From dc804b9d5f3a2a9f1fffa1b97d82e0e04c44508b Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 19 Sep 2022 15:00:15 +0000 Subject: [PATCH 01/53] remove unused code --- src/Site/Site.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Site/Site.py b/src/Site/Site.py index ea19c4a2..7deab5cc 100644 --- a/src/Site/Site.py +++ b/src/Site/Site.py @@ -35,7 +35,6 @@ class Site(object): def __init__(self, address, allow_create=True, settings=None): self.address = str(re.sub("[^A-Za-z0-9]", "", address)) # Make sure its correct address self.address_hash = hashlib.sha256(self.address.encode("ascii")).digest() - self.address_sha1 = hashlib.sha1(self.address.encode("ascii")).digest() self.address_short = "%s..%s" % (self.address[:6], self.address[-4:]) # Short address for logging self.log = logging.getLogger("Site:%s" % self.address_short) self.addEventListeners() From 128ff2dc3984072bd379e697f9d13637b38ddd3d Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 19 Sep 2022 15:27:45 +0000 Subject: [PATCH 02/53] comment in Db --- src/Db/Db.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Db/Db.py b/src/Db/Db.py index d1d9ce15..3d4b6d7d 100644 --- a/src/Db/Db.py +++ b/src/Db/Db.py @@ -1,3 +1,5 @@ +## please note that this file uses custom db cursor and thus may surprise you with how sql queries are performed + import sqlite3 import json import time From 53d51e8bc88ae408709f48ffcedc63251da1a8e8 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 19 Sep 2022 16:05:25 +0000 Subject: [PATCH 03/53] redirect .bit domains to hash actual addresses refs #23 --- src/Ui/UiRequest.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py index e34d22cb..1b2d5cf3 100644 --- a/src/Ui/UiRequest.py +++ b/src/Ui/UiRequest.py @@ -372,7 +372,7 @@ class UiRequest(object): # Redirect to an url def actionRedirect(self, url): self.start_response('301 Redirect', [('Location', str(url))]) - yield self.formatRedirect(url) + return self.formatRedirect(url) def actionIndex(self): return self.actionRedirect("/" + config.homepage + "/") @@ -634,7 +634,9 @@ class UiRequest(object): match = re.match(r"/(media/)?(?P
[A-Za-z0-9]+[A-Za-z0-9\._-]+)(?P/.*|$)", path) if match: path_parts = match.groupdict() - if self.isDomain(path_parts["address"]): + addr = path_parts["address"] + if self.isDomain(addr): + path_parts["domain"] = addr path_parts["address"] = self.resolveDomain(path_parts["address"]) path_parts["request_address"] = path_parts["address"] # Original request address (for Merger sites) path_parts["inner_path"] = path_parts["inner_path"].lstrip("/") @@ -651,6 +653,12 @@ class UiRequest(object): except SecurityError as err: return self.error403(err) + if "domain" in path_parts: + addr = path_parts['address'] + path = path_parts['inner_path'] + query = self.env['QUERY_STRING'] + return self.actionRedirect(f"/{addr}/{path}?{query}") + if not path_parts: return self.error404(path) From 75d25c48540317dafb47d07e4cc1bfb87e0db39d Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 23 Oct 2022 14:23:34 +0000 Subject: [PATCH 04/53] improve start-venv.sh (pass command line arguments) --- start-venv.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/start-venv.sh b/start-venv.sh index be8b5888..33ac3216 100755 --- a/start-venv.sh +++ b/start-venv.sh @@ -5,4 +5,4 @@ if [ ! -f venv/bin/activate ] ; then fi source venv/bin/activate python3 -m pip install -r requirements.txt -python3 zeronet.py +python3 zeronet.py $1 $2 $3 $4 $5 $6 $7 $8 $9 From 79ffcac22d18525ac4f570813953569c8346618e Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 13:55:38 +0000 Subject: [PATCH 05/53] reduce fingerprinting information accessible to unprivileged sites refs #163 --- src/Config.py | 1 + src/Connection/Connection.py | 2 +- src/Ui/UiWebsocket.py | 86 +++++++++++++++++++++++------------- 3 files changed, 57 insertions(+), 32 deletions(-) diff --git a/src/Config.py b/src/Config.py index 1b621d5d..be0b873e 100644 --- a/src/Config.py +++ b/src/Config.py @@ -101,6 +101,7 @@ class Config(object): self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit self.rev = 5036 + self.user_agent_rev = 8192 self.argv = argv self.action = None self.test_parser = None diff --git a/src/Connection/Connection.py b/src/Connection/Connection.py index de95d867..879bcfab 100644 --- a/src/Connection/Connection.py +++ b/src/Connection/Connection.py @@ -369,7 +369,7 @@ class Connection(object): "fileserver_port": self.server.port, "port_opened": self.server.port_opened.get(self.ip_type, None), "target_ip": self.ip, - "rev": 8192, + "rev": config.user_agent_rev, "crypt_supported": crypt_supported, "crypt": self.crypt, "time": int(time.time()) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index 48a30ee2..e4f98fca 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -288,38 +288,62 @@ class UiWebsocket(object): return ret def formatServerInfo(self): - import main - file_server = main.file_server - if file_server.port_opened == {}: - ip_external = None + # unprivileged sites should not get any fingerprinting information + if "ADMIN" in self.site.settings['permissions']: + import main + file_server = main.file_server + if file_server.port_opened == {}: + ip_external = None + else: + ip_external = any(file_server.port_opened.values()) + back = { + 'ip_external' : ip_external, + 'port_opened' : file_server.port_opened, + 'platform' : sys.platform, + 'dist_type' : config.dist_type, + 'fileserver_ip' : config.fileserver_ip, + 'fileserver_port' : config.fileserver_port, + 