build01484: 2019-03-21

Freenet 0.7.5 build 1484 is now available. [overview]

This release fixes the last blocking problems with the new build based on gradle and JNA.

Thanks to thesnark and operhiem1 we have a fix to a way to circumvent the content filter. This
could have resulted in handing an insecure file to an external (and potentially vulnerable)
program without showing a warning to the user. Please update ASAP to avoid that. See
CVE-2019-9673 for details.

Also uploads without compression now survive restarts of the node again.

This release finally includes the ogg-filter from Spencer Jacksons Google Summer of Code
project. It still needs polishing and has some inefficiencies, but you can now listen to a FLAC
from Freenet directly from your browser.

As a sidenote: Freenet supports listening to mp3 files in the browser since version build 1473
(2016-05-21). You can also use mp3s in a HTML5 audio-tag (FLAC not yet).

As main user-visible change: If you use the default theme, you will now see the Winterfacey
theme. If you changed it to some other theme, Freenet will continue to use that other theme.

The main networking change is to apply the less recently failed branch by toad. This should
decrease the number of recently failed errors, but it could have side-effects.

For darknet friends, the 1024 character limit of n2n messages is lifted. You can now send
messages of up to 128 kiB.

And thanks to Redwerk, there is now a "Send confidential message" button on the friends page.
Just tick the checkbox of the friends you want to contact to send n2n messages to them.

Also thanks to Redwerk, Freemail_wot is also updated to v0.2.7.4 with better detection of
contacts missing from WoT.

Further changes:

- update WoT plugin to build 20. Thanks to xor.
- replace handler.outputHandler.queue by handler.send - thanks to patheticcockroach.
- peer list: Add spacing between flag and IP address - thanks to Bombe.
- increase scaling to 3 again because 1480 nodes otherwise slow down updated nodes.
- only FMS and Sone on ChatForums suggestion page to fit the projects longstanding stance. If you disagree, you can create a freesite to promote it.
- avoid losing download state on restart - thanks to ChristmasMuch from FMS.
- update Sharesite version to 0.4.7 and activate by default.

Thank you for using Freenet!

- Arne Babenhauserheide

Developer changelog:

2019-03-21

Changes in 1484:

This release fixes the last blocking problems with the new build based on gradle and JNA.

Thanks to thesnark and operhiem1 we have a fix to a way to circumvent the content filter: on
Firefox uploading a file as MIME type text/plain caused Firefox to guess the filetype and present
the user with a download-or-open dialog. This could have resulted in handing an insecure file to an
external (and potentially vulnerable) program without showing a warning to the user. Please update
ASAP to avoid that. See CVE-2019-9673 for details.

Also uploads without compression now survive restarts of the node again.

Also this release finally includes the ogg-filter from Spencer Jacksons Google Summer of Code
project. It still needs polishing and has some inefficiencies, but you can now listen to a FLAC
from Freenet directly from your browser. For example via the following key:
CHK@tOwwq70fTosZuCnpZP4j1vMkEKiFuRIblmC351CbgpE,w6BTgWSJBDOM1~lWnsE83K2gOv3huEGHzSPWFBN4xFc,AAMC--8/infinite-hands-free-software.flac

Ogg Theora is merged, too, but currently garbles most files. If you’d like to fix that, please file
a pull-request!

As a sidenote: Freenet supports listening to mp3 files in the browser since version build 1473
(2016-05-21). You can also use mp3s in a HTML5 audio-tag.

As main user-visible change: If you use the default theme, you will now see the Winterfacey
theme. If you changed it to some other theme, Freenet will continue to use that other theme.

The main networking change is to apply the less recently failed branch by toad. This should
decrease the number of recently failed errors, but it could have side-effects.

For darknet friends, the 1024 character limit of n2n messages is lifted. You can now send
messages of up to 128 kiB.

And thanks to Redwerk, there is now a "Send confidential message" button on the friends page.
Just tick the checkbox of the friends you want to contact to send n2n messages to them.

Further changes:

- update WoT plugin to build 20. Thanks to xor.
- replace handler.outputHandler.queue by handler.send - thanks to patheticcockroach
- update plugin Freemail_wot to v0.2.7.4 with better detection of contacts missing from WoT - thanks to Redwerk
- update Sharesite version to 0.4.7
- peer list: Add spacing between flag and IP address - Thanks to Bombe
- increase scaling to 3 again because 1480 nodes otherwise slow down updated nodes.
- plugin manager cleanup: more readable code
- m3u filter: can stream playlists (running in external players still needs experimentation)
- avoid losing download state on restart - thanks to ChristmasMuch from FMS
- only FMS and Sone on ChatForums suggestion page to fit the projects longstanding stance. If you disagree, you can create a freesite to promote it.
- update included seednodes

Thank you for using Freenet!

