[-]
[+]
|
Changed |
_service:tar_git:i2pd.spec
|
|
[-]
[+]
|
Changed |
_service
^
|
@@ -1,8 +1,10 @@
<services>
<service name="tar_git">
<param name="url">https://github.com/nephros/i2pd</param>
- <param name="branch">next</param>
+ <param name="branch"></param>
+ <param name="revision">2.50.2+git1</param>
<!--
+ <param name="branch">next</param>
<param name="branch">master</param>
<param name="revision">HEAD</param>
<param name="revision">2.44.0+git1</param>
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/ChangeLog
^
|
@@ -1,7 +1,12 @@
# for this file format description,
# see https://github.com/olivierlacan/keep-a-changelog
-## [2.50.0] - 2023-12-23
+## [2.50.2] - 2024-01-06
+###Fixed
+- Crash with OpenSSL 3.2.0
+- False positive clock skew detection
+
+## [2.50.1] - 2023-12-23
###Fixed
- Support for new EdDSA usage behavior in OpenSSL 3.2.0
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/contrib/rpm/i2pd-git.spec
^
|
@@ -1,7 +1,7 @@
%define git_hash %(git rev-parse HEAD | cut -c -7)
Name: i2pd-git
-Version: 2.50.1
+Version: 2.50.2
Release: git%{git_hash}%{?dist}
Summary: I2P router written in C++
Conflicts: i2pd
@@ -144,6 +144,9 @@
%changelog
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
- update to 2.50.1
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/contrib/rpm/i2pd.spec
^
|
@@ -1,5 +1,5 @@
Name: i2pd
-Version: 2.50.1
+Version: 2.50.2
Release: 1%{?dist}
Summary: I2P router written in C++
Conflicts: i2pd-git
@@ -142,6 +142,9 @@
%changelog
+* Sat Jan 06 2024 orignal <orignal@i2pmail.org> - 2.50.2
+- update to 2.50.2
+
* Sat Dec 23 2023 r4sas <r4sas@i2pmail.org> - 2.50.1
- update to 2.50.1
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/debian/changelog
^
|
@@ -1,3 +1,9 @@
+i2pd (2.50.2) unstable; urgency=medium
+
+ * updated to version 2.50.2/0.9.61
+
+-- orignal <orignal@i2pmail.org> Sat, 06 Jan 2024 16:00:00 +0000
+
i2pd (2.50.1-1) unstable; urgency=medium
* updated to version 2.50.1/0.9.61
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/libi2pd/NetDb.cpp
^
|
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
*
* This file is part of Purple i2pd project and licensed under BSD3
*
@@ -247,9 +247,10 @@
m_Requests.RequestComplete (ident, r);
return r;
}
- if (r->IsUnreachable ())
+ if (r->IsUnreachable () ||
+ i2p::util::GetMillisecondsSinceEpoch () + NETDB_EXPIRATION_TIMEOUT_THRESHOLD*1000LL < r->GetTimestamp ())
{
- // delete router as invalid after update
+ // delete router as invalid or from future after update
m_RouterInfos.erase (ident);
if (wasFloodfill)
{
@@ -1019,6 +1020,11 @@
std::shared_ptr<I2NPMessage> replyMsg;
if (lookupType == DATABASE_LOOKUP_TYPE_EXPLORATORY_LOOKUP)
{
+ if (!context.IsFloodfill ())
+ {
+ LogPrint (eLogWarning, "NetDb: Exploratory lookup to non-floodfill dropped");
+ return;
+ }
LogPrint (eLogInfo, "NetDb: Exploratory close to ", key, " ", numExcluded, " excluded");
std::set<IdentHash> excludedRouters;
const uint8_t * excluded_ident = excluded;
@@ -1044,6 +1050,7 @@
if (lookupType == DATABASE_LOOKUP_TYPE_ROUTERINFO_LOOKUP ||
lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP)
{
+ // try to find router
auto router = FindRouter (ident);
if (router && !router->IsUnreachable ())