'tor_enabled' : file_server.tor_manager.enabled, + 'tor_status' : file_server.tor_manager.status, + 'tor_has_meek_bridges' : file_server.tor_manager.has_meek_bridges, + 'tor_use_bridges' : config.tor_use_bridges, + 'ui_ip' : config.ui_ip, + 'ui_port' : config.ui_port, + 'version' : config.version, + 'rev' : config.rev, + 'timecorrection' : file_server.timecorrection, + 'language' : config.language, + 'debug' : config.debug, + 'offline' : config.offline, + 'plugins' : PluginManager.plugin_manager.plugin_names, + 'plugins_rev' : PluginManager.plugin_manager.plugins_rev, + 'user_settings' : self.user.settings, + 'lib_verify_best' : CryptBitcoin.lib_verify_best + } else: - ip_external = any(file_server.port_opened.values()) - back = { - "ip_external": ip_external, - "port_opened": file_server.port_opened, - "platform": sys.platform, - "fileserver_ip": config.fileserver_ip, - "fileserver_port": config.fileserver_port, - "tor_enabled": file_server.tor_manager.enabled, - "tor_status": file_server.tor_manager.status, - "tor_has_meek_bridges": file_server.tor_manager.has_meek_bridges, - "tor_use_bridges": config.tor_use_bridges, - "ui_ip": config.ui_ip, - "ui_port": config.ui_port, - "version": config.version, - "rev": config.rev, - "timecorrection": file_server.timecorrection, - "language": config.language, - "debug": config.debug, - "offline": config.offline, - "plugins": PluginManager.plugin_manager.plugin_names, - "plugins_rev": PluginManager.plugin_manager.plugins_rev, - "user_settings": self.user.settings - } - if "ADMIN" in self.site.settings["permissions"]: - # back["updatesite"] = config.updatesite - back["dist_type"] = config.dist_type - back["lib_verify_best"] = CryptBitcoin.lib_verify_best + back = { + 'ip_external' : None, + 'port_opened' : False, + 'platform' : 'generic', + 'dist_type' : 'generic', + 'fileserver_ip' : '127.0.0.1', + 'fileserver_port' : 15441, + 'tor_enabled' : True, + 'tor_status' : 'OK', + 'tor_has_meek_bridges' : True, + 'tor_use_bridges' : True, + 'ui_ip' : '127.0.0.1', + 'ui_port' : 43110, + 'version' : config.user_agent, + 'rev' : config.user_agent_rev, + 'timecorrection' : 0.0, + 'language' : config.language, #? + 'debug' : False, + 'offline' : False, + 'plugins' : [], + 'plugins_rev' : {}, + 'user_settings' : self.user.settings #? + } return back def formatAnnouncerInfo(self, site): From 9f8524f66d54696c403e55dee9c9a258f60fd031 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 14:28:12 +0000 Subject: [PATCH 06/53] reduce fingerprinting information in siteInfo refs #163 --- src/Ui/UiWebsocket.py | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index e4f98fca..896f5b7c 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -262,7 +262,14 @@ class UiWebsocket(object): del(content["signers_sign"]) settings = site.settings.copy() - del settings["wrapper_key"] # Dont expose wrapper key + # remove fingerprinting information for non-admin sites + if 'ADMIN' not in self.site.settings['permissions']: + del settings['wrapper_key'] + settings['added'] = 0 + settings['serving'] = True + settings['ajax_key'] = '' + settings['peers'] = 1 + settings['cache'] = {} ret = { "auth_address": self.user.getAuthAddress(site.address, create=create_user), @@ -281,9 +288,20 @@ class UiWebsocket(object): "workers": len(site.worker_manager.workers), "content": content } + if 'ADMIN' not in self.site.settings['permissions']: + ret.update({ + "content_updated": 0, + "bad_files": len(site.bad_files), # ? + "size_limit": site.getSizeLimit(), # ? + "next_size_limit": site.getNextSizeLimit(), # ? + "peers": 1, + "started_task_num": 0, + "tasks": 0, + "workers": 0, + }) if site.settings["own"]: ret["privatekey"] = bool(self.user.getSiteData(site.address, create=create_user).get("privatekey")) - if site.isServing() and content: + if site.isServing() and content and "ADMIN" in self.site.settings['permissions']: ret["peers"] += 1 # Add myself if serving return ret From f2884f3c7c7a188f1af4e136c5200b7e31c8f371 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 14:32:13 +0000 Subject: [PATCH 07/53] reduce fingerprinting information: trackers refs #163 --- src/Ui/UiWebsocket.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index 896f5b7c..e982b990 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -365,7 +365,11 @@ class UiWebsocket(object): return back def formatAnnouncerInfo(self, site): - return {"address": site.address, "stats": site.announcer.stats} + if "ADMIN" in self.site.settings['permissions']: + stats = site.announcer.stats + else: + stats = {} + return {"address": site.address, "stats": stats} # - Actions - From 21699d012e8e48cff447d458880bb489ee3b6c1a Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 19:54:24 +0000 Subject: [PATCH 08/53] update CHANGELOG --- CHANGELOG.md | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95bac884..78d96378 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,18 @@ ### zeronet-conservancy 0.7.7+ +maintainers: @caryoscelus +- improve starting script +- fix default ssl version to be secure +- disable geoip-related ip address leak when in tor-only mode +- windows os build/running instruction (WIP) +- better command line parsing +- ArchLinux AUR package +- update android instruction (thanks oseido for reporting) +- better browser launch handling +- ability to add/remove from favourites from sidebar +- NoNewSites plugin +- show help message even when startup fails +- fix plugin options handling regression +- multiple code improvements ### zeronet-conservancy 