- Arne Babenhauserheide

[include shortlogs of any installer or plugin changes]

---
Arne Babenhauserheide (18):
      add m3u filter again
      README: document how to run tests
      make links in M3U lists absolute, to make them play in most players
      within m3u lists allow transparent pass-through of files up to 100MiB
      avoid try-with-resources to avoid auto-closing.
      support ogg, oga, ogv and flac in m3us
      add m3u read advice
      polish winterfacey theme
      force activelinks for winterfacey
      do not enable activelinks for all
      update NEWS somehow
      m3u: trim every uri (removes leading and trailing whitespace)
      m3u: add test for mime type of ogg and flac
      Revert "Revert "Merge remote-tracking branch 'origin/much-less-recentlyfailed' into next""
      secure the HTMLFilter use by the ogg-filter
      tabify
      tag FDTracker as Serializable to avoid losing download state on restart
      tag FDTracker as Serializable to avoid losing download state on restart

Arne Babenhauserheide (freenet releases) (24):
      update Sharesite version to 0.4.7 built from 5fd61f2170a2a637d49e8942338f98260408fd1f
      increase peer-count scaling back to 3
      update NEWS
      typo
      update WoT to build 20
      Update default bookmark editions
      update NEWS
      only suggest FMS and Sone on the ChatForums page - we cannot argue for a decade that Frost is easy to break while promoting it on the community page
      only suggest FMS and Sone on the ChatForums page - we cannot argue for a decade that Frost is easy to break and spam (and therefore to censor for all but the most dedicated users) while promoting it on the community page
      update NEWS
      NEWS
      NEWS
      NEWS
      NEWS
      move n2n button news to current release
      Reference CVE in NEWS
      attribute the news
      attribute the news
      Update Freemail_wot plugin to v0.2.7.4 build 29 released from rev e879d7792bb3fbc81f3d2148cf5646f267d41d4d
      update NEWS
      Update default bookmark editions
      Update default bookmark editions
      Update default bookmark editions
      Build 1484

Cooo (1):
      Minor fixes to the Swedish translation.

David ‘Bombe’ Roden (37):
      Remove unused SHA-256 from plugin downloader
      Move plugin downloading into its own method
      Rename method argument
      Move verification of plugin directory into its own method
      Use real OOP instead of “instanceof.”
      Move plugin download target file determination into its own method
      Return list instead of array
      Clean up removal of cached files
      Move cache cleaning into its own method
      Move JAR file verification into its own method
      Use OOP instead of “instanceof.”
      Move plugin instantiating into its own method
      Reformatting
      Remove unused method, deprecate some methods
      Remove unused method parameter
      Remove unused method
      Rename horribly-named interface
      Move initialization to declaration, remove comment
      Don’t use deprecated constant
      Use interface and initialize at declaration
      Get rid of unnecessary boolean
      Fix inconsistent synchronization
      Use concurrent list for plugin wrappers, adjust synchronization accordingly
      Remove unused import
      Stop killing plugins after the first
      Don’t keep subconfig around after constructor
      Add braces and fix formatting
      Rename flag to better show its purpose
      Fix whitespace
      Manage information about starting, loaded, and failed plugins differently
      Remove dead code
      Use given last startup version
      Use “started” flag instead of “toStart == null”
      Use OOP instead of “instanceof.”
      Remove some duplicate code
      Make condition easier to understand
      🚸 Add spacing between flag and IP address

GNU Emacs User (15):
      FIX: recommending files to friends works again
      fix misleading indentation
      implement n2ntms up to 128 kiB via transparent assembly and disassembly
      l10n: note new n2ntm limit of 128k chars
      n2ntms: positive long msgid, -1 for invalid.
      n2n: only show option to send files in advanced mode
      cleanup whitespace
      only unqueue n2ns after ack, not after send
      whitespace cleanup
      only change strings for languages where I know the number format well enough
      process review by Bombe and xor
      fix: used wrong syntax to call another constructor
      add requiredParts and partIndex to n2ns
      fix whitespace
      fix whitespace

