2bf04648c3
bump -7
2026-05-12 11:43:42 -04:00
d042a7d354
SSU2: Require three consecutive peer tests for IPv6 state changes
...
due to high false-positive firewalled rates
2026-05-12 11:43:10 -04:00
a00bc02fb9
SSU2: Require two peers from different /16s to change address
...
(/32 for IPv6)
suggested by: bottomlineit.co.za
2026-05-11 13:58:32 -04:00
a403278fe6
Util: eqCT() null check
2026-05-11 07:37:25 -04:00
5f71311cbd
More constant time string comparisons
...
adapted from I2PPlus
2026-05-10 19:28:42 -04:00
514f0c1237
I2NP: Add missing length checks in readMessage() methods
...
- strict checks in Data, DeliveryStatus, Garlic, TunnelData
- check if we did read over and throw in DatabaseLookup, DatabaseSearchReply
- fix potential leaseset read overrun in DatabaseStore
- convert AIOOBE to I2NPMessageException in I2NPMessageImpl
DLM reported by: bottomlineit.co.za
2026-05-10 17:32:54 -04:00
fac0f85197
I2NP: Enforce 4 bits for RI netdb type in DSM
...
to match current spec
2026-05-10 16:40:32 -04:00
b48cb21119
Remove old NTCP1 I2NPMessageHandler pool, unused
2026-05-10 15:26:16 -04:00
85499fbb8b
Hoist random() calls out of session synch blocks
2026-05-10 09:06:00 -04:00
dfaa5c3f81
i2ptunnel: P-R-G for list page forms
2026-05-09 12:48:28 -04:00
102b7f0674
i2ptunnel: Refactor list page forms
...
- Move all form buttons to POST and enforce
- Use form attributes for per-tunnel buttons (thanks drzed)
- Remove xml headers
- Remove ancient IE workarounds
2026-05-09 12:00:51 -04:00
a4afe588f3
Util: Use constant-time comparison in various password checkers
...
reported by: bottomlineit.co.za
2026-05-08 15:02:22 -04:00
bbe18c9e9f
Console: Remove ancient IE workaround code
...
reported by: bottomlineit.co.za
2026-05-08 12:42:52 -04:00
3429f733f3
SSU2: Resurrect hole punch throttling as Charlie
...
Was in SSU 1 code but was never adapted for SSU2 and then got deleted.
Send limit reject code when throttled.
Add conn limit check.
Limits same as previously, to be reviewed and adjusted.
reported by: bottomlineit.co.za
2026-05-08 12:16:37 -04:00
f0afcfcf68
Console: Add missing description for jsonrpc webapp
2026-05-07 15:30:35 -04:00
7dbeb265a1
Transport: Disable SSU bid adjustment for new routers as of next release
2026-05-07 13:58:55 -04:00
41ba80fa87
i2ptunnel: Refactor nonces
...
Replace the static nonce list with a session-bound nonce queue,
move form keys from static to session.
Prep for button conversion to POST
related changes to follow
2026-05-07 13:51:08 -04:00
98fb8c2af5
javadoc corrections
2026-05-07 11:40:42 -04:00
f13ba5d987
i2psnark: Refactor nonces
...
Replace the webapp-wide nonce with two session-bound nonce queues,
one for the outer section and details/config pages, one for
the inner (XHR) section.
Any form-stuffing scripts that grab the nonce must be updated
to store and return the session cookie also.
related changes to follow
reported by: bottomlineit.co.za
2026-05-07 11:14:35 -04:00
85854c5454
Javadoc fix (json-simple)
...
fixed 6 years ago but got reverted in the update to 2.3.1
2026-05-06 17:29:04 -04:00
ea83c15d49
CSS tweak
2026-05-06 13:14:23 -04:00
704f4949e4
bump -6
2026-05-06 13:01:04 -04:00
a587f79c75
Console: Add search option for PQ SSU2
2026-05-06 12:53:30 -04:00
8f2a8b3e3a
Console: Validate Origin header
...
related changes to follow
adapted from code in I2P+, same license as ours
reported by: bottomlineit.co.za
2026-05-06 12:48:46 -04:00
0a9e68f688
Console: Refactor nonces
...
Replace the following static nonces with a consolidated session-bound nonce queue in CSSHelper:
- "console" static final nonce stored in CSSHelper
- "system" (restart) static final nonce stored in ConfigRestartBean
- "update" nonce stored in System properties via SummaryHelper
- "reseed" nonce stored in System properties via SummaryHelper
related changes to follow
reported by: bottomlineit.co.za
2026-05-06 12:44:49 -04:00
8989914372
Docker: Update eepsite configuration to use net.i2p.jetty.JettyStart
2026-05-06 11:16:03 -04:00
4f938db339
Docker: Ensure the .i2p directory exists and is owned by the i2p user before starting the application
2026-05-06 09:58:19 -04:00
f6a0b271c0
Merge branch 'master' of github.com:i2p/i2p.i2p
2026-05-06 09:57:47 -04:00
003d868cdb
Docker: Remove USER directive from Dockerfile and update startapp.sh to use exec -runuser to start java as non-root
2026-05-06 09:37:57 -04:00
d11e2869a7
Merge pull request #146 from tahnous/update-readme
...
