- update to 2.58.0:
* Post-quantum end-to-end crypto(ML-KEM-512, ML-KEM-768, ML-KEM-1024)
support if OpenSSL >= 3.5.0. Enable it by default
* Datagram2 and Datagram3
* Support boost 1.89
* Don't verify streaming SYN packet signature if comes from an
ECIESx25519 session
* Specify light or dark theme for webconsole
* Try to resolve host again in server tunnel if failed before
* "ssu2.firewalled4" and "ssu2.firewalled6" params to force Firewalled
even if network is OK
* Create unique loopback address from fd00::/8 range for ::1 if
explicitly set in server tunnels
* Don't show Network status if ipv6 only
* SAM PING command
* Send correct version in I2CP SetDate message
* Fixed max UDP buffer size for OpenBSD
* "i2p.streaming.maxWindowSize" and "i2p.streaming.dontSign" params
* Streaming ping through BOB
* Limit number of outbound streaming packets if the peer can't handle
them
* Updated reseeds list
* Fixed lack of file descriptors for Haiku
* Outgoing stream will not constantly re-requests LeaseSet if the
remote peer has gone away
* Don't call deprecated functions for openssl 3
* Accept "HELLO VERSION" without "MIN" and "MAX" in SAM
* Non-blocking mode for UDP sockets in UDP tunnels
- update to 2.57.0:
* Local domain sockets for I2PControl
* HTTP and SOCKS proxy through BOB
* FORWARD session host handling in SAM
* "keys=shareddest" tunnel param to run on shared local destination
* Correct implementation of SSU2 path challenge and path response
* Don't delete trusted routers from netdb
* Fixed crash after SAM stream disconnect
* Disable loss-control in streaming
* OpenIndiana(Solaris) support
* NTCP2 probing resistance
* Set min peer test version to 0.9.62
* Support SAM v1 datagram sessions without port
* Localization to Hebrew and Hindi
* Fixed x86 build for Haiku
* Updated reseeds list
- Boost.System is headers only since 1.69
+ boost-system.patch (forwarded request 1310819 from adkorte)
OBS-URL: https://build.opensuse.org/request/show/1311712
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/i2pd?expand=0&rev=25
* Post-quantum end-to-end crypto(ML-KEM-512, ML-KEM-768, ML-KEM-1024)
support if OpenSSL >= 3.5.0. Enable it by default
* Datagram2 and Datagram3
* Support boost 1.89
* Don't verify streaming SYN packet signature if comes from an
ECIESx25519 session
* Specify light or dark theme for webconsole
* Try to resolve host again in server tunnel if failed before
* "ssu2.firewalled4" and "ssu2.firewalled6" params to force Firewalled
even if network is OK
* Create unique loopback address from fd00::/8 range for ::1 if
explicitly set in server tunnels
* Don't show Network status if ipv6 only
* SAM PING command
* Send correct version in I2CP SetDate message
* Fixed max UDP buffer size for OpenBSD
* "i2p.streaming.maxWindowSize" and "i2p.streaming.dontSign" params
* Streaming ping through BOB
* Limit number of outbound streaming packets if the peer can't handle
them
* Updated reseeds list
* Fixed lack of file descriptors for Haiku
* Outgoing stream will not constantly re-requests LeaseSet if the
remote peer has gone away
* Don't call deprecated functions for openssl 3
* Accept "HELLO VERSION" without "MIN" and "MAX" in SAM
* Non-blocking mode for UDP sockets in UDP tunnels
- update to 2.57.0:
* Local domain sockets for I2PControl
* HTTP and SOCKS proxy through BOB
* FORWARD session host handling in SAM
* "keys=shareddest" tunnel param to run on shared local destination
* Correct implementation of SSU2 path challenge and path response
* Don't delete trusted routers from netdb
* Fixed crash after SAM stream disconnect
* Disable loss-control in streaming
* OpenIndiana(Solaris) support
* NTCP2 probing resistance
* Set min peer test version to 0.9.62
* Support SAM v1 datagram sessions without port
* Localization to Hebrew and Hindi
* Fixed x86 build for Haiku
* Updated reseeds list
