Skip to content

huddle 1.3.2 — bug-fix & hardening pass

Choose a tag to compare

View all tags
@richer-richard richer-richard released this 08 Jun 10:42
· 22 commits to main since this release
v1.3.2
This tag was signed with the committer’s verified signature.
richer-richard Richard
SSH Key Fingerprint: CtwnvzstjQiWJp3m8e2m3ne4xHDmXM5+6lLbk2DGRxM
Verified
Learn about vigilant mode.
4c8c237
This commit was signed with the committer’s verified signature.
richer-richard Richard
SSH Key Fingerprint: CtwnvzstjQiWJp3m8e2m3ne4xHDmXM5+6lLbk2DGRxM
Verified
Learn about vigilant mode.

A focused fixes/hardening release on top of 1.3.1 — no wire-format change, fully compatible with 1.3.x and pre-1.3 peers. Findings came from a multi-agent audit of the whole tree (15 of 20 confirmed after adversarial verification) plus the huddle app install fix.

huddle app / install

  • huddle app reliably finds your checkout. It builds the GUI from a source clone; previously it only located one via the build-time CARGO_MANIFEST_DIR, the cwd walk-up, or HUDDLE_SRC — so a crates.io install (cargo install huddle) run outside a checkout failed with "couldn't find the huddle source checkout." It now also searches common clone locations under your home directory.

GUI

  • Quit / Restart actually close the window. Confirming "Quit" used to tear down the connection but leave the window open until a second OS-close click; "Restart" could leave two windows. Both now close immediately.

TUI

  • A failed send no longer eats your message — the composed text is restored instead of silently lost.
  • Corrected stale invite-keybinding hints (it's Shift+I / Alt+I, not Ctrl+I / Ctrl+Shift+I / ^I, which collapse to Tab).

Relay (huddle-server)

  • Pre-auth timeout now covers the earliest connection phase, closing a slowloris hole that sat outside the auth-deadline window.
  • Inbound WebSocket frames capped at 512 KiB (was tungstenite's 64 MiB default, ~256× the post-parse payload guard).

Robustness

  • Guarded a panic in the inbound-message path that a concurrent room-leave could trigger (it would permanently halt message processing).
  • Bounded two in-memory maps (sas_flows, host_addr_dial_attempts) against a malicious-peer / unauthenticated-announcement flood.
  • Debounced the 1.3.1 RequestCiphertext key-request emitter so a stalled hybrid handshake can't drive an un-throttled request↔announce ping-pong.

Docs

  • Dropped the SAS module's false Matrix MSC-2241 cross-client-interop claim (huddle uses a 49-emoji subset + rejection sampling under a huddle-specific HKDF info string — not Matrix wire-compatible), and corrected a few stale comments + MANUAL_TESTING scenario 31.

Verified: clippy clean (no new warnings), huddle-core lib 136/136, hybrid_dm 4/4, integration 7/7 (serial). Published to crates.io at 1.3.2 (all four crates).

Assets 2
Loading