0.7.7 (2022-07-27) (f40dbfeb2163b9902495ba) maintainers: @caryoscelus, @FraYoshi, @prtngn, @d47081 (ex @d4708) From c9ea546321da7f805680449bdbcc1acf2d7ff6c5 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 14 Nov 2022 21:14:36 +0000 Subject: [PATCH 09/53] SideBar plugin: add self-onion in copy-nodes-ip refs #161 --- plugins/Sidebar/SidebarPlugin.py | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/plugins/Sidebar/SidebarPlugin.py b/plugins/Sidebar/SidebarPlugin.py index ca4968cc..ddbd7cd6 100644 --- a/plugins/Sidebar/SidebarPlugin.py +++ b/plugins/Sidebar/SidebarPlugin.py @@ -12,6 +12,7 @@ import urllib.parse import gevent import util +import main from Config import config from Plugin import PluginManager from Debug import Debug @@ -115,11 +116,11 @@ class UiWebsocketPlugin(object): local_html = "" peer_ips = [peer.key for peer in site.getConnectablePeers(20, allow_private=False)] + self_onion = main.file_server.tor_manager.site_onions.get(site.address, None) + if self_onion is not None: + peer_ips.append(self_onion+'.onion') peer_ips.sort(key=lambda peer_ip: ".onion:" in peer_ip) - copy_link = "http://127.0.0.1:43110/%s/?zeronet_peers=%s" % ( - site.content_manager.contents.get("content.json", {}).get("domain", site.address), - ",".join(peer_ips) - ) + copy_link = f'http://127.0.0.1:43110/{site.address}/?zeronet_peers={",".join(peer_ips)}' body.append(_("""
  • From dd46831e623803888d7a169055f060a21fd3e0d4 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 15 Nov 2022 09:16:38 +0000 Subject: [PATCH 10/53] update CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 78d96378..5f49c4da 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ ### zeronet-conservancy 0.7.7+ maintainers: @caryoscelus +- improve copying peers from sidebar +- reduce fingerprinting information available to unprivileged sites - improve starting script - fix default ssl version to be secure - disable geoip-related ip address leak when in tor-only mode From 9228b4cbbfb4923b714d5099dec9883eb52dc1ca Mon Sep 17 00:00:00 2001 From: snyk-bot Date: Tue, 15 Nov 2022 10:51:38 +0000 Subject: [PATCH 11/53] fix: requirements.txt to reduce vulnerabilities The following vulnerabilities are fixed by pinning transitive dependencies: - https://snyk.io/vuln/SNYK-PYTHON-SETUPTOOLS-3113904 --- requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/requirements.txt b/requirements.txt index e5cfb71e..4e8543b7 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,2 +1,3 @@ gevent>=1.1.0 msgpack>=0.4.4 +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability From cf6338f532627095361b6644a10836e58797039a Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 15 Nov 2022 20:01:59 +0000 Subject: [PATCH 12/53] update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5f49c4da..83a43622 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ### zeronet-conservancy 0.7.7+ maintainers: @caryoscelus +- remove potential vulnerability via setuptools (@ajesse11x) - improve copying peers from sidebar - reduce fingerprinting information available to unprivileged sites - improve starting script From bdd63b42d00fe6b415786f14bd8467449205f4b0 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 15 Nov 2022 20:15:48 +0000 Subject: [PATCH 13/53] add support for ada/cardano donation addresses in sidebar refs #95 --- plugins/Sidebar/SidebarPlugin.py | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/plugins/Sidebar/SidebarPlugin.py b/plugins/Sidebar/SidebarPlugin.py index ddbd7cd6..ececb10b 100644 --- a/plugins/Sidebar/SidebarPlugin.py +++ b/plugins/Sidebar/SidebarPlugin.py @@ -453,7 +453,8 @@ class UiWebsocketPlugin(object): donate_generic = site.content_manager.contents.get("content.json", {}).get("donate", None) or site.content_manager.contents.get("content.json", {}).get("donate-generic", None) donate_btc = site.content_manager.contents.get("content.json", {}).get("donate-btc", None) donate_xmr = site.content_manager.contents.get("content.json", {}).get("donate-xmr", None) - donate_enabled = bool(donate_generic or donate_btc or donate_xmr) + donate_ada = site.content_manager.contents.get("content.json", {}).get("donate-ada", None) + donate_enabled = bool(donate_generic or donate_btc or donate_xmr or donate_ada) if donate_enabled: body.append(_("""
  • @@ -483,6 +484,15 @@ class UiWebsocketPlugin(object): {_[Donate Monero]} """)) + if donate_ada: + body.append(_(""" +
    + {donate_ada}
    +
    +
    + {_[Donate Ada/Cardano]} +
    + """)) if donate_enabled: body.append(_("""
    • From b2acdc8e47cc5dc16e77f4391059be90138af2d5 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 20 Nov 2022 14:48:47 +0000 Subject: [PATCH 14/53] use archived version of .bit domain list (deprecated) by default --- plugins/Zeroname/SiteManagerPlugin.py | 2 +- src/Config.