to friend mode,
for opennet, and to tools for Freesites:
Friend-to-Friend mode now randomizes pitch black defense times
and waits at least 12 hours between pitch black mitigations
to prevent timing attacks.
Opennet is hardened by disabling the write local to datastore
functionality when opennet is enabled; it can be useful on a
small darknet, but on opennet it makes it easier to find downloaders.
Thanks to Trivuele!
Also a FOAF mitigation was fixeb that wasn't operational, because it lacked
a conversion to percent. Thanks to freedom-of-depression!
The /imagecreator/ tool, among other changes, now ensures
that requested image sizes are sane — thanks to Oleh from Redwerk
Finally it’s now easier to build fred without network access. Thanks to Trivuele!
In addition to these improvements, bugs got fixed:
- fix build with modern Java: add opens jvmargs on java 17.
- remove Frost on ChatForumsToadlet from non-updated translations
(removed 2019 from the original english).
- fix parts of the German translation.
- Do not store blocks in the cache, if they are eligible for the store
(should increase usable cache size). Thanks to Trivuele!
A big thank you to all contributors and reviewers
for getting this release in shape!
And thank you for using Freenet!
- AB
Developer changelog:
2022-06-24
Changes in 1494:
- Show a user alert (once every Freenet update) if the datastore is
below 10% of available space with a link to the store size wizard page
to make it easy to increase the store ― thanks to Trivuele
- Do not store blocks in the cache, if they are eligible for the store
(should increase usable cache size) thanks to Trivuele
- m3u-player: more robust sizes, do not use overlay for audio. This
finally enables convenient Samizdat Radio
- randomize pitch black defense times and wait at least 12 hours
between pitch black mitigations to prevent timing attacks
- bandwidth settings: parse bit suffix correctly
- improve /imagecreator/ thanks to Oleh from Redwerk
- Disable write local to datastore functionality when opennet is
enabled; it can be useful on a small darknet, but on opennet it
makes it easier to find downloaders. thanks to Trivuele
- make it easier to build fred without network access thanks to Trivuele
- fix build with modern Java: add opens jvmargs on java 17
- fix: a FOAF mitigation wasn t operational, because it lacked a
conversion to percent. thanks to freedom-of-depression
- remove Frost on ChatForumsToadlet from non-updated translations
(removed 2019 from the original english)
- fix parts of the German translation
- AB
---
Arne Babenhauserheide (12):
randomize pitch black defense times
remove unnecessary import
remove more unnecessary imports
use UTC clock
wait at least 12 hours between pitch black mitigations
bandwidth: parse bit suffix correctly
fix parts of de-translation
remove Frost on ChatForumsToadlet from non-updated translations (removed 2019 from the original english)
add opens jvmargs on java 17
m3u-player: more robust sizes, do not use overlay for audio.
remove old unconditional logging line that has been ignored for a decade now and pollutes the log
change misleading naming — thanks to Steve for the review!
Arne Babenhauserheide (freenet releases) (4):
Update default bookmark editions
updated NEWS
updated NEWS
Build 1494
Oleh Shklyar (12):
allow /imagecreator/?width=200&height=100&text=200x100 url from freesites
Path availability Fix (using link filter)
Validate image size
Optimization of maximum font size algorithm
Validate image size
Clean
Clean
Timestamp
ImageCreatorToadletTest
Removed alignment using spaces
To date, there is no reason to open access
Reducing opened API
Trivuele (6):
Make it easier to build without network access
Allow only doing a single wizard step
User alert if datastore is below 10% of available space -- rebased without new datastore settings
Disable write local to datastore functionality when opennet enabled
Nothing ever triggers onAbortDownstreamTransfers()
Stop storing blocks twice
freedom-of-depression (1):
fix FOAFMitigationHack
Merge remote-tracking branch 'origin/trivuele-stop-storing-blocks-twi… …ce' into next
2022-03-28
Freenet 0.7.5 build 1493 is now available. [overview]
This build provides four core improvements:
1. Curated default bookmarks,
including an actively maintained index and Shoeshop for a sneakernet
2. Better peer scaling for very fast nodes
3. Updated defaults to adapt to the higher capacities of modern systems
4. Compatibility with Java 17, first in the installers, with the
following update for all nodes
The curated default bookmarks provide a much better first-start
experience. Previously new users saw mostly outdated sites in
inactive indexes.