Update bug report URL's
2026-05-06 09:24:42 -04:00
7eb7f40a15
Merge branch 'master' of i2pgit.org:I2P_Developers/i2p.i2p
2026-05-05 14:46:53 -04:00
9960bacd92
Docker: Run startapp.sh as non-root. Clarify need to rewrite 127.0.0.1 to Docker internal localhost(172.17.0.* normally) in order to avoid IP-based client denials. Remove dead s6 script. Change 127.0.0.1 to localhost in docker rootfs config files. Clarify documentation.
2026-05-05 14:45:07 -04:00
05438ab51d
Util: Set minidns fields to final
...
reported by: bottomlineit.co.za
2026-05-04 17:22:15 -04:00
28bd5ce456
Console: Make section render methods private
2026-05-04 14:50:46 -04:00
7ecd7fcae1
Console: Remove unused getNonce() calls
2026-05-04 14:44:31 -04:00
635584bfcb
Transport: Fix PQ SSU2 I2NP block header, bump -5
...
was using SSU1-style header
remove SSU1 code in fragmenter
reported by: orignal
2026-05-02 18:26:50 -04:00
5f37d3c107
Update bug report URL's
2026-05-02 16:51:36 -03:00
d2d4325e65
bump -4
2026-05-01 18:28:08 -04:00
566d4f86e6
i2psnark: Remove support for ancient name.utf-8 and path.utf-8 metainfo entries
...
These were non-standard old pre-utf8 fields, and were never well-tested code paths.
name and path are always UTF-8 now according to the specs.
utf-8 flavors bypassed some sanitization.
reported by: bottomlineit.co.za
2026-05-01 18:09:52 -04:00
4d98a0b62d
SSU2: Increase nonce replay cache size
...
Based on measurement of actual relay requests, typ. rate is calculated
as 6/minute total when at the relaying limit of 100 routers,
or 24 in the 4-minute skew window. Increase cache size from 8 to 32.
reported by: bottomlineit.co.za
2026-05-01 17:57:57 -04:00
5482d470a6
I2NP: Add min length checks to fromRawByteArray() methods
...
reported by: bottomlineit.co.za
2026-05-01 17:07:18 -04:00
c3c222d5d3
Console: Specify full path to Windows service scripts
...
reported by: bottomlineit.co.za
2026-05-01 16:40:56 -04:00
04caa91e3e
Transport: Fail-fast if NTCP2 msg 2 padding length is too much
...
reported by: bottomlineit.co.za
2026-05-01 13:34:29 -04:00
57e8f8c1cf
Util: Remove useless synchronized on no-op method
...
reported by: bottomlineit.co.za
2026-05-01 13:15:11 -04:00
41647e94f0
I2CP: Wait for queue space on internal queue close()
...
reported by: bottomlineit.co.za
2026-05-01 13:10:19 -04:00
1595bbabd9
Crypto: Fix buffer off-by-one in jbigi negative value conversion (unused)
...
from jrandom example code 2004
reported by: bottomlineit.co.za
2026-05-01 12:03:16 -04:00
66a270e7a2
Crypto: Use constant-time modPow() for ElG private key operations
...
Deprecate unused ElGamalSigEngine
reported by: bottomlineit.co.za
2026-05-01 11:34:28 -04:00
93be42925b
Util: Update json-simple to 2.3.1
...
from https://github.com/cliftonlabs/json-simple.git tag json-simple.2.3.1 2018-02-05
Fixes:
- Jsoner.serialize array off-by-one deterministic crash on 9 primitive/Object array branches
reported by: bottomlineit.co.za
2026-04-30 20:17:28 -04:00
dafde0c327
Util: Update minidns to 1.1.1
...
from https://github.com/MiniDNS/minidns tag 1.1.1 2024-10-24
Possible fixes (unverified):
- MiniDNS per-RR parsers throw NegativeArraySizeException on malformed header
- DnsName.parse recurses per label without depth bound StackOverflow DoS
- DnsName parser throws AIOOBE (not IOException) on truncated pointer
- ipv4From / ipv6From resolve via DNS instead of parsing literals
- Question constructor uses assert for null checks
- DnsMessage pre-allocates ArrayLists from 16-bit header counts
- OPT.parse uses dis.read() and disabled assert for bounds
reported by: bottomlineit.co.za
2026-04-30 19:06:49 -04:00
051dccf4b1
Util: Revert change causing failed decode of compressed IPv6 addresses
...
partial revert of aa77c9a4ab
2026-04-30 18:21:33 -04:00
zzz