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins/Zeroname/SiteManagerPlugin.py b/plugins/Zeroname/SiteManagerPlugin.py index 2553a50c..c25fafa1 100644 --- a/plugins/Zeroname/SiteManagerPlugin.py +++ b/plugins/Zeroname/SiteManagerPlugin.py @@ -63,7 +63,7 @@ class ConfigPlugin(object): group = self.parser.add_argument_group("Zeroname plugin") group.add_argument( "--bit_resolver", help="ZeroNet site to resolve .bit domains", - default="1Name2NXVi1RDPDgf5617UoW7xA6YrhM9F", metavar="address" + default="1GnACKctkJrGWHTqxk9T9zXo2bLQc2PDnF", metavar="address" ) return super(ConfigPlugin, self).createArguments() diff --git a/src/Config.py b/src/Config.py index be0b873e..763d35c9 100644 --- a/src/Config.py +++ b/src/Config.py @@ -100,7 +100,7 @@ class Config(object): self.version = "0.7.7+" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit - self.rev = 5036 + self.rev = 5037 self.user_agent_rev = 8192 self.argv = argv self.action = None From 4a6b9982b8af21077e045cb9ce270d19d57fb285 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 20 Nov 2022 17:00:18 +0000 Subject: [PATCH 15/53] update CHANGELOG --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 83a43622..9f1f39fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ### zeronet-conservancy 0.7.7+ maintainers: @caryoscelus +- readdress .bit domains as part of their deprecation - remove potential vulnerability via setuptools (@ajesse11x) - improve copying peers from sidebar - reduce fingerprinting information available to unprivileged sites From 110307a4198cb13cc907ae209f8e869971504ca6 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Wed, 23 Nov 2022 11:18:07 +0000 Subject: [PATCH 16/53] v0.7.8 --- CHANGELOG.md | 1 + src/Config.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f1f39fe..8954a60b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ### zeronet-conservancy 0.7.7+ maintainers: @caryoscelus +- use archived version of .bit domain registry to avoid malicious rewrites - readdress .bit domains as part of their deprecation - remove potential vulnerability via setuptools (@ajesse11x) - improve copying peers from sidebar diff --git a/src/Config.py b/src/Config.py index 763d35c9..00a99263 100644 --- a/src/Config.py +++ b/src/Config.py @@ -97,7 +97,7 @@ trackers = [ class Config(object): def __init__(self, argv): - self.version = "0.7.7+" + self.version = "0.7.8" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit self.rev = 5037 From 0475a39fe17281e04720dbd2ff61ef8d875dce99 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Wed, 23 Nov 2022 21:34:14 +0000 Subject: [PATCH 17/53] release commit hash in CHANGELOG --- CHANGELOG.md | 4 +++- src/Config.py | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8954a60b..aa013abf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ -### zeronet-conservancy 0.7.7+ +### zeronet-conservancy 0.7.8+ + +### zeronet-conservancy 0.7.8 (2022-11-23) (110307a4198cb13cc907ae) maintainers: @caryoscelus - use archived version of .bit domain registry to avoid malicious rewrites - readdress .bit domains as part of their deprecation diff --git a/src/Config.py b/src/Config.py index 00a99263..0f9c89b8 100644 --- a/src/Config.py +++ b/src/Config.py @@ -97,7 +97,7 @@ trackers = [ class Config(object): def __init__(self, argv): - self.version = "0.7.8" + self.version = "0.7.8+" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit self.rev = 5037 From f88260a7706784aef8d8e66fea84cb571a32f6fc Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 27 Nov 2022 09:33:48 +0000 Subject: [PATCH 18/53] minor code improvement use format strings --- plugins/ContentFilter/ContentFilterPlugin.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/plugins/ContentFilter/ContentFilterPlugin.py b/plugins/ContentFilter/ContentFilterPlugin.py index 9d8dc6e8..6cec1bc3 100644 --- a/plugins/ContentFilter/ContentFilterPlugin.py +++ b/plugins/ContentFilter/ContentFilterPlugin.py @@ -38,7 +38,7 @@ class SiteManagerPlugin(object): block_details = None if block_details: - raise Exception("Site blocked: %s" % html.escape(block_details.get("reason", "unknown reason"))) + raise Exception(f'Site blocked: {html.escape(block_details.get("reason", "unknown reason"))}') else: return super(SiteManagerPlugin, self).add(address, *args, **kwargs) @@ -204,15 +204,15 @@ class SiteStoragePlugin(object): # Check if any of the adresses are in the mute list for auth_address in matches: if filter_storage.isMuted(auth_address): - self.log.debug("Mute match: %s, ignoring %s" % (auth_address, inner_path)) + self.log.debug(f'Mute match: {auth_address}, ignoring {inner_path}') return False return super(SiteStoragePlugin, self).updateDbFile(inner_path, file=file, cur=cur) def onUpdated(self, inner_path, file=None): - file_path = "%s/%s" % (self.site.address, inner_path) - if file_path in filter_storage.file_content["includes"]: - self.log.debug("Filter file updated: %s" % inner_path) + file_path = f'{self.site.address}/{inner_path}' + if file_path in filter_storage.file_content['includes']: + self.log.debug('Filter file updated: {inner_path}') filter_storage.includeUpdateAll() return super(SiteStoragePlugin, self).onUpdated(inner_path, file=file) From 32bd9bbc60d343821bd9f6f81011881d61400141 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 27 Nov 2022 09:56:53 +0000 Subject: [PATCH 19/53] more compact boot-logo so that it doesn't spill on small screens --- zeronet.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/zeronet.py b/zeronet.py index a9cbd7ed..9d9cec79 100755 --- a/zeronet.py +++ b/zeronet.py @@ -24,10 +24,10 @@ def fancy_greet(): from rich.console import Console from rich.text import Text zc_msg = f''' -||| __. _.. _ . . _ _._|_ _. . . _ .-- _.. _. . __.. _ _.. . -||| / /_||/ / \|/ |/_| | == / / \|/ | \ /_||/ | | __||/ |/ \_| -||| /_.\_ | \_/| |\_ |. \__\_/| |._|\_ | \/ |__|| |\__ | -||| _/ +||| . . _ _._|_ _. . . _ .