{
@@ -1056,17 +1063,26 @@
if (!replyMsg && (lookupType == DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP ||
lookupType == DATABASE_LOOKUP_TYPE_NORMAL_LOOKUP))
{
- auto leaseSet = FindLeaseSet (ident);
- if (!leaseSet)
- {
- // no lease set found
- LogPrint(eLogDebug, "NetDb: Requested LeaseSet not found for ", ident.ToBase32());
- }
- else if (!leaseSet->IsExpired ()) // we don't send back our LeaseSets
+ // try to find leaseset
+ if (context.IsFloodfill ())
+ {
+ auto leaseSet = FindLeaseSet (ident);
+ if (!leaseSet)
+ {
+ // no leaseset found
+ LogPrint(eLogDebug, "NetDb: Requested LeaseSet not found for ", ident.ToBase32());
+ }
+ else if (!leaseSet->IsExpired ()) // we don't send back expired leasesets
+ {
+ LogPrint (eLogDebug, "NetDb: Requested LeaseSet ", key, " found");
+ replyMsg = CreateDatabaseStoreMsg (ident, leaseSet);
+ }
+ }
+ else if (lookupType == DATABASE_LOOKUP_TYPE_LEASESET_LOOKUP)
{
- LogPrint (eLogDebug, "NetDb: Requested LeaseSet ", key, " found");
- replyMsg = CreateDatabaseStoreMsg (ident, leaseSet);
- }
+ LogPrint (eLogWarning, "NetDb: Explicit LeaseSet lookup to non-floodfill dropped");
+ return;
+ }
}
if (!replyMsg)
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/libi2pd/SSU2.cpp
^
|
@@ -24,7 +24,8 @@
m_AddressV4 (boost::asio::ip::address_v4()), m_AddressV6 (boost::asio::ip::address_v6()),
m_TerminationTimer (GetService ()), m_CleanupTimer (GetService ()), m_ResendTimer (GetService ()),
m_IntroducersUpdateTimer (GetService ()), m_IntroducersUpdateTimerV6 (GetService ()),
- m_IsPublished (true), m_IsSyncClockFromPeers (true), m_IsThroughProxy (false)
+ m_IsPublished (true), m_IsSyncClockFromPeers (true), m_PendingTimeOffset (0),
+ m_IsThroughProxy (false)
{
}
@@ -209,6 +210,29 @@
return ep.port ();
}
+ void SSU2Server::AdjustTimeOffset (int64_t offset)
+ {
+ if (offset)
+ {
+ if (m_PendingTimeOffset) // one more
+ {
+ if (std::abs (m_PendingTimeOffset - offset) < SSU2_CLOCK_SKEW)
+ {
+ offset = (m_PendingTimeOffset + offset)/2; // average
+ LogPrint (eLogWarning, "SSU2: Clock adjusted by ", offset, " seconds");
+ i2p::util::AdjustTimeOffset (offset);
+ }
+ else
+ LogPrint (eLogWarning, "SSU2: Time offsets are too different. Clock not adjusted");
+ m_PendingTimeOffset = 0;
+ }
+ else
+ m_PendingTimeOffset = offset; // first
+ }
+ else
+ m_PendingTimeOffset = 0; // reset
+ }
+
boost::asio::ip::udp::socket& SSU2Server::OpenSocket (const boost::asio::ip::udp::endpoint& localEndpoint)
{
boost::asio::ip::udp::socket& socket = localEndpoint.address ().is_v6 () ? m_SocketV6 : m_SocketV4;
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/libi2pd/SSU2.h
^
|
@@ -66,6 +66,7 @@
bool IsSupported (const boost::asio::ip::address& addr) const;
uint16_t GetPort (bool v4) const;
bool IsSyncClockFromPeers () const { return m_IsSyncClockFromPeers; };
+ void AdjustTimeOffset (int64_t offset);
void AddSession (std::shared_ptr<SSU2Session> session);
void RemoveSession (uint64_t connID);
@@ -161,6 +162,7 @@
std::shared_ptr<SSU2Session> m_LastSession;
bool m_IsPublished; // if we maintain introducers
bool m_IsSyncClockFromPeers;
+ int64_t m_PendingTimeOffset; // during peer test
// proxy
bool m_IsThroughProxy;