Adding Shoeshop to enable sneakernet which can connect separate
Freenet networks even if no internet connection can be established
now provides all the tools for selfpublishing, not only in the
style of publishing an online blog (which is already easy with
Sharesite) or sending a file to an independent printer, but in the
much more self-reliant style, resourcefulness and rebellious spirit
of classical samizdat.
Adjusted peer-scaling fixes a conceptual problem: Fast nodes could
not utilize their bandwidth well enough, because the previous
peer-scaling did not take the aggregated bandwidth limit of the
peers into account. Now very fast nodes have linearly scaling
peer-counts to make it more likely that the capacity of their peers
added together matches the capacity of the fast node. The absolute
upper limits stay in place, because they are needed to preserve
privacy. There are also no changes to the peer-scaling of slower
nodes.
The fixed scaling should improve the performance of the whole
network because it avoids creating artificial bottlenecks.
Changes to the defaults are a doubled thread limit of newly
installed nodes (increased from 500 to 1000), with the stack size
per thread reduced by half to avoid higher memory consumption, the
datastore size is increased from 20GiB to 100GiB, because SSDs are
much faster and more resilient than before, and the default
bandwidth to offer if the actual speed cannot be found is doubled
to 32KiB/s.
These newer defaults should also improve the first-time user
experience.
Compatibility with Java 17 took longer than we hoped, because it
required deploying a newer wrapper and changes to the classpath.
This makes it easier to support packages for modern Linux, and it
should avoid losing nodes when Java updates itself (starting from
the next update this also applies to existing nodes; we have to
deploy the update code in 1493 so it can run during the update to
1494).
All together these changes should improve the user experience for
new people, give sneakernet the visibility it deserves, and
increase the performance of the network as a whole.
And last, but definitely not least, our translation team at
transifex updated enough of the the German, Persian, Finnish,
Italian, Japanese, Norwegian, Portuguese, Russian, and Swedish
texts in Freenet that we can ship the new versions. Thank you
very much!
That Freenet can keep moving forward and help people worldwide to
exercise their basic rights and freedoms is the work of amazing
volunteers, both contributors and people running Freenet nodes.
Thank you for your contributions, and thank you for using Freenet!
- AB
Developer changelog:
2022-03-28
Changes in 1493:
- Update the wrapper files in dependencies.properties to 3.5.30
This change sets a consistent wrapper-version for Windows, *Nix, and
also OSX, thanks to operhiem1 for the review
- Pseudonymous people found found a bug in our splitfile inserter that
TheSeeker tracked down to its source. It threw an exception if the
checksum was exactly [0,0,0,0], thanks to operhiem1 for the review
- Update default bookmarks: Replace inactive indexes, add Shoeshop,
show active sites first. Thanks to AC4BB21B for the review!
- Fix FreenetURI intern() to not forget edition of USK — thanks to
debbiedub!
- Replace Pointer.SIZE with Native.POINTER_SIZE for JNA 5.x — thanks
to Leo3418 and Bombe
- fix peer scaling for very fast peers:
Very fast nodes have more peers to fix a conceptual mistake
(did not take the aggregated bandwidth limit of the peers into account).
Thanks to TheSeeker for the review!
- more resilient noderef parsing for easier friend-to-friend connections
try replacing spaces by newlines in noderefs when parsing fails
- Accept FreenetURI in add peer field; only try regular url on failure
— thanks to desyncr for the review
- Add warning about surveillance through voice recognition tech
- Updater changes to add Java 17 support for existing nodes to
wrapper.conf (required module opens for Java 17 to wrapper.conf)
during the following update (to 1494)
- add output of filtered file to the OggFilterTest
- Installer changes:
- Java 17 support
- increase default datastore size to 100GiB, because SSDs are much
faster today
- Set standard thread limit to 1000
- decrease default thread stack size for reduced memory usage
(512KiB)
- Increase default bandwidth to 32KiB/s. This should improve
performance for new nodes where UPnP does not give the speed.