- Boost.System is headers only since 1.69
+ boost-system.patch
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=59
* Config params for shared local destination
* Exclude disk operations from SSU2 and NTCP2 threads
* Set minimal version for peer test to 0.9.62
* Fixed termination deadlock if SAM session is active
* AddressBook full addresses cache
* Shorter ECIESx25519 ack request interval for datagram and I2CP sessions
* Updated reseeds list
* Recreate tunnels in random order
* Send Ack requested flag after second SSU2 resend attempt
* Don't change datagram routing path too often if unidirectional data stream
* Fixed race condition at tunnel endpoint
* Decline transit tunnel to duplicated router
- format .spec
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=57
* Support boost 1.87
* New RTO and window size calculation and resetting algorithm for streams
* Faster LeaseSet amd RouterInfo lookups
* Direct link between tunnel and transport to next peer
* Separate thread for tunnel build requests
* Fixed missing RouterInfo buffer in NetDb
* Throttle incoming ECIESx25519 sessions
* Check LeaseSet expiration time
* Resend HolePunch and RelayResponse messages
* Publish 'R' cap for yggdrasil-only routers, and 'U' cap for routers through proxy
* New "i2p.streaming.maxConcurrentStreams" tunnel's param to limit number of simultaneous streams
* Don't delete routers from NetDb when offline
* Save unreachable router's endpoint to use it next time without introducers
* Random tunnel rejection when medium congestion
* Increased hole punch expiration interval
* Handle NTCP2 session handshakes in separate thread
- moved binary from /usr/sbin to /usr/bin
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=55
- update to 2.51.0:
* Encrypted tunnel tests
* New streaming RTT/RTO/Window calculation algorithms
* Publish medium congestion indication
* Changed upstream SOCKS proxy from SOCKS4 to SOCKS5
* New implementation of SSU2 retransmission, send buffer, window, congestion control, timeouts
* Transit tunnels limit more than 64K. Default value to 10K
* Fixed lookup of encrypted LeaseSet
* Report error if client is trying to connect to itself in SAM
* Fixed crash when packet comes to terminated stream
* Tunnel status "declined" in web console
* SAM error reply "Incompatible crypto" if remote destination has incompatible crypto
* Fixed outbound tunnel build failure if it's endpoint is the same as reply tunnel gateway
* Reduce unreachable router ban interval to 8 minutes
* Send lookup reply directly to reply tunnel gateway if possible
* Fixed I2PControl RouterManager returns invalid JSON when unknown params are passed
* Correct implementation of "reservedrange" config param
* Less false positive cases for tunnel tests
* Check ipv4/ipv6 compatibility for peer tests
* Allow SSU2 even if port binding fails
* Support local domain sockets for SOCKS proxy upstream
- update to 2.50.2:
* Fixed crash with OpenSSL 3.2.0
* Fixed false positive clock skew detection
- update to 2.50.1:
* Fixed support for new EdDSA usage behavior in OpenSSL 3.2.0
- update to 2.50.0:
* Support of concurrent ACCEPTs on SAM 3.1
* Low bandwidth and far routers can expire before 1 hour
* Don't pick too active peer for first hop
* Try peer test again if status is Unknown
* Send peer tests with random delay
* Updated reseeds list
* Fixed XSS vulnerability in addresshelper
* Fixed publishing NAT64 ipv6 addresses
* Fixed deadlock in AsyncSend callback
OBS-URL: https://build.opensuse.org/request/show/1172146
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=52
- update to 2.48.0:
* Added 'critical' log level
* Allow user/password authentication method for SOCK5 proxy
* Fixed reload tunnels
* Don't recognize new router as floodfill until it proves it's real
* Fixed incomplete HTTP headers in I2P tunnels
* Publish congestion cap 'G' if transit is not accepted
