From https://github.com/hyphanet/fred/releases/tag/build01497: """ Freenet 0.7.5 build 1497 is now available. [overview] This release fixes a severe vulnerability in path folding that allowed to distinguish between downloaders and forwarders with an adapted node that is directly connected via opennet. This vulnerability was reported to the Project by Prof. Ming Yang and Prof. Zhen Ling from the School of Computer Science and Engineering, Southeast University, Prof. Xinwen Fu from the Miner School of Computer & Information Sciences, University of Massachusetts Lowell, and Yonghuan Xu from School of Cyber Science and Engineering, Southeast university. Yonghuan also provided support in fixing the vulnerability. Thank you very much! To reduce the probability of hitting other problems in path folding, we also merged the pull-request to completely avoid path folding at HTL 17 or higher. """
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=26ab26e07b2cbfb44b62a3854a4f54b9a9344e2b commit 26ab26e07b2cbfb44b62a3854a4f54b9a9344e2b Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2023-04-21 11:14:01 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2023-05-26 10:24:08 +0000 net-p2p/freenet: add 0.7.5_p1497 Switches to java-pkg-simple Bundles binary version of pebble Depends on freenet-ext with much smaller download than net-libs/nativebiginteger EAPI 8 Enables tests Changes test dependency hamcrest-*-1.3 -> hamcrest-2 Skips two failing tests via patch Adds verify-sig Adds Add-opens: to MANIFEST.MF for runtime Updates metadata remote-id Partly moves handling of freenet-wrapper.conf to src_compile Depends on bug #878869 Bug: https://bugs.gentoo.org/904441 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/30643 Signed-off-by: Sam James <sam@gentoo.org> net-p2p/freenet/Manifest | 4 + .../freenet-0.7.5_p1497-ignore-failing-tests.patch | 37 ++++ net-p2p/freenet/freenet-0.7.5_p1497.ebuild | 226 +++++++++++++++++++++ net-p2p/freenet/metadata.xml | 2 +- 4 files changed, 268 insertions(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6062a50abf0264d32916f1337aab70d5318bf7ee commit 6062a50abf0264d32916f1337aab70d5318bf7ee Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2023-05-26 15:06:20 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-05-30 03:40:56 +0000 net-p2p/freenet: drop versions Bug: https://bugs.gentoo.org/904441 Closes: https://bugs.gentoo.org/899216 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/31223 Signed-off-by: John Helmert III <ajak@gentoo.org> net-p2p/freenet/Manifest | 4 - net-p2p/freenet/files/0.7.5_p1475-remove-git.patch | 24 -- net-p2p/freenet/files/0.7.5_p1483-ext.patch | 22 -- .../files/0.7.5_p1491-update-for-jna-5.x.patch | 31 -- net-p2p/freenet/files/build-clean.xml | 421 --------------------- net-p2p/freenet/files/build.properties | 95 ----- .../freenet/files/freenet-0.7.5_p1474-wrapper.conf | 27 -- net-p2p/freenet/files/freenet.initd | 11 - net-p2p/freenet/files/freenet.old | 18 - net-p2p/freenet/freenet-0.7.5_p1491-r1.ebuild | 165 -------- net-p2p/freenet/freenet-0.7.5_p1491.ebuild | 164 -------- net-p2p/freenet/freenet-0.7.5_p1492.ebuild | 165 -------- net-p2p/freenet/freenet-0.7.5_p1493-r1.ebuild | 178 --------- net-p2p/freenet/freenet-0.7.5_p1493.ebuild | 164 -------- 14 files changed, 1489 deletions(-)
Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=13a66c5def0d04b908b4e9faf4975aebf3c111a0 commit 13a66c5def0d04b908b4e9faf4975aebf3c111a0 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-07-24 06:10:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-07-24 06:10:57 +0000 [ GLSA 202407-28 ] Freenet: Deanonymization Vulnerability Bug: https://bugs.gentoo.org/904441 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202407-28.xml | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+)