Freenet 0.7.5 build 1474 is now available. This is an emergency bugfix release, hence I am releasing it rather than Steve while he is incapacitated. It fixes some important bugs, one of which is involved in the current attacks on Frost and Sone.
Summary of changes:
- Fix the Frostbite bug: if the node downloads a malicious key, this would cause the whole client layer to break. This is currently being actively used to attack Frost and Sone.
- Automatically upgrade nodes to use the minimum bandwidth limit if necessary. Some nodes were unable to start up because their bandwidth limit was too low. Apologies to anyone affected by this. Also, improve the logic that sets the per-second bandwidth limits from a monthly setting. Obviously, you should be very careful if using Freenet on a connection with a monthly transfer limit.
- Minor security improvements to the web interface.
If your node is unable to update because of the Frostbite bug, please turn off the affected applications (unload the Web of Trust and Sone plugins and shut down Frost), and then restart the node. It should pick up the update within a few hours. If it still doesn't work, the update.cmd or update.sh scripts may fix the problem, but they will access our website in a traceable manner.
Thank you for using Freenet!
- Matthew Toseland
Git shortlog:
Bert Massop (4):
BloomFilter: additional sanity checking of length and hash count
Add more splitfile sanity checks
Make KeyListenerTracker more resilient
Fix a corner case in BloomFilter length
Florent Daigniere (7):
Set rel='noreferrer noopener' where appropriate
Merge branch 'do-not-die-on-too-low-bandwidth' of https://github.com/ArneBab/fred-staging-1 into ArneBab-do-not-die-on-too-low-bandwidth
Merge branch 'ArneBab-do-not-die-on-too-low-bandwidth' into next
Merge branch 'frostbite-hotfix' of https://github.com/bertm/fred-staging into bertm-frostbite-hotfix
Merge branch 'bertm-frostbite-hotfix' into next
Merge branch 'avoid-claiming-magic' of https://github.com/Thynix/fred-staging into Thynix-avoid-claiming-magic
Merge branch 'Thynix-avoid-claiming-magic' into next
Matthew Toseland (1):
Build 1474, mandatory in a week but crucial bugfixes
Steve Dougherty (3):
Merge remote-tracking branch 'ArneBab/do-not-die-on-too-low-bandwidth' into next
Merge remote-tracking branch 'nextgens/use-noreferrer' into next
l10n: avoid suggesting tracing is impossible
drak@kaverne (5):
FIX: on too low bandwidth, use min bandwidth
node init: log increase of bandwidth to minimum
fixed bandwidth selection per month
whitespace (tabify)
use asymptoticDlFraction + fix whitespace