4 See also this page @ref{Новости, on russian}.
11 @strong{Incompatible} encrypted packet format change: payload and pad
12 sizes are sent in-bound in the encrypted stream. That gives ability to
13 streamingly create encrypted packets, without knowing sizes in advance,
14 without creating temporary file or buffer data in memory.
17 Proper encrypted packet padding verification is done now. This is not
18 critical issue, but previously neither padding value, nor its size were
19 authenticated, giving ability to iteratively strip trailing bytes and
20 determine payload's size by observing the reaction of the encrypted
24 @command{nncp-exec} loses its @option{-use-tmp} option, because of
25 streaming-compatible encrypted packets format.
28 @command{nncp-file} and @command{nncp-exec} commands have
29 @option{-maxsize} option, limiting maximal resulting encrypted packet's
30 maximal size (returning error if it is exceeded). Could be useful,
31 because no payload size could be known in advance.
36 @section Release 7.7.0
40 Experimental @code{kqueue} and @code{inotify} based notifications
41 support about spool directory changes, for reducing their often reading
45 @file{.seen} and @file{.hdr} files moved to @file{seen/} and @file{hdr/}
46 subdirectories, for faster scanning of spool directories.
47 Current files migration required:
50 $ find $NNCPSPOOL -type f -name "*.hdr" -exec rm @{@} +
52 $ find $NNCPSPOOL -type d -name rx | while read rx ; do
55 find . -type f -name "*.seen" | while read fn ; do
56 mv $fn seen/$@{fn%.seen@}
60 $ find $NNCPSPOOL -type d -name area | while read area ; do
61 find $area -type f -name "*.seen" | while read fn ; do
70 @section Release 7.6.0
74 Logging may be done to specified opened file descriptor
75 (@env{$NNCPLOG=FD:5} for example).
76 That is friendly to use under @command{daemontools}.
79 Added additional checks of public keys existence in configuration file,
80 preventing some commands from failing.
85 @section Release 7.5.1
89 NNCP builds on NetBSD.
94 @section Release 7.5.0
98 @command{nncp-daemon} is compatible with UCSPI-TCP interface, so log
99 will contain remote side's address (when running under appropriate
100 utility). @option{-ucspi} option should be used instead of @option{-inetd}.
103 @command{nncp-call} can be UCSPI-TCP client, using @option{-ucspi} option.
106 Do not exit if some of MCD network interfaces can not be listened --
107 only warn about that.
112 @section Release 7.4.0
116 Fixed simultaneous @command{nncp-daemon} and @command{nncp-caller} MCD work.
121 @section Release 7.3.2
125 @command{hjson-cli} utility builds in vendor-mode now.
130 @section Release 7.3.1
134 Fixed possibly left opened file descriptor in online commands.
137 Severely decreased memory usage of MTH hashing.
142 @section Release 7.3.0
146 Fixed some workability problems on 32-bit systems with big files.
149 Ability to use directory with a bunch of files as a configuration.
150 @command{nncp-cfgdir} command appeared.
155 @section Release 7.2.1
159 Small optimizations in online commands.
164 @section Release 7.2.0
168 @command{nncp-trns} command appeared for manual transition packets creation.
171 If destination node of transitional packet has non empty @option{via}
172 route, then do not ignore, but use it.
175 Do not relay multicast packet to area message's originator, that
176 obviously has seen its own packet.
179 Much less memory usage during MTH hashing when offset is zero: when
180 packet is not resumed, but for example checked with @command{nncp-check}
186 @section Release 7.1.1
190 Fixed failing directories fsync after @file{.seen} file creation.
195 @section Release 7.1.0
199 Multicasting areas feature appeared. Implemented merely by an additional
200 plain packet type with @command{nncp-toss}, @command{nncp-file} and
201 @command{nncp-exec} commands modification.
204 Fixed workability of @command{nncp-file} and @command{nncp-exec}
205 commands, that use temporary file (stdin and @option{-use-tmp}).
208 Fixed disappearing bad return code in @command{nncp-exec} command.
211 Fixed invalid @file{.hdr} generation when transitional packets are used.
214 @option{-all} option appeared in @command{nncp-rm} command, applying to
215 all the nodes at once.
218 @option{-cycle} option appeared in @command{nncp-check} command, looping
219 the check in infinite cycle.
222 @command{nncp-rm} command can take node alias name.
225 @command{nncp-pkt} can parse @file{.hdr} files.
