mirror of
https://github.com/BigBodyCobain/Shadowbroker.git
synced 2026-05-28 10:01:31 +02:00
Shadowbroker
8dfa6a7199
Bumps every hardcoded 0.9.79 → 0.9.8 across backend, frontend,
desktop-shell, helm, lockfiles, test fixtures. Refreshes the in-app
ChangelogModal HEADLINE_FEATURES, NEW_FEATURES, and BUG_FIXES with the
v0.9.8 highlights.
Release artifacts built locally and hashed into release_digests.json:
ShadowBroker_v0.9.8.zip 6.06 MB
d506f6b8462ccb12096f0cd9462233be58928094240416b65fb3127bdd1f3820
ShadowBroker_0.9.8_x64_en-US.msi 122.4 MB
d4be4cb68c3e6409fff54c225acdcdd08e27d5d6d2b31616d78d2a4f6812991d
ShadowBroker_0.9.8_x64-setup.exe 76.5 MB
1115d1f5cf37edd03ea2c21d821c7626e1bf3319c990402aaa0293bca46fea67
Sizes match the v0.9.79 reference shape (5.76 MB / 117 MB / 72.9 MB)
within expected drift for new code. The .zip is a `git archive` of the
v0.9.8 source tree (matching v0.9.79's approach).
Audit confirms no .env, .key, .venv-dir, or cache files leaked into the
backend-runtime bundle. Python 3.11.9 + 199 site-packages + privacy_core
all staged correctly.
Headline changes since v0.9.79:
* Cumulative fuel/CO2 per flight (#317) — running totals since first
observation, not just per-hour rate.
* AIS maritime resilience (#314, #316) — outage banner + AISHub REST
fallback when AISStream WebSocket primary is offline.
* Data-layer repair (#311, #312) — UAP fallback respects the 60-day
cutoff; GPS jamming threshold tuning + nac_p=0 inclusion so the layer
actually fires.
* Per-flight source attribution (#313) — source field on every record.
* Cross-node DM mailbox replication (#309).
* Infonet sync HTTP 429 honored (#310).
Test fixtures updated:
* test_per_operator_outbound_attribution.py — added v0.9.8 UA strings
to the banned-aggregate-literals list (alongside v0.9.79).
* updateRuntime.test.ts — bumped asset filename fixtures to v0.9.8.
release_digests.json keeps the v0.9.79 block alongside v0.9.8 so
operators still on 0.9.79 validate cleanly during the rollout.
The accent narrowing fix in ChangelogModal (one feature uses 'purple',
two use 'cyan' so the renderer's `accent === 'purple'` comparison
still type-checks) is included.
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
46 lines
2.4 KiB
JSON
46 lines
2.4 KiB
JSON
{
|
|
"_comment": [
|
|
"Baked-in SHA-256 digests for known Shadowbroker release archives.",
|
|
"",
|
|
"Issue #231: the self-updater previously skipped integrity verification",
|
|
"entirely whenever the MESH_UPDATE_SHA256 env var was unset (which is the",
|
|
"default — nothing in the install docs tells operators to set it). That",
|
|
"made the auto-update a supply-chain RCE on any compromise of the GitHub",
|
|
"release pipeline.",
|
|
"",
|
|
"The fix uses a multi-source verification chain mirroring the Tor bundle",
|
|
"digest approach in #201:",
|
|
"",
|
|
" 1. MESH_UPDATE_SHA256 env var (operator override, preserved)",
|
|
" 2. SHA256SUMS.txt asset published alongside each release (primary —",
|
|
" the maintainer's release process already publishes this)",
|
|
" 3. This baked-in digest list (second line of defense for releases",
|
|
" missing a SHA256SUMS asset, or when the asset can't be fetched)",
|
|
" 4. HTTPS-only fallback with a loud warning (preserves auto-update",
|
|
" flow during transient outages so users don't get stuck)",
|
|
"",
|
|
"Mismatch from a source that DID respond is fatal — the update is",
|
|
"refused and the existing install keeps running. Only the 'no source",
|
|
"reachable at all' case falls back to HTTPS-only.",
|
|
"",
|
|
"Format: each entry is keyed by release tag and maps asset filenames",
|
|
"to their canonical SHA-256 digest (hex, lowercase). The updater",
|
|
"compares the locally-computed digest of the downloaded asset against",
|
|
"the value here.",
|
|
"",
|
|
"When the maintainer ships a new release, add its digests here BEFORE",
|
|
"removing the old ones so operators on the old code still validate",
|
|
"against the previous entries during the transition."
|
|
],
|
|
"v0.9.79": {
|
|
"ShadowBroker_v0.9.79.zip": "f6877c1d66614525315ea82636ce9f7b41178332c4dbf90d27431a1ea1d9cd47",
|
|
"ShadowBroker_0.9.79_x64-setup.exe": "f7b676ada45cac7da05868b0a353678c9ee700e3abcf456a7c0c038c36da446f",
|
|
"ShadowBroker_0.9.79_x64_en-US.msi": "e0713c3cdda184cfbea750bfac0d62a35678fec00847e6476f2cac8e7e42046e"
|
|
},
|
|
"v0.9.8": {
|
|
"ShadowBroker_v0.9.8.zip": "d506f6b8462ccb12096f0cd9462233be58928094240416b65fb3127bdd1f3820",
|
|
"ShadowBroker_0.9.8_x64-setup.exe": "1115d1f5cf37edd03ea2c21d821c7626e1bf3319c990402aaa0293bca46fea67",
|
|
"ShadowBroker_0.9.8_x64_en-US.msi": "d4be4cb68c3e6409fff54c225acdcdd08e27d5d6d2b31616d78d2a4f6812991d"
|
|
}
|
|
}
|