__ _.. _. . __.. _ __. . +||| //\|/ |/_| | == / / \|/ |( /_||/ | | __||/ |/ \_| +||| \_/| |\_ |. \__\_/| |_) \_ | \/ |__|| |\__ _/ +||| ||| v{config.version} ''' lns = zc_msg.split('\n') From b6e18fd3738b4725726c5e170040deb3048c9048 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 27 Nov 2022 11:00:39 +0000 Subject: [PATCH 20/53] update README --- README.md | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 0b37d5f4..ed4d6190 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,8 @@ [![Packaging status](https://repology.org/badge/vertical-allrepos/zeronet-conservancy.svg)](https://repology.org/project/zeronet-conservancy/versions) +(NOTE THAT TRANSLATIONS ARE USUALLY BEHIND THIS FILE) + [по-русски](README-ru.md) | [em português](README-ptbr.md) | [简体中文](README-zh-cn.md) zeronet-conservancy is a fork/continuation of [ZeroNet](https://github.com/HelloZeroNet/ZeroNet) project @@ -38,13 +40,14 @@ brand new, completely transparent and audited network is ready and this project * Automatic uPnP port opening (if opted in) * Plugin for multiuser (openproxy) support * Works with any modern browser/OS + * Works offline and can be synced via alternative transports (or when connection is back) ## How does it work? * After starting `zeronet.py` you will be able to visit zeronet sites using `http://127.0.0.1:43110/{zeronet_address}` (eg. - `http://127.0.0.1:43110/126NXcevn1AUehWFZLTBw7FrX1crEizQdr`). + `http://127.0.0.1:43110/1MCoA8rQHhwu4LY2t2aabqcGSRqrL8uf2X/`). * When you visit a new zeronet site, it tries to find peers using the BitTorrent network so it can download the site files (html, css, js...) from them. * Each visited site is also served by you. @@ -60,14 +63,14 @@ Following links relate to original ZeroNet: - [Slideshow about ZeroNet cryptography, site updates, multi-user sites »](https://docs.google.com/presentation/d/1_2qK1IuOKJ51pgBvllZ9Yu7Au2l551t3XBgyTSvilew/pub?start=false&loop=false&delayms=3000) - [Frequently asked questions »](https://zeronet.io/docs/faq/) -- [ZeroNet Developer Documentation »](https://zeronet.io/docs/site_development/getting_started/) +- [ZeroNet Developer Documentation »](https://zeronet.io/docs/site_development/getting_started/) (getting outdated) ## How to join ### Install from your distribution repository - NixOS: https://search.nixos.org/packages?channel=22.05&show=zeronet-conservancy&type=packages&query=zeronet-conservancy (and see below) -- ArchLinux: https://aur.archlinux.org/packages/zeronet-conservancy-git (fresh git version) +- ArchLinux: [latest release](https://aur.archlinux.org/packages/zeronet-conservancy), [fresh git version](https://aur.archlinux.org/packages/zeronet-conservancy-git) ### Install from Nix package manager (Linux or MacOS) @@ -161,14 +164,16 @@ Install autoconf and other basic development tools, python3 and pip, then procee * Doesn't work directly from browser (one of the top priorities for mid-future) * No data transparency * No reproducible builds +* No on-disk encryption +* No reproducible builds (hence no builds beyond certain GNU/Linux distributions) ## How can I create a ZeroNet site? - * Click on **⋮** > **"Create new, empty site"** menu item on the [admin page](http://127.0.0.1:43110/126NXcevn1AUehWFZLTBw7FrX1crEizQdr). + * Click on **⋮** > **"Create new, empty site"** menu item on the [dashboard](http://127.0.0.1:43110/191CazMVNaAcT9Y1zhkxd9ixMBPs59g2um/). * You will be **redirected** to a completely new site that is only modifiable by you! * You can find and modify your site's content in **data/[yoursiteaddress]** directory - * After the modifications open your site, drag the topright "0" button to the left, then press **sign** and **publish** buttons on the bottom + * After the modifications open your site, drag the topright "0" button to the left, then press **sign and publish** button on the bottom Next steps: [ZeroNet Developer Documentation](https://zeronet.io/docs/site_development/getting_started/) @@ -179,6 +184,12 @@ Next steps: [ZeroNet Developer Documentation](https://zeronet.io/docs/site_devel We need more maintainers! Become one today! You don't need to know how to code, there's a lot of other work to do. +### Make builds for your platforms + +We need reproducible stand-alone builds for major platforms, as well as presense in various FLOSS +repositories. If you're using one of Linux distributions which don't have packages yet, why not make +a package for it or (if you don't know how) ask a maintainer now? + ### Fix bugs & add features We've decided to go ahead and make a perfect p2p web, so we need more help From 119352a685fd7bd397906be3ac1507d76f4c298f Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 28 Nov 2022 09:13:32 +0000 Subject: [PATCH 21/53] Revert "remove unused code" This reverts commit dc804b9d5f3a2a9f1fffa1b97d82e0e04c44508b. fixes #182 --- src/Site/Site.py | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Site/Site.py b/src/Site/Site.py index 7deab5cc..ea19c4a2 100644 --- a/src/Site/Site.py +++ b/src/Site/Site.py @@ -35,6 +35,7 @@ class Site(object): def __init__(self, address, allow_create=True, settings=None): self.address = str(re.sub("[^A-Za-z0-9]", "", address)) # Make sure its correct address self.address_hash = hashlib.sha256(self.address.encode("ascii")).digest() + self.address_sha1 = hashlib.sha1(self.address.encode("ascii")).digest() self.address_short = "%s..%s" % (self.address[:6], self.address[-4:]) # Short address for logging self.log = logging.getLogger("Site:%s" % self.address_short) self.addEventListeners() From f02e57697304c19c04f2a4412a54f62455f7d1e3 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 28 Nov 2022 09:28:52 +0000 Subject: [PATCH 22/53] code comment --- src/Config.py | 2 +- src/Site/Site.