* Added webconsole button to drop a remote LeaseSet manually
* Publish encrypted RouterInfo through tunnels
* Print local b32 address on webconsole destination page
* Fixed incorrect address caps for unspecified ipv6 address
- update to 2.47.0:
* DHT for floodfills instead plain list
* Process router's messages in separate thread
* Don't publish non-reachable router
* Fixed memory leak in Windows network state detection
* Fixed reseed attempts from invalid address
* Add support for domain addresses for Yggdrasil reseeds
* Send and check target destination in first streaming SYN packet
* Added congestion caps (https://geti2p.net/spec/proposals/162-congestion-caps)
* Added SAM UDP port parameter
- update to 2.46.1:
* Fixed race condition while getting router's peer profile
* Fixed creation of new router.info
* Fixed displaying LeaseSets in the webconsole
* Fixed crash when processing ACK request
- update to 2.46.0:
* New algorithm for tunnel creation success rate calculation
* Localization to Swedish, Portuguese, Turkish, Polish
* Fixed deadlock during processing I2NP block with Garlic in ECIES encrypted message to router
* Periodically send Datetime block in NTCP2 and SSU2 and check
* Better profiling for unreachable routers
* Minimal version for floodfill is 0.9.51
* Drop incoming NTCP2 and SSU2 connection if published IP doesn't match actual endpoint
* Sort transports by endpoints in webconsole
* Don't publish "0.0.0.0" in RouterInfo
* Check referer when processing Addresshelper
* Select first hop from high bandwidth peers for client tunnels
* Exclude unreachable router from NetDB for 2 hours
* Fixed missing NTCP2 address in RouterInfo if enabled back
* Fixed race condition with encrypted LeaseSets
- update to 2.45.1:
* Fixed UPnP crash if SSU2 or NTCP2 is disabled
* Fixed crash on termination for some platforms
* Network status is always OK if peer test msg 5 received
* Added "Full Cone NAT" status error
* Drop duplicated I2NP messages in SSU2
* Set rejection code 30 if tunnel with id already exists
- update to 2.45.0:
* Removed SSU transport
* Fixed file descriptors leak
* 1 and 15 seconds bandwidth calculation for i2pcontrol
* Compressible padding for I2P addresses
* Don't accept incoming session from invalid/reserved addresses for NTCP2 and SSU2
* Drop RouterInfos and LeaseSets with timestamp from future
* Increased default max transit tunnels number from 2500 to 5000 or 10000 for floodfill
* Fixed ::1 address in RouterInfo
* SSU2 network error handling (especially for Windows)
* Localization to Czech
* NTCP2 and SSU2 timestamps are rounded to seconds
* Don't send SSU2 termination again if termination received block received
* Fixed random crash on AddressBook update
* Test for Symmetric NAT with peer test msgs 6 and 7
* Fixed spamming to log if no descriptors
* Don't select overloaded peer for next tunnel
* Limit simultaneous tunnel build requests by 4 per pool
* Fixed RTT self-reduction for long-live streams
* Fixed crash if incorrect LeaseSet size
* "No Descriptors" router error state
* Remove "X-Requested-With" in HTTP Proxy for non-AJAX requests
* Fixed SSU2 network error handling (especially for Windows)
OBS-URL: https://build.opensuse.org/request/show/1093645
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=46
- update to 2.44.0:
* SSL connection for server I2P tunnels
* Localization to Italian and Spanish
* SSU2 through SOCKS5 UDP proxy
* Reload tunnels through web console
* SSU2 send immediate ack request flag
* SSU2 send and verify path challenge
* Configurable ssu2.mtu4 and ssu2.mtu6
* SSU2 is enbaled and SSU is disabled by default
* Separate network status and error
* Random selection between NTCP2 and SSU2 priority
* Added notbob.i2p to jump services
* Remove DoNotTrack flag from HTTP Request header
* Skip addresshelper page if destination was not changed