thanks to operhiem1 for the review
- AB
---
Changes in the installers:
java-installer:
Arne Babenhauserheide (8):
wrapper.conf: open the modules required for Java 16 and Java 17
wrapper.conf: increase count for commented out args, too
decrease per-thread stacksize to 256k
Get and load sharesite by default instead of ThawIndexBrowser
increase default max memory limit to 768 for computers with more than 4GiB of memory
fix: no equal sign after Xss
512k thread stack
update wrapper.jar, binaries and libs to upstream version 3.5.30
update jna on classpath when run without wrapper to 4.5.2
Arne Babenhauserheide (freenet releases) (3):
Merge branch 'TheSeeker-patch-1' into next
Merge branch 'next' of github.com:freenet/java_installer into next
detect Java 9 to 18
TheSeeker (1):
update jna dependency versions
wininstaller-innosetup:
Arne Babenhauserheide (8):
Update wrapper.conf
decrease per-thread stacksize to 256k
fix: no equal sign after Xss
only set Java 9+ options on w64
also lookup java 64 under non-explicit 64 key
allow 1024 MiB of memory on a machine with more than 4GiB
update the wrapper to the build with Java 9+ support created by Steve in 2018
remove 32bit note for Java installer (because it is no longer correct)
Arne Babenhauserheide (freenet releases) (11):
Update bundled JRE to 10.0.2 for Windows x64
reference zip, not exe
declare var
{tmp}\ so this is not empty
note why zip
Merge branch 'innosetup-windows-x64-support' of https://github.com/desyncr/wininstaller-innosetup
Merge branch 'desyncr-innosetup-windows-x64-support'
end line with carriage return newline
update FreenetTray.exe to version from cc614654fe8a4ae1a22db9b67b7bdf012268590c support-java-registry-with-JRE
Merge branch 'master' of github.com:freenet/wininstaller-innosetup
note that gh actions runs can be retriggerd
DC* (6):
Reference bundled zip for extraction
Fix syntax error
Simplify command and remove unnecessary compression
Mistakenly removed fred_deps.iss
Pre-unpack jre zip before creating installer
Merge remote-tracking branch 'origin/master' into innosetup-windows-x64-support
---
Changes in fred:
Arne Babenhauserheide (33):
add output of filtered file to the OggFilterTest
fix peer scaling for very fast peers:
correctly mark bytes with uppercase b
fix: apply max peers after increasing targetPeers for fast nodes
add voice recognition warning
try replacing spaces by newlines in noderefs when parsing fails.
Accept FreenetURI in add peer field; only try regular url on failure
note effectively published field
actually replace instead of doing the wrong thing
actually working more liberal noderef parsing
add max size to the fetched noderef
add required module opens for Java 17 to wrapper.conf
increase default datastore size to 100GiB, because SSDs are much faster today
Set standard thread limit to 1000
Use Logger instead of System.out.println
make the 50% slow fraction assumption explicit
break long line
log after setting limit for consistency
update NEWS
update default bookmarks.
update NEWS
Increase default upload bandwidth if none detected to 32KiB/s
remove options with duplicated upload bandwidths.
delete l10n for no longer existing bookmarks
Add fetchpullstats to the bookmarks
Move inactive flogs to the end of the flog list
fix: this threw an exception if the checksum was exactly [0,0,0,0].
Update the wrapper files in dependencies.properties to 3.5.30
1493 NEWS
1493 NEWS
fix: NEWS structure was broken
typo
cleaner NEWS description and remove duplicate entry
Arne Babenhauserheide (freenet releases) (7):
Update default bookmark editions
Update default bookmark editions
Update default bookmark editions
Update default bookmark editions
NEWS changes
Update default bookmark editions
Build 1493
Debora Wöpcke (2):
Add test to verify that intern() does not modify an USK
Correct so that FreenetURI intern() doesn't forget suggestedEdition
Yuan Liao (1):
Replace Pointer.SIZE with Native.POINTER_SIZE for JNA 5.x
PreviousNext