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Config.py b/src/Config.py index 0f9c89b8..9149d165 100644 --- a/src/Config.py +++ b/src/Config.py @@ -100,7 +100,7 @@ class Config(object): self.version = "0.7.8+" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit - self.rev = 5037 + self.rev = 5038 self.user_agent_rev = 8192 self.argv = argv self.action = None diff --git a/src/Site/Site.py b/src/Site/Site.py index ea19c4a2..ffdb2bb0 100644 --- a/src/Site/Site.py +++ b/src/Site/Site.py @@ -35,6 +35,7 @@ class Site(object): def __init__(self, address, allow_create=True, settings=None): self.address = str(re.sub("[^A-Za-z0-9]", "", address)) # Make sure its correct address self.address_hash = hashlib.sha256(self.address.encode("ascii")).digest() + # sha1 is used for clearnet trackers self.address_sha1 = hashlib.sha1(self.address.encode("ascii")).digest() self.address_short = "%s..%s" % (self.address[:6], self.address[-4:]) # Short address for logging self.log = logging.getLogger("Site:%s" % self.address_short) From b5a80504a5329fe67ded6e7baa44171403238591 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 28 Nov 2022 12:58:48 +0000 Subject: [PATCH 23/53] GiveUpGitHub notice we're not ready to move on yet, but we're on the path! --- README.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/README.md b/README.md index ed4d6190..f3d1810b 100644 --- a/README.md +++ b/README.md @@ -220,3 +220,26 @@ private, a Monero wallet: If you want to donate in a different way, feel free to contact maintainer or create an issue + +# We're using GitHub under protest + +This project is currently hosted on GitHub. This is not ideal; GitHub is a +proprietary, trade-secret system that is not Free/Libre and Open Souce Software +(FLOSS). We are deeply concerned about using a proprietary system like GitHub +to develop our FLOSS project. We have an +[open issue](https://github.com/zeronet-conservancy/zeronet-conservancy/issues/89) +to track moving away from GitHub in the long term. We urge you to read about the +[Give up GitHub](https://GiveUpGitHub.org) campaign from +[the Software Freedom Conservancy](https://sfconservancy.org) to understand +some of the reasons why GitHub is not a good place to host FOSS projects. + +If you are a contributor who personally has already quit using GitHub, feel +free to [check out from our mirror on notabug](https://notabug.org/caryoscelus/zeronet-conservancy) +and develop there or send git patches directly to project maintainer via +preffered [contact channel](https://caryoscelus.github.io/contacts/). + +Any use of this project's code by GitHub Copilot, past or present, is done +without our permission. We do not consent to GitHub's use of this project's +code in Copilot. + +![Logo of the GiveUpGitHub campaign](https://sfconservancy.org/img/GiveUpGitHub.png) From b1f2560037f40930cae1a3f6fee0d432c6025082 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 28 Nov 2022 13:03:51 +0000 Subject: [PATCH 24/53] update CHANGELOG preparing v0.7.8.1 --- CHANGELOG.md | 9 ++++++++- src/Config.py | 2 +- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa013abf..f74757a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,11 @@ -### zeronet-conservancy 0.7.8+ +### zeronet-conservancy 0.7.8.1+ + +### zeronet-conservancy 0.7.8.1 (2022-11-28) +maintainers: @caryoscelus +- fix tracker connection regression introduced in dc804b9d5f3a2a9f1fffa1b97d82e0e04c44508b +- GiveUpGitHub notice +- update README +- new, more compact boot logo in console (more suitable for small screens) ### zeronet-conservancy 0.7.8 (2022-11-23) (110307a4198cb13cc907ae) maintainers: @caryoscelus diff --git a/src/Config.py b/src/Config.py index 9149d165..e46a2c68 100644 --- a/src/Config.py +++ b/src/Config.py @@ -100,7 +100,7 @@ class Config(object): self.version = "0.7.8+" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit - self.rev = 5038 + self.rev = 5039 self.user_agent_rev = 8192 self.argv = argv self.action = None From 32042a330eb90293cb3cd20836908c9e93050c47 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 28 Nov 2022 15:47:48 +0000 Subject: [PATCH 25/53] fix favourite/unfavourite in sidebar refs #146 --- plugins/Sidebar/SidebarPlugin.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/Sidebar/SidebarPlugin.py b/plugins/Sidebar/SidebarPlugin.py index ececb10b..c117de0e 100644 --- a/plugins/Sidebar/SidebarPlugin.py +++ b/plugins/Sidebar/SidebarPlugin.py @@ -422,7 +422,7 @@ class UiWebsocketPlugin(object): print('No dashboard found, cannot favourite') class_favourite = "hidden" class_unfavourite = "hidden" - elif dsite.get('sittings', {}).get('favorite_sites', {}).get(self.site.address, False): + elif not dsite.get('settings', {}).get('favorite_sites', {}).get(self.site.address, False): class_favourite = "" class_unfavourite = "hidden" else: From 0054eca9df0c9c8c2f4a7837461a7d001f996c2e Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 28 Nov 2022 15:53:08 +0000 Subject: [PATCH 26/53] v0.7.8.1 update CHANGELOG & bump revision --- CHANGELOG.md | 3 ++- src/Config.py | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f74757a9..e9858232 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,7 +2,8 @@ ### zeronet-conservancy 0.7.8.1 (2022-11-28) maintainers: @caryoscelus -- fix tracker connection regression introduced in dc804b9d5f3a2a9f1fffa1b97d82e0e04c44508b +- fix favourite/unfavourite in sidebar +- fix tracker connection regression introduced in dc804b9d5f3a2a9f1fffa1b97d82e0e04c44508b (thanks to @bitcoren) - GiveUpGitHub notice - update README - new, more