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/libi2pd/SSU2Session.cpp
^
|
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2022-2023, The PurpleI2P Project
+* Copyright (c) 2022-2024, The PurpleI2P Project
*
* This file is part of Purple i2pd project and licensed under BSD3
*
@@ -1668,10 +1668,12 @@
if (m_Server.IsSyncClockFromPeers ())
{
if (std::abs (offset) > SSU2_CLOCK_THRESHOLD)
- {
- LogPrint (eLogWarning, "SSU2: Clock adjusted by ", -offset, " seconds");
- i2p::util::AdjustTimeOffset (-offset);
- }
+ {
+ LogPrint (eLogWarning, "SSU2: Time offset ", offset, " from ", m_RemoteEndpoint);
+ m_Server.AdjustTimeOffset (-offset);
+ }
+ else
+ m_Server.AdjustTimeOffset (0);
}
else if (std::abs (offset) > SSU2_CLOCK_SKEW)
{
@@ -2481,6 +2483,8 @@
else if (m_Address->IsV6 ())
i2p::context.SetTestingV6 (testing);
}
+ if (!testing)
+ m_Server.AdjustTimeOffset (0); // reset time offset when testing is over
}
size_t SSU2Session::CreateAddressBlock (uint8_t * buf, size_t len, const boost::asio::ip::udp::endpoint& ep)
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/libi2pd/Signature.cpp
^
|
@@ -18,12 +18,10 @@
EDDSA25519Verifier::EDDSA25519Verifier ():
m_Pkey (nullptr)
{
- m_MDCtx = EVP_MD_CTX_create ();
}
EDDSA25519Verifier::~EDDSA25519Verifier ()
{
- EVP_MD_CTX_destroy (m_MDCtx);
EVP_PKEY_free (m_Pkey);
}
@@ -35,8 +33,17 @@
bool EDDSA25519Verifier::Verify (const uint8_t * buf, size_t len, const uint8_t * signature) const
{
- EVP_DigestVerifyInit (m_MDCtx, NULL, NULL, NULL, m_Pkey);
- return EVP_DigestVerify (m_MDCtx, signature, 64, buf, len);
+ if (m_Pkey)
+ {
+ EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
+ EVP_DigestVerifyInit (ctx, NULL, NULL, NULL, m_Pkey);
+ auto ret = EVP_DigestVerify (ctx, signature, 64, buf, len);
+ EVP_MD_CTX_destroy (ctx);
+ return ret;
+ }
+ else
+ LogPrint (eLogError, "EdDSA verification key is not set");
+ return false;
}
#else
@@ -101,7 +108,7 @@
#if OPENSSL_EDDSA
EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey):
- m_MDCtx (nullptr), m_Pkey (nullptr), m_Fallback (nullptr)
+ m_Pkey (nullptr), m_Fallback (nullptr)
{
m_Pkey = EVP_PKEY_new_raw_private_key (EVP_PKEY_ED25519, NULL, signingPrivateKey, 32);
uint8_t publicKey[EDDSA25519_PUBLIC_KEY_LENGTH];
@@ -111,30 +118,35 @@
{
LogPrint (eLogWarning, "EdDSA public key mismatch. Fallback");
m_Fallback = new EDDSA25519SignerCompat (signingPrivateKey, signingPublicKey);
+ EVP_PKEY_free (m_Pkey);
+ m_Pkey = nullptr;
}
- else
- m_MDCtx = EVP_MD_CTX_create ();
}
EDDSA25519Signer::~EDDSA25519Signer ()
{
if (m_Fallback) delete m_Fallback;
- EVP_MD_CTX_destroy (m_MDCtx);
- EVP_PKEY_free (m_Pkey);
+ if (m_Pkey) EVP_PKEY_free (m_Pkey);
}
void EDDSA25519Signer::Sign (const uint8_t * buf, int len, uint8_t * signature) const
{
- if (m_Fallback) return m_Fallback->Sign (buf, len, signature);
- else
+ if (m_Fallback)
+ return m_Fallback->Sign (buf, len, signature);
+ else if (m_Pkey)
{
+
+ EVP_MD_CTX * ctx = EVP_MD_CTX_create ();
size_t l = 64;
uint8_t sig[64]; // temporary buffer for signature. openssl issue #7232
- EVP_DigestSignInit (m_MDCtx, NULL, NULL, NULL, m_Pkey);
- if (!EVP_DigestSign (m_MDCtx, sig, &l, buf, len))
+ EVP_DigestSignInit (ctx, NULL, NULL, NULL, m_Pkey);