* SSU2 allow different ports from RelayReponse and HolePunch
* SSU2 resend PeerTest msg 1 and msg 2
* SSU2 Send Retry instead SessionCreated if clock skew detected
* Long HTTP headers for HTTP proxy and HTTP server tunnel
* SSU2 resends and resend limits
* Crash at startup if addressbook is disabled
* NTCP2 ipv6 connection through SOCKS5 proxy
* SSU2 SessionRequest with zero token
* SSU2 MTU less than 1280
* SSU2 port=1
* Incorrect addresses from network interfaces
* Definitions for Darwin PPC; do not use pthread_setname_np
* Complete SSU2 implementation
* Localization to Chinese
* Send RouterInfo update for long live sessions
* Explicit ipv6 ranges of known tunnel brokers for MTU detection
OBS-URL: https://build.opensuse.org/request/show/1040807
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=44
- Update to 2.33.0:
* Shared transient addresses
* crypto.ratchet.inboundTags paramater
* Multiple encryption keys through I2CP
* Pre-calculated x25519 ephemeral keys
* Change datagram routing path if nothing comes back in 10
seconds
* Shared routing path for datagram session
* UDP tunnels send mix of repliable and raw datagrams in bulk
* Encrypt SSU packet again upon resend
* Start new tunnel message if remaining buffer is too small
* Use LeaseSet2 for ECIES-X25519-AEAD-Ratchet automatically
* Save new ECIES-X25519-AEAD-Ratchet session with NSR tagset
* Generate random padding lengths for ECIES-X25519-AEAD-Ratchet
in bulk
* Webconsole layout
* Reseed servers list
* Don't connect through terminated SAM destination
* Differentiate UDP server sessions by port
* ECIES-X25519-AEAD-Ratchet through I2CP
* Don't save invalid address to AddressBook
* ECDSA signatures names in SAM
* AppArmor profile
- Drop i2pd-2.19.0-apparmor.patch
OBS-URL: https://build.opensuse.org/request/show/829748
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=34
- update to 2.32.1:
- Read explicit peers in tunnels config
- Generation of tags for detached sessions
- Non-updating LeaseSet1
- Start when deprecated websocket options present in i2pd.conf
- Multiple encryption types for local destinations
- Next key and tagset for ECIES-X25519-AEAD-Ratchet
- NTCP2 through SOCKS proxy
- Throw error message if any port to bind is occupied
- gzip parameter for UDP tunnels
- Show ECIES-X25519-AEAD-Ratchet sessions and tags on the web console
- Simplified implementation of gzip for no compression mode
- Allow ECIES-X25519-AEAD-Ratchet session restart after 2 minutes
- Added logrotate config for rpm package
- Select peers for client tunnels among routers >= 0.9.36
- Check ECIES flag for encrypted lookup reply
- Streaming MTU size 1812 for ECIES-X25519-AEAD-Ratchet
- Don't calculate checksum for Data message send through ECIES-X25519-AEAD-Ratchet
- Catch network connectivity status for Windows
- Stop as soon as no more transit tunnels during graceful shutdown for Android
- RouterInfo gzip compression level depends on size
- Send response to received datagram from ECIES-X25519-AEAD-Ratchet session
- Update webconsole functional
- Increased max transit tunnels limit
- Reseeds list
- Dropped windows support in cmake
- Correct timestamp check for LeaseSet2
- Encrypted leaseset without authentication
- Change SOCKS proxy connection response for clients without socks5h support (#1336)
OBS-URL: https://build.opensuse.org/request/show/827441
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=32
- Update to 2.31.0:
* NTCP2 through HTTP proxy
* Publish LeaseSet2 for I2CP destinations
* Show status page on main activity for android
* Handle ECIESFlag in DatabaseLookup at floodfill
* C++17 features for eligible compilers
* Droped Websockets and Lua support
* Send DeliveryStatusMsg for LeaseSet for
ECIES-X25519-AEAD-Ratchet
* Keep sending new session reply until established for
* Updated SSU log messages
* Reopen SSU socket on exception
* Security hardening headers in web console