compact boot logo in console (more suitable for small screens) diff --git a/src/Config.py b/src/Config.py index e46a2c68..db498f89 100644 --- a/src/Config.py +++ b/src/Config.py @@ -97,10 +97,10 @@ trackers = [ class Config(object): def __init__(self, argv): - self.version = "0.7.8+" + self.version = "0.7.8.1" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit - self.rev = 5039 + self.rev = 5040 self.user_agent_rev = 8192 self.argv = argv self.action = None From 0d9a00cf6512c1bb0b24ab3ec680bedce57a5379 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 29 Nov 2022 09:57:39 +0000 Subject: [PATCH 27/53] release version hash --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e9858232..9f5c9062 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ ### zeronet-conservancy 0.7.8.1+ -### zeronet-conservancy 0.7.8.1 (2022-11-28) +### zeronet-conservancy 0.7.8.1 (2022-11-28) (0054eca9df0c9c8c2f4a78) maintainers: @caryoscelus - fix favourite/unfavourite in sidebar - fix tracker connection regression introduced in dc804b9d5f3a2a9f1fffa1b97d82e0e04c44508b (thanks to @bitcoren) From 7c73d7543c74b9d82f579164fffc6167db71e9d6 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 29 Nov 2022 16:39:21 +0000 Subject: [PATCH 28/53] minor code improvement use format strings for readability --- src/Content/ContentManager.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Content/ContentManager.py b/src/Content/ContentManager.py index e43fef2b..d6086e19 100644 --- a/src/Content/ContentManager.py +++ b/src/Content/ContentManager.py @@ -793,7 +793,7 @@ class ContentManager(object): return 1 # Todo: Multisig def verifyCertSign(self, user_address, user_auth_type, user_name, issuer_address, sign): - cert_subject = "%s#%s/%s" % (user_address, user_auth_type, user_name) + cert_subject = f'{user_address}#{user_auth_type}/{user_name}' return CryptBitcoin.verify(cert_subject, issuer_address, sign) def verifyCert(self, inner_path, content): From 423dd46c67e7909125b949791472ca61f027cec3 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 29 Nov 2022 16:39:42 +0000 Subject: [PATCH 29/53] update README --- README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f3d1810b..df1d39e4 100644 --- a/README.md +++ b/README.md @@ -120,12 +120,13 @@ Install autoconf and other basic development tools, python3 and pip, then procee - `python3 zeronet.py` #### (alternatively) Build Docker image -- build 0net image: `docker build -t 0net:conservancy . -f Dockerfile` -- or build 0net image with integrated tor: `docker build -t 0net:conservancy . -f Dockerfile.integrated_tor` -- and run it: `docker run --rm -it -v :/app/data -p 43110:43110 -p 26552:26552 0net:conservancy` +- build 0net image: `docker build -t 0net-conservancy:latest . -f Dockerfile` +- or build 0net image with integrated tor: `docker build -t 0net-conservancy:latest . -f Dockerfile.integrated_tor` +- and run it: `docker run --rm -it -v :/app/data -p 43110:43110 -p 26552:26552 0net-conservancy:latest` - /path/to/0n/data/directory - directory, where all data will be saved, including your secret certificates. If you run it with production mode, do not remove this folder! -- or you can run it with docker-compose: `docker compose up -d 0net` up two containers - 0net and tor separately. +- or you can run it with docker-compose: `docker compose up -d 0net-conservancy` up two containers - 0net and tor separately. - or: `docker compose up -d 0net-tor` for run 0net and tor in one container. +(please check if these instructions are still accurate) #### Alternative script - after installing general dependencies and cloning repo (as above), run `start-venv.sh` which will create a virtual env for you and install python requirements From 06db221bbd5d6710a5655af507ecbb56a72adf3f Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 29 Nov 2022 16:40:08 +0000 Subject: [PATCH 30/53] update README-ru --- README-ru.md | 29 ++++++++++++++++------------- 1 file changed, 16 insertions(+), 13 deletions(-) diff --git a/README-ru.md b/README-ru.md index 2546431e..1c9df426 100644 --- a/README-ru.md +++ b/README-ru.md @@ -42,7 +42,7 @@ zeronet-conservancy — это форк/продолжение проекта [Z * После запуска `zeronet.py` вы сможете посетить zeronet сайты используя адрес `http://127.0.0.1:43110/{zeronet_address}` -(например. `http://127.0.0.1:43110/1HeLLo4uzjaLetFx6NH3PMwFP3qbRbTf3D`). +(например. `http://127.0.0.1:43110/1MCoA8rQHhwu4LY2t2aabqcGSRqrL8uf2X`). * Когда вы посещаете новый сайт zeronet, он пытается найти пиров с помощью BitTorrent чтобы загрузить файлы сайтов (html, css, js ...) из них. * Каждый посещенный зайт также обслуживается вами. (Т.е хранится у вас на компьютере) @@ -65,6 +65,7 @@ zeronet-conservancy — это форк/продолжение проекта [Z ### Установить из репозитория вашего дистрибутива - NixOS: https://search.nixos.org/packages?channel=22.05&show=zeronet-conservancy&type=packages&query=zeronet-conservancy +- ArchLinux: [последний релиз](https://aur.archlinux.org/packages/zeronet-conservancy), [git-версия](https://aur.archlinux.org/packages/zeronet-conservancy-git) ### Установить из исходного кода (рекомендовано) @@ -85,7 +86,11 @@ zeronet-conservancy — это форк/продолжение проекта [Z - (optional) `pkg install tor` - (optional) запустить тор через команду `tor --ControlPort 9051 --CookieAuthentication 1` (вы можете открыть новый сеанс свайпом вправо) -#### Создание зависимостей Python и запуск +#### Скрипт, который всё сделает за вас + - после установки общих зависимостей и