+ if (!EVP_DigestSign (ctx, sig, &l, buf, len))
LogPrint (eLogError, "EdDSA signing failed");
memcpy (signature, sig, 64);
+ EVP_MD_CTX_destroy (ctx);
}
+ else
+ LogPrint (eLogError, "EdDSA signing key is not set");
}
#endif
}
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/libi2pd/Signature.h
^
|
@@ -304,7 +304,6 @@
private:
#if OPENSSL_EDDSA
- EVP_MD_CTX * m_MDCtx;
EVP_PKEY * m_Pkey;
#else
EDDSAPoint m_PublicKey;
@@ -342,7 +341,6 @@
private:
- EVP_MD_CTX * m_MDCtx;
EVP_PKEY * m_Pkey;
EDDSA25519SignerCompat * m_Fallback;
};
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd-2.50.2+git1.tar.gz/upstream/libi2pd/version.h
^
|
@@ -1,5 +1,5 @@
/*
-* Copyright (c) 2013-2023, The PurpleI2P Project
+* Copyright (c) 2013-2024, The PurpleI2P Project
*
* This file is part of Purple i2pd project and licensed under BSD3
*
@@ -19,7 +19,7 @@
#define I2PD_VERSION_MAJOR 2
#define I2PD_VERSION_MINOR 50
-#define I2PD_VERSION_MICRO 1
+#define I2PD_VERSION_MICRO 2
#define I2PD_VERSION_PATCH 0
#ifdef GITVER
#define I2PD_VERSION XSTRINGIZE(GITVER)
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd.conf
^
|
@@ -173,6 +173,7 @@
## Address and port of outproxy
# outproxy = 127.0.0.1
# outproxyport = 9050
+## socksproxy section also accepts I2CP parameters, like "inbound.length" etc.
[sam]
## Enable the SAM bridge (default: true)
@@ -233,7 +234,7 @@
## Default: "mainline" I2P Network reseeds
# urls = https://reseed.i2p-projekt.de/,https://i2p.mooo.com/netDb/,https://netdb.i2p2.no/
## Reseed URLs through the Yggdrasil, separated by comma
-# yggurls = http://[324:9de3:fea4:f6ac::ace]:7070/
+# yggurls = http://[324:71e:281a:9ed3::ace]:7070/
## Path to local reseed data file (.su3) for manual reseeding
# file = /path/to/i2pseeds.su3
## or HTTPS URL to reseed from
@@ -290,5 +291,6 @@
[cpuext]
## Use CPU AES-NI instructions set when work with cryptography when available (default: true)
# aesni = true
-## Use CPU AVX instructions set when work with cryptography when available (default: true)
-# avx = true
+## Force usage of CPU instructions set, even if they not found (default: false)
+## DO NOT TOUCH that option if you really don't know what are you doing!
+# force = false
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd.service
^
|
@@ -17,7 +17,8 @@
ExecStart=/usr/bin/i2pd --datadir /home/.system/var/lib/i2pd --conf=/home/.system/var/lib/i2pd/i2pd.conf --tunconf=/home/.system/var/lib/i2pd/tunnels.conf --tunnelsdir=/home/.system/var/lib/i2pd/tunnels.conf.d --pidfile=/run/i2pd/i2pd.pid --daemon --service
ExecReload=/bin/sh -c "kill -HUP $MAINPID"
PIDFile=/run/i2pd/i2pd.pid
-
+### Uncomment, if auto restart needed
+#Restart=on-failure
# we log to stdout:
StandardOutput=journal+console
@@ -32,5 +33,10 @@
#KillSignal=SIGINT
#TimeoutStopSec=10m
+# If you have problems with hanging i2pd, you can try increase this
+LimitNOFILE=8192
+# To enable write of coredump uncomment this
+#LimitCORE=infinity
+
[Install]
WantedBy=multi-user.target
|
[-]
[+]
|
Changed |
_service:tar_git:i2pd.yaml
^
|
@@ -1,6 +1,6 @@
Name: i2pd
Summary: End-to-End encrypted and anonymous Internet daemon
-Version: 2.50.1
+Version: 2.50.2
Release: 1
Group: Applications/Internet
License: BSD-3-Clause
|