230 @section Release 7.0.0
234 Minimal required Go version 1.13.
237 Merkle Tree-based Hashing with BLAKE3 (MTH) is used instead of BLAKE2b.
238 Because of that, there are backward @strong{incompatible} changes of
239 encrypted files (everything laying in the spool directory) and
240 @file{.meta} files of chunked transfer.
242 Current implementation is far from being optimal: it lacks
243 parallelizable calculations and has higher memory consumption: nearly
244 512 KiB for each 1 GiB of file's data. Future performance and memory
245 size optimizations should not lead to packet's format change. But it is
246 still several times faster than BLAKE2b.
249 Resumed online downloads, because of MTH, require reading only of the
250 preceding part of file, not the whole one as was before.
253 @command{nncp-hash} utility appeared for calculating file's MTH hash.
256 BLAKE2 KDF and XOF functions are replaced with BLAKE3 in encrypted
257 packets. Lowering number of used primitives. Also, its encrypted
258 packet's header is used as an associated data during encryption.
261 MultiCast Discovery uses
262 @verb{|ff02::4e4e:4350|} address instead of @verb{|ff02::1|}.
265 @command{nncp-cfgenc} mistakenly asked passphrase three times during encryption.
268 @command{nncp-stat} reports about partly downloaded packets.
271 Updated dependencies.
276 @section Release 6.6.0
280 @command{nncp-daemon}, @command{nncp-call} and @command{nncp-caller}
281 commands wait for all background checksummers completion after
282 connection is finished.
285 Added possibility of address determining through multicast announcement
286 in local area network, so called MCD (MultiCast Discovery).
291 @section Release 6.5.0
295 Fixed segfault in @command{nncp-daemon} when SP handshake did not succeed.
298 Fixed possible bad return code ignoring in automatic tosser.
301 Fixed race during file descriptors closing when online protocol call is
302 finished, that could lead to write error of received packet fragment.
305 Kill all packet transmission progress bars in @command{nncp-daemon},
306 @command{nncp-call} and @command{nncp-caller} when call is finished.
311 @section Release 6.4.0
315 Fixed possible race in online protocol, that lead to panic.
320 @section Release 6.3.0
324 Fixed possible panic while showing progress during online protocol.
329 @section Release 6.2.1
333 Three places in logs contained excess @code{%s}.
338 @section Release 6.2.0
342 Returned @command{nncp-caller}'s @option{-autotoss*} options workability.
345 Yet another logging refactoring and simplification.
346 Should be no visible differences to the end user.
351 @section Release 6.1.0
355 Optimization: most commands do not keep opened file descriptors now.
356 Previously you can exceed maximal number of opened files if you have got
357 many packets in the spool directory.
360 Optimization: do not close file descriptor of the file we download
361 online. Previously each chunk lead to expensive open/close calls.
364 Online downloaded files are saved with @file{.nock} (non-checksummed)
365 suffix, waiting either for @command{nncp-check}, or online daemons to
366 perform integrity check.
369 Optimization: files, that are not resumed, are checksummed immediately
370 during the online download, skipping @file{.nock}-intermediate step.
373 Ability to store encrypted packet's header in @file{.hdr} file, close to
374 the packet itself. That can greatly increase performance of packets
375 listing on filesystems with big block's size.
380 @section Release 6.0.0
384 Log uses human readable and easy machine parseable
385 @url{https://www.gnu.org/software/recutils/, recfile} format for the
386 records, instead of structured RFC 3339 lines. Old logs are not readable
387 by @command{nncp-log} anymore.
390 @option{-autotoss*} option workability with @command{nncp-daemon}'s
391 @option{-inetd} mode.
394 Call's @option{when-tx-exists} allows to make a call only when outbound
395 packets exists. Combined with seconds-aware cron expression that can be
396 used as some kind of auto dialler.
399 @command{nncp-cronexpr} command allows you to check validity and
400 expectations of specified cron expression.
405 @section Release 5.6.0
409 @option{-autotoss*} option runs tosser not after the call, but every
410 second while it is active.
413 @option{autotoss}, @option{autotoss-doseen},
414 @option{autotoss-nofile}, @option{autotoss-nofreq},
415 @option{autotoss-noexec}, @option{autotoss-notrns} options available in
416 @option{calls} configuration section. You can configure per-call
417 automatic tosser options.