* Various web console changes
* Various QT changes
* NTCP2 socket descriptors leak
* Race condition with router's identity in transport sessions
* Not terminated streams remain forever
OBS-URL: https://build.opensuse.org/request/show/793690
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=30
- Update to 2.30.0:
* Single threaded SAM
* Experimental support of ECIES-X25519-AEAD-Ratchet crypto type
* Minimal MTU size is 1280 for ipv6
* Use unordered_map instead map for destination's sessions and
tags list
* Use std::shuffle instead std::random_shuffle
* SAM is single threaded by default
* Reseeds list
* Correct termination of streaming destination
* Extra ',' in RouterInfo response in I2PControl
* SAM crash on session termination
* Storage for Android 10
OBS-URL: https://build.opensuse.org/request/show/783563
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=28
- Update to 2.28.0:
* RAW datagrams in SAM
* Publishing encrypted LeaseSet2 with DH or PSH authentication
* Ability to disable battery optimization for Android
* Transport Network ID Check
* Set and handle published encrypted flag for LeaseSet2
* ReceiveID changes in the same stream
* "\r\n" command terminator in SAM
* Addressbook lines with signatures
OBS-URL: https://build.opensuse.org/request/show/726790
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=24
- Update to 2.26.0:
* HTTP method "PROPFIND"
* Detection of external ipv6 address through the SSU
* NTCP2 publishing depends on network status
* ntcp is disabled by default, ntcp2 is published by default
* Response to BOB's "list" command
* ipv6 address is not longer NTCP's local endpoint's address
* Reseeds list
* HTTP_REFERER stripping in httpproxy (#823)
* Check and handle incorrect BOB input
* Ignore introducers for NTCP or NTCP2 addresses
* RouterInfo check from NTCP2
OBS-URL: https://build.opensuse.org/request/show/708457
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=20
- Update to 2.25.0:
* Create, publish and handle encrypted LeaseSet2
* Support of b33 addresses
* RedDSA key blinding
* .b32.i2p addresses in jump links
* ntcp2.addressv6 parameter
* Allow HTTP headers without value
* Set data directory from external storage path for Android
* addresshelper support is configurable per tunnel
* gradlew script for android build
* Deletion of expired encrypted LeaseSet2 on floodfills
* ipv6 fallback address
* SSU incoming packets routing
OBS-URL: https://build.opensuse.org/request/show/702048
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=18
- Update to 2.24.0:
* Support of transient keys for LeaseSet2
* Support of encrypted LeaseSet2
* Recognize signature type 11 (RedDSA)
* Support websocket connections over HTTP proxy
* Ability to disable full addressbook persist
* Don't load peer profiles if non-persistant
* REUSE_ADDR for ipv6 acceptors
* Reset eTags if addressbook can't be loaded
* Build with boost 1.70
* Filter out unspecified addresses from RouterInfo
* Check floodfill status change
* Correct SAM response for invalid key
* SAM crash on termination for Windows
* Race condition for publishing
* Standard LeaseSet2 support
* Ability to adjust timestamps through the NTP
* Ability to disable peer profile persist
* Request permission for android >= 6
* Initial addressbook to android assets
* Cancel graceful shutdown for android
* Russian translation for android
* Chacha20 and Poly1305 implementation
* Eliminate extra copy of NTCP2 send buffers
* Extract content of tunnel.d from assets on android
* Removed name resolvers from transports
* Update reseed certificates
* LeaseSet published content verification
* Exclude invalid LeaseSets from the list on a floodfill
* Build for OpenWrt with openssl 1.1.1
OBS-URL: https://build.opensuse.org/request/show/687805
OBS-URL: https://build.opensuse.org/package/show/security:privacy/i2pd?expand=0&rev=14
