tesseras-paste, branch v0.1.0 Decentralized pastebin built on tesseras-dht Add CHANGELOG.md for 0.1.0 2026-03-25T20:26:54+00:00 murilo ijanc 2026-03-25T20:26:54+00:00 24c3402c9d27fc26bd3afe8c05276f52338514f8 






Update README, bump tesseras-dht to 0.1.1, add project docs
2026-03-25T20:19:16+00:00

murilo ijanc

2026-03-25T20:19:16+00:00

4c1597e0f28c2bea193818a8d84ff2073ea5c08f

- Rewrite README with features, usage, and links
- Bump tesseras-dht dependency from 0.1.0 to 0.1.1
- Add CODE_OF_CONDUCT.md and SECURITY.md





- Rewrite README with features, usage, and links
- Bump tesseras-dht dependency from 0.1.0 to 0.1.1
- Add CODE_OF_CONDUCT.md and SECURITY.md







Limit stdin read in tp, bound protocol drain, document Arc leak
2026-03-25T18:49:08+00:00

murilo ijanc

2026-03-25T18:41:40+00:00

290f53c38cdacd502eb6dda52f2ad207063e3973

- tp: limit stdin to 64 KiB + 1 byte to reject oversized pastes
  early without unbounded memory allocation
- daemon: bound the oversized-line drain to MAX_LINE_SIZE so a
  client without newlines cannot block beyond the read timeout
- tpd: document intentional Arc::into_raw leak in signal handler





- tp: limit stdin to 64 KiB + 1 byte to reject oversized pastes
  early without unbounded memory allocation
- daemon: bound the oversized-line drain to MAX_LINE_SIZE so a
  client without newlines cannot block beyond the read timeout
- tpd: document intentional Arc::into_raw leak in signal handler







Harden identity key permissions, atomic writes, and HTTP method
2026-03-25T18:30:45+00:00

murilo ijanc

2026-03-25T18:26:44+00:00

62b68cc461b5e298add3ab190fe9a38f3efefe7a

- Write identity.key with mode 0600 to prevent other users from
  reading the Ed25519 private seed
- Use destination filename in atomic_write temp path to avoid
  collisions between concurrent writes to different files
- Reject HTTP methods other than GET/HEAD with 405
- Return "Hello Tesseras World" on GET /





- Write identity.key with mode 0600 to prevent other users from
  reading the Ed25519 private seed
- Use destination filename in atomic_write temp path to avoid
  collisions between concurrent writes to different files
- Reject HTTP methods other than GET/HEAD with 405
- Return "Hello Tesseras World" on GET /







Add missing pledge promises (drm, prot_exec) and source reference
2026-03-25T18:13:38+00:00

murilo ijanc

2026-03-25T18:13:38+00:00

b6e3f14ebd0601b1604dcb29fba07b6446a140b7

Add reference to pledgereq[] in /usr/src/sys/kern/kern_pledge.c
and include drm and prot_exec that were missing from the list.





Add reference to pledgereq[] in /usr/src/sys/kern/kern_pledge.c
and include drm and prot_exec that were missing from the list.







Fix clippy warnings: needless borrow and collapsible if
2026-03-25T18:10:15+00:00

murilo ijanc

2026-03-25T18:10:15+00:00

63c080840a7567f67effa9703d7c94b488d22fc1












Log socket setup errors in Unix client handler
2026-03-25T17:57:18+00:00

murilo ijanc

2026-03-25T17:57:18+00:00

71a839341e34c7808cc90a6e5e25d269588e989c

Warn when set_nonblocking or set_read_timeout fails instead of
silently disconnecting the client.





Warn when set_nonblocking or set_read_timeout fails instead of
silently disconnecting the client.







Handle HTTP connections in separate threads with cap of 8
2026-03-25T17:56:50+00:00

murilo ijanc

2026-03-25T17:56:50+00:00

2f1f611bf7b48fc9dd5568ccca17c0c36b997200

A slow connection or DHT lookup (up to 30s) no longer blocks
the entire HTTP accept loop. Connections beyond the limit get
a 503 response.





A slow connection or DHT lookup (up to 30s) no longer blocks
the entire HTTP accept loop. Connections beyond the limit get
a 503 response.







Exit early if data directory cannot be created
2026-03-25T17:55:41+00:00

murilo ijanc

2026-03-25T17:55:41+00:00

e93f672b2f9c7ce3c8deae5ddbadcd21ba919e33

Report the actual error instead of silently ignoring it and
failing later with a confusing message in PasteStore::open.





Report the actual error instead of silently ignoring it and
failing later with a confusing message in PasteStore::open.







Fix critical data integrity and security issues
2026-03-25T17:22:21+00:00

murilo ijanc

2026-03-25T17:22:21+00:00

b9f813fb4b7de1042370b529b9ccc036b208465b

- Atomic writes in store (write-to-temp + rename) to prevent
  corruption on crash
- Validate DHT results against requested content hash to reject
  forged data from malicious nodes
- Limit protocol line size to 128 KiB on Unix socket to prevent
  memory exhaustion
- Use saturating_add for TTL expiry to prevent u64 overflow





- Atomic writes in store (write-to-temp + rename) to prevent
  corruption on crash
- Validate DHT results against requested content hash to reject
  forged data from malicious nodes
- Limit protocol line size to 128 KiB on Unix socket to prevent
  memory exhaustion
- Use saturating_add for TTL expiry to prevent u64 overflow