420 Use vendoring, instead of @env{$GOPATH} overriding during tarball
421 installation, because current minimal Go's version is 1.12 and it
427 @section Release 5.5.1
431 Respect for @env{$BINDIR}, @env{$INFODIR} and @env{$DOCDIR} environment
432 variables in @file{config} during installation.
437 @section Release 5.5.0
441 Bugfixes in @command{nncp-call(er)}/@command{nncp-daemon},
442 @command{nncp-bundle} and @command{nncp-stat}.
445 @command{nncp-rm} has @option{-dryrun} and @option{-older} options now.
448 @command{nncp-exec} has @option{-use-tmp} and @option{-nocompress}
449 options now. Uncompressed packets are not compatible with previous NNCP
453 @command{nncp-call}, @command{nncp-caller} and @command{nncp-daemon} commands
454 have @option{-autotoss*} options for running tosser after call is ended.
457 Updated dependencies. Minimal required Go version is 1.12.
462 @section Release 5.4.1
466 Fixed @code{SENDMAIL} variable usage during the build.
471 @section Release 5.4.0
475 Updated dependencies.
478 Build system is moved from Makefiles to @url{http://cr.yp.to/redo.html, redo}.
479 This should not influence package maintainers, because minimal @command{redo}
480 implementation is included in tarball.
485 @section Release 5.3.3
489 More various error checks.
492 Updated dependencies.
497 @section Release 5.3.2
501 Fixed incorrect logic of @option{onlinedeadline} timeout, where
502 connection won't take into account incoming packets events and will
503 forcefully disconnect.
508 @section Release 5.3.1
512 Fixed @option{onlinedeadline} workability with call addresses that use
513 external commands (@verb{#"|somecmd"#}).
516 @command{nncp-stat} has @option{-pkt} option displaying information
517 about each packet in the spool.
522 @section Release 5.3.0
526 Progress messages contain prefix, describing the running action.
529 Fixed not occurring handshake messages padding.
532 Finish all SP protocol related goroutines, less memory leak.
535 SP protocol generates less socket write calls, thus generating less TCP
539 Check @option{onlinedeadline} and @option{maxonlinetime} options every
540 second, independently from socket reads (up to 10 seconds).
543 Once per minute, if no other traffic exists, PING packets are sent in
544 SP-connection. That allows faster determining of connection unworkability.
547 @command{nncp-toss} uses lock-file to prevent simultaneous tossing.
552 @section Release 5.2.1
556 Fixed SP protocol error handling, sometimes causing program panic.
561 @section Release 5.2.0
565 Most commands by default show oneline operations progress.
566 @option{-progress}, @option{-noprogress} command line options,
567 @option{noprogress} configuration file option appeared.
570 Fixed incorrect @command{nncp-check} command return code, that returned
571 bad code when everything is good.
574 Free disk space check during @command{nncp-bundle -rx} call.
579 @section Release 5.1.2
583 @strong{Critical} vulnerability: remote peers authentication could lead
584 to incorrect identification of remote side, allowing foreign encrypted
588 Bugfix: private and public Noise keys were swapped in newly created
589 configuration files, that lead to inability to authenticate online peers.
592 Explicit directories fsync-ing for guaranteed files renaming.
597 @section Release 5.1.1
601 Fixed workability of @command{nncp-file} with @option{-chunked 0} option.
606 @section Release 5.1.0
610 @command{nncp-file} can send directories, automatically creating pax
614 Free disk space is checked during outbound packets creation.
617 @option{freq}, @option{freqminsize}, @option{freqchunked} configuration
618 file options replaced with the structure:
619 @option{freq: @{path: @dots{}, minsize: @dots{}, chunked: @dots{}@}}.
622 Added @option{freq.maxsize} configuration file option, forbidding of
623 freq sending larger than specified size.
626 Ability to notify about successfully executed commands (exec) with
627 @option{notify.exec} configuration file option.
632 @section Release 5.0.0
636 @strong{Incompatible} configuration file format change: YAML is
637 replaced with Hjson, due to its simplicity, without noticeable lack
638 of either functionality or convenience.
641 @strong{Incompatible} plain packet format changes. Older versions are
642 not supported. @code{zlib} compression is replaced with
643 @code{Zstandard}, due to its speed and efficiency, despite library
644 version is not mature enough.
