Skip to content

build01497: 2023-02-28
Compare
Choose a tag to compare
@ArneBab ArneBab released this 04 Mar 19:57
· 713 commits to next since this release
build01497
This tag was signed with the committer’s verified signature.
ArneBab Arne Babenhauserheide
GPG key ID: B41A6047FD6C57F9
Learn about vigilant mode.
e3bb502
This commit was signed with the committer’s verified signature.
ArneBab Arne Babenhauserheide
GPG key ID: B41A6047FD6C57F9
Learn about vigilant mode.

Freenet 0.7.5 build 1497 is now available. [overview]

This release fixes a severe vulnerability in path folding that allowed
to distinguish between downloaders and forwarders with an adapted
node that is directly connected via opennet.

This vulnerability was reported to the Project by Prof. Ming Yang and
Prof. Zhen Ling from the School of Computer Science and Engineering,
Southeast University, Prof. Xinwen Fu from the Miner School of
Computer & Information Sciences, University of Massachusetts Lowell,
and Yonghuan Xu from School of Cyber Science and Engineering,
Southeast university.

Yonghuan also provided support in fixing the vulnerability. Thank you
very much!

To reduce the probability of hitting other problems in path folding,
we also merged the pull-request to completely avoid path folding at
HTL 17 or higher.

Thank you for using Freenet!

  • AB
Developer changelog:

2023-02-28

Changes in 1497:

This release fixes a severe vulnerability in path folding that allowed
to distinguish between downloaders and forwarders with an adapted
node that is directly connected via opennet.

This vulnerability was reported to the Project by Prof. Ming Yang and
Prof. Zhen Ling from the School of Computer Science and Engineering,
Southeast University, Prof. Xinwen Fu from the Miner School of
Computer & Information Sciences, University of Massachusetts Lowell,
and Yonghuan Xu from School of Cyber Science and Engineering,
Southeast university.

Yonghuan also provided support in fixing the vulnerability. Thank you
very much!

To reduce the probability of hitting other problems in path folding,
we also merged the pull-request to completely avoid path folding at
HTL 17 or higher.

Due to changes in the infrastructure, this release has to re-use the
Windows Installer from 1496, so newly installed nodes on Windows will
still be vulnerable for a few minutes after installation until they
auto-update. This should get fixed in 1498.

Besides this change, there’s a German translation fix by an anonymous
contributor: Email → E-Mail.

And a fix for a test that points towards the need to check the
compression code on newer JDKs.

- AB

[include shortlogs of any installer or plugin changes]

---
Arne Babenhauserheide (3):
      Fix l10n: Email → E-Mail. Anonymous contribution - thank you!
      re-add delay; check noderef to match RequestHandler.finishOpennetInner
      Do not send a duplicate Ack on path folding — thanks to Yonghuan

Arne Babenhauserheide (freenet releases) (2):
      Update default bookmark editions
      Build 1497

Matthew Toseland (5):
      Don't relay noderefs at high HTL
      Don't accept noderefs either at high HTL
      Missing return, oops
      Comments
      Replace outdated comment with an assertion

Veniamin Fernandes (1):
      Fix compression result comparison in the GzipCompressorTest for newer JDKs
Assets 11
Loading