Matthew Toseland (41):
      Don't double the message on type warning pages.
      Get rid of "MIME type". Use "Content Type" or similar. Rewrite one or two related strings.
      Check whether defaultName actually exists really early on. I saw something wierd from Freereader in my logs...
      Indent.
      Similar fixes for SingleBlockInserter to those done for SplitFileInserterSegment: Make sure we always run onEncode before running onInsertSuccess, and run it inline if localRequestOnly is set. Plus, return early from a database exception.
      Another activation fix. Thanks to an anonymous tester from FMS.
      Store even if freed, if not removed.
      Check freed even if wasn't active (and we fixed it).
      Handle storing buckets that have been freed properly.
      Log an error about it anyway.
      Synchronization fix for non-persistent recent requests list.
      Logging: This should only happen on encode.
      Library edition 14.
      Fix ClassCastException
      Logging
      Don't show the filter box at all on an unsafe content type warning, since we can't filter and have warned the user already. Which is not true on e.g. the too big error page.
      Set finished = true on failure in USKInserter. Prevents NPE due to trying to free and null data twice.
      Fix nested synchronized.
      Logging
      Logging: Show what we are still waiting for.
      Logging
      Fix setting the key wrong, copy code from segment again.
      Fix NPE on collision.
      Doh!
      Make MySendableRequestSender static and use SBI only when we are sure we can use it.
      Minor activation fix for compressor descriptor for single blocks.
      Don't do recursive deactivation of metadata.
      Document and work around really grotesque db4o issue with collections in SimpleManifestPutter.
      Document it here too so it gets fixed before deployment.
      Activate to MAX_VALUE not 100.
      Comments: Fix re HashSet's
      Comment: Ideas for a proper fix.
      Fix bug #3159: Show a different warning if Library is in the process of being loaded than if it is not loaded at all.
      Ignore XMLLibrarian
      Allow what we haven't used of our bandwidth limit to reduce the overhead fraction. We can get into a sort of self-inflicted loop...
      Some FIXMEs
      A 20% minimum works for output limiting, so lets use it for the rest too.
      Library v16
      Doh
      Don't show the filter data option if we are telling the user we can't filter the data - either for unknown type or known bad type.
      If FEC decoding produces a data block that doesn't encode to the key expected, fail the download, it was probably inserted corrupt.

Miko (1):
      Swedish translation from Miko on FMS.

Oleh Shklyar (1):
      add "send confidential message" button to friends page

Spencer Jackson (72):
      Initial Ogg filter
      Create a bitstream filter object for each bitstream in the ogg
      Isolate OggPage from the actual act of writing the bitstream
      Check CRCs in Ogg pages
      Process the Vorbis identification header
      Expand Vorbis parser in anticipation of the other header types
      Store Vorbis packet boundaries
      Remove comment header for Vorbis files
      Search for a valid subpage
      Use magic number from VorbisBitstreamFilter
      Test the obtaining of ogg bitstream filters
      Add unit tests on obtaining and validating ogg pages
      Fix typo
      Simplify vorbis identification
      Check that Ogg pages are not out of order
      Check log level
      Revert "Simplify vorbis identification"
      Add text for referenced strings
      Fix page sequence check
      Remove old imports
      Close and flush streams where necessary
      Rethrow any exception which arises
      Javadoc Ogg filter
      Move OggPage to its own file
      Remove unneeded finally
      Remove unneeded getter method from OggPage
      Throw exception when vorbis structure invalid
      Remove EOFException check, as the parser should break gracefully
      Rename OggFilterTest, as it contained tests on the OggPage class
      Add missing GPL header
      Pass theora bitstreams through the filter
      Validate Theora identification header and strip comments
      Read unsigned bytes
      Fix bitshifting in comment header LEN acquisition
      Fix whitespace
      Remove post setup header validation state
      Test creation of Theora parser
      Fix bit level construction of 16 bit integers
      Remove log statments
      Use long for storing unsigned 32bit integers
      Correct endianness in vorbis parser
      Allow boolean variables to be passed by the HTML filter
      Add HTML5 multimedia tags
      Prevent autoplay
      Store split pages until the the page is completed
      Scan for subpages in two consecutive pages
      Signify some degree of completion for Ogg filter
      Remove checks for exception method throws
      Reorganize OggPage
      Temp AMEND THIS
      Revert "Temp AMEND THIS"
      Log source of EOFExceptions raised during filtration
      Fix subpage detection
      Check for subpages which are valid when truncated at page end
      Remove FLAC from Ogg MIMEType registration
      Note the dangerousness of FLAC audio
      Throw exception on Ogg with no valid bitstreams
      Close streams used for subpage testing
      Parse packets instead of pages in Ogg filters
      Extract FLAC packets from native transport format
      Correct FLAC MimeType entry
      Add missing file needed for packet extraction
      Fix packet extraction and processing
      Fix Flac native packet extraction
      Filter Flac files
      Replace undesired FLAC header blocks with PADDING packets
      Copy states to FlacFilter
      Logging
      Remove unneeded code from extracting packets from pages
      Another missing logMINOR
      Allow STREAMINFO to be the first and last metadata block
      Exception on invalid stream

Steve Dougherty (1):
      Set ContentEncoding on text/plain to prevent Firefox MIME type sniffing

drak@kaverne (3):
      enable activelinks by default
      welcome toadlet activelinks: use style for width and height
      Fix: scale the activelinks to 36x108 again

patheticcockroach (1):
      Use FCPConnectionHandler.send instead of .outputHandler.queue

xor (1):
      Implement some toString() for DBJobs