647 Ability to call remote nodes via pipe call of external command, not only
651 @command{nncp-cfgnew} generates configuration file with many
652 comments. @option{-nocomments} option can be used for an old
656 Duplicate filenames have @file{.CTR} suffix, instead of @file{CTR}, to
657 avoid possible collisions with @file{.nncp.chunkCTR}.
660 Ability to override process umask through configuration file option.
663 Files and directories are created with 666/777 permissions by default,
664 allowing control with @command{umask}.
667 Updated dependencies.
670 Full usage of go modules for dependencies management
671 (@code{go.cypherpunks.ru/nncp/v5} namespace is used).
674 Forbid any later GNU GPL version autousage
675 (project's licence now is GNU GPLv3-only).
682 @item Workability on GNU/Linux systems and Go 1.10 is fixed.
690 @strong{Incompatible} encrypted and eblob packet format change: AEAD
691 encryption mode with 128 KiB blocks is used now, because previously
692 @command{nncp-toss} did not verify encrypted packet's MAC before feeding
693 decrypted data to external command. Older versions are not supported.
696 Available free space checking before copying in @command{nncp-xfer},
697 @command{nncp-daemon}, @command{nncp-call(er)}.
700 @command{nncp-call} has ability only to list packets on remote node,
701 without their transmission.
704 @command{nncp-call} has ability to transfer only specified packets.
707 Workability of @option{xxrate} preference in @option{calls}
708 configuration file section.
711 Dependant libraries are updated.
717 Begin using of @code{go.mod} subsystem.
724 @item @command{nncp-daemon} can be run as @command{inetd}-service.
732 @command{nncp-daemon}, @command{nncp-call}, @command{nncp-caller} check
733 if @file{.seen} exists and treat it like file was already downloaded.
734 Possibly it was transferred out-of-bound and remote side needs to be
738 If higher priority packet is spooled, then @command{nncp-daemon} will
739 queue its sending first, interrupting lower priority transmissions.
742 Simple packet rate limiter added to online-related tools
743 (@command{nncp-daemon}, @command{nncp-call}, @command{nncp-caller}).
746 Ability to specify niceness with symbolic notation:
747 @verb{|NORMAL|}, @verb{|BULK+10|}, @verb{|PRIORITY-5|}, etc.
750 Changed default niceness levels:
751 for @command{nncp-exec} from 64 to 96,
752 for @command{nncp-freq} from 64 to 160,
753 for @command{nncp-file} from 196 to 224.
761 @strong{Incompatible} @emph{bundle} archive format changes and
762 @command{nncp-bundle} workability with Go 1.10+. Bundles must be
763 valid tar archives, but Go 1.9 made them invalid because of long paths
764 inside. NNCP accidentally was dependant on that bug. Explicit adding of
765 @file{NNCP/} directory in archive restores workability with valid tar
773 Ability to disable relaying at all using @verb{|-via -|} command line option.
781 @strong{Incompatible} plain packet format changes. Older versions are
785 Ability to queue remote command execution, by configuring @option{exec}
786 option in configuration file and using @command{nncp-exec} command:
789 @command{nncp-mail} command is replaced with more flexible
790 @command{nncp-exec}. Instead of @verb{|nncp-mail NODE RECIPIENT|}
791 you must use @verb{|nncp-exec NODE sendmail RECIPIENT|}.
793 @option{sendmail} configuration file option is replaced with
794 @option{exec}. @verb{|sendmail: [...]|} must be replaced with
795 @verb{|exec: sendmail: [...]|}.
799 Ability to override @option{via} configuration option for destination
800 node via @option{-via} command line option for following commands:
801 @command{nncp-file}, @command{nncp-freq}, @command{nncp-exec}.
804 Chunked files, having size less than specified chunk size, will be sent
805 as an ordinary single file.
808 Exec commands are invoked with additional @env{$NNCP_NICE} and
809 @env{$NNCP_SELF} environment variables.
812 Files, that are sent as a reply to freq, have niceness level taken from
813 the freq packet. You can set desired niceness during @command{nncp-freq}
814 invocation using @option{-replynice} option.
817 @command{nncp-toss} command can ignore specified packet types during
818 processing: @option{-nofile}, @option{-nofreq}, @option{-noexec},
822 @command{nncp-file} command uses
823 @option{FreqMinSize}/@option{FreqChunked} configuration file options
824 for @option{-minsize}/@option{-chunked} by default. You can turn this
825 off by specifying zero value.
834 @strong{Incompatible} encrypted/eblob packet format changes. Older
835 versions are not supported.
838 Twofish encryption algorithm is replaced with ChaCha20. It is much more
839 faster. One cryptographic primitive less.
842 HKDF-BLAKE2b-256 KDF algorithm is replaced with BLAKE2Xb XOF. Yet
843 another cryptographic primitive less (assuming that BLAKE2X is nearly
844 identical to BLAKE2).
853 @strong{Incompatible} encrypted packet format changes. Older versions
857 @command{nncp-bundle} command can either create stream of encrypted
858 packets, or digest it. It is useful when dealing with
859 @code{stdin}/@code{stdout} based transmission methods (like writing to
860 CD-ROM without intermediate prepared ISO image and working with tape
864 @command{nncp-toss} is able to create @file{.seen} files preventing
865 duplicate packets receiving.
868 Single background checksum verifier worker is allowed in
869 @command{nncp-call}. This is helpful when thousands of small inbound
870 packets could create many goroutines.
873 Ability to override path to spool directory and logfile through either
874 command line argument, or environment variable.
877 @command{nncp-rm} is able to delete outbound/inbound, @file{.seen},
878 @file{.part}, @file{.lock} and temporary files.
883 @section Release 0.12
885 @item Sendmail command is called with @env{$NNCP_SENDER} environment variable.
889 @section Release 0.11
891 @item @command{nncp-stat}'s command output is sorted by node name.
895 @section Release 0.10
898 @command{nncp-freq}'s @file{DST} argument is optional now. Last
899 @file{SRC} path's element will be used by default.
906 Fix @option{-rx}/@option{-tx} arguments processing in
907 @command{nncp-call} command. They were ignored.
914 Little bugfix in @command{nncp-file} command, where @option{-minsize}
915 option for unchunked transfer was not in KiBs, but in bytes.
923 Ability to feed @command{nncp-file} from @code{stdin}, that uses an
924 encrypted temporary file for that.
927 Chunked files transmission appeared with corresponding
928 @command{nncp-reass} command and @option{freqchunked} configuration file
929 entry. Useful for transferring big files over small storage devices.
932 @option{freqminsize} configuration file option, analogue to
933 @option{-minsize} one.
936 @command{nncp-xfer}'s @option{-force} option is renamed to
937 @option{-mkdir} for clarity.
940 @option{-minsize} option is specified in KiBs, not bytes, for
944 @command{nncp-newcfg} command is renamed to @command{nncp-cfgnew},
945 and @command{nncp-mincfg} to @command{nncp-cfgmin} -- now they have
946 common prefix and are grouped together for convenience.
949 @command{nncp-cfgenc} command appeared, allowing configuration file
950 encryption/decryption, for keeping it safe without any either OpenPGP or
954 Cryptographic libraries (dependencies) are updated.
961 @item Small @command{nncp-rm} command appeared.
962 @item Cryptographic libraries (dependencies) are updated.
969 Trivial small fix in default niceness level of @command{nncp-file}
970 and @command{nncp-freq} commands.
978 Small fix in @command{nncp-call}, @command{nncp-caller},
979 @command{nncp-daemon}: they can segmentation fail sometimes (no data is
983 @command{nncp-newnode} renamed to @command{nncp-newcfg} -- it is shorter
984 and more convenient to use.
987 @command{nncp-mincfg} command appeared: helper allowing to create
988 minimalistic stripped down configuration file without private keys, that
989 is useful during @command{nncp-xfer} usage.
996 @item Fixed compatibility with Go 1.6.
1000 @section Release 0.2
1004 @strong{Incompatible} packet's format change (magic number is changed
1005 too): size field is encrypted and is not send in plaintext anymore.
1008 @option{-minsize} option gives ability to automatically pad outgoing
1009 packets to specified minimal size.
1012 @command{nncp-daemon} and @command{nncp-call}/@command{nncp-caller}
1013 always check new @emph{tx} packets appearance in the background while
1014 connected. Remote side is immediately notified.
1017 @option{-onlinedeadline} option gives ability to configure timeout of
1018 inactivity of online connection, when it could be disconnected. It could
1019 be used to keep connection alive for a long time.
1022 @option{-maxonlinetime} option gives ability to set maximal allowable
1023 online connection aliveness time.
1026 @command{nncp-caller} command appeared: cron-ed TCP daemon caller.
1029 @command{nncp-pkt} command can decompress the data.