клонирования репозитория (как указано выше) запустите `start-venv.sh` который создаст для вас виртуальную среду (если её ещё нет) и установит необходимые пакеты Python + - больше удобных скриптов будует добавлено в ближайшее время + +#### Установка Python-зависимостей и запуск - клонируйте репозиторий (NOTE: на Android/Termux вы должны клонировать его в «домашнюю» папку Termux, потому что виртуальная среда не может находиться в `storage/`) - `python3 -m venv venv` (создайте виртуальную среду python, последнее `venv` это просто имя/название, если вы используете другое, вы должны заменить его в более поздних командах.) - `source venv/bin/activate` (активируйте среду) @@ -96,18 +101,14 @@ zeronet-conservancy — это форк/продолжение проекта [Z - `source venv/bin/activate` - `python3 zeronet.py` -#### Создание образа Docker -- создание образа: `docker build -t 0net:conservancy . -f Dockerfile` -- или создрание образа с встроенным tor: `docker build -t 0net:conservancy . -f Dockerfile.integrated_tor` -- и его запуск: `docker run --rm -it -v :/app/data -p 43110:43110 -p 26552:26552 0net:conservancy` +#### (альтернативно) Создание образа Docker +- создание образа: `docker build -t 0net-conservancy:latest . -f Dockerfile` +- или создрание образа с встроенным tor: `docker build -t 0net-conservancy:latest . -f Dockerfile.integrated_tor` +- и его запуск: `docker run --rm -it -v :/app/data -p 43110:43110 -p 26552:26552 0net-conservancy:latest` - /path/to/0n/data/directory - директория, куда будут сохраняться все данные в том числе секретные ключи. Если вы запускаете в боевом режиме, не потеряйте эту папку! -- или вы можете воспользоваться docker-compose: `docker compose up -d 0net` запускает два контейнера раздельно, для 0net и tor сервисов. +- или вы можете воспользоваться docker-compose: `docker compose up -d 0net-conservancy` запускает два контейнера раздельно, для 0net и tor сервисов. - или: `docker compose up -d 0net-tor` запускает один контейнер с tor и 0net. -#### альтернативный скрипт - - после установки общих зависимостей и клонирования репозитория (как указано выше) запустите `start-venv.sh` который создаст для вас виртуальную среду и установит требования Python - - больше удобных скриптов будует добавлено в ближайшее время - ## Текущие ограничения * Файловые транзакции не сжаты @@ -158,8 +159,10 @@ zeronet-conservancy — это форк/продолжение проекта [Z также создаст командные аккаунты на дружественных краудфандинговых платформах. Если вы хотите, чтобы ваше пожертвование было признано пожертвованием для этого -проекта, для этого также есть специальный биткойн-адрес: -1Kjuw3reZvxRVNs27Gen7jPJYCn6LY7Fg6 +проекта, для этого также есть специальный биткоин-адрес: +1Kjuw3reZvxRVNs27Gen7jPJYCn6LY7Fg6. Либо если хотите сделать более анонимный донат, вы +можете пожертвовать Monero: +4AiYUcqVRH4C2CVr9zbBdkhRnJnHiJoypHEsq4N7mQziGUoosPCpPeg8SPr87nvwypaRzDgMHEbWWDekKtq8hm9LBmgcMzC Если вы хотите сделать пожертвование другим способом, не стесняйтесь обращаться к сопровождающему или создать запрос From 03a9f2c49026aaab659f5395083bbf35db39b6bb Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 29 Nov 2022 16:40:46 +0000 Subject: [PATCH 31/53] new development cycle --- src/Config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Config.py b/src/Config.py index db498f89..f4f48619 100644 --- a/src/Config.py +++ b/src/Config.py @@ -97,10 +97,10 @@ trackers = [ class Config(object): def __init__(self, argv): - self.version = "0.7.8.1" + self.version = "0.7.8.1+" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit - self.rev = 5040 + self.rev = 5041 self.user_agent_rev = 8192 self.argv = argv self.action = None From 8616af3f2e7592ff17ebf76e13ede79f3051a914 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Thu, 1 Dec 2022 15:27:55 +0000 Subject: [PATCH 32/53] remove mention of python-3.6 in requirements.txt after analyzing the old version of requirements.txt, it becomes obvious that any real python 3.6.X versions would fail to install required package, and since no one complained that means there are no =20.9.0; python_version >= "3.7" +setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability +gevent>=20.9.0 msgpack>=0.4.4 base58 merkletools @@ -14,4 +13,3 @@ maxminddb rich defusedxml>=0.7 pyaes -setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerability From 2eac2d3f3533d5b39574370c257d8fc10b7768de Mon Sep 17 00:00:00 2001 From: chncaption <101684156+chncaption@users.noreply.github.com> Date: Sun, 4 Dec 2022 16:06:54 +0800 Subject: [PATCH 33/53] update msgpack 0.4.4 to 0.6.0 --- requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/requirements.txt b/requirements.txt index b3df57ea..c46f20f4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,7 +1,7 @@ gevent==1.4.0; python_version <= "3.6" greenlet==0.4.16; python_version <= "3.6" gevent>=20.9.0; python_version >= "3.7" -msgpack>=0.4.4 +msgpack>=0.6.0 base58 merkletools rsa From fa1c25326a5c40f6cf47e58024284316a8fc0f0b Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 4 Dec 2022 10:30:54 +0000 Subject: [PATCH 34/53] report error when peer rejects our update also improve code and comment --- src/Peer/Peer.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Peer/Peer.py b/src/Peer/Peer.py index e525b421..ec48f0fc 100644 --- a/src/Peer/Peer.py +++ b/src/Peer/Peer.py @@ -154,7 +154,7 @@ class Peer(object): self.log("Send request: %s %s %s %s" % (params.get("site", ""), cmd, params.get("inner_path", ""), params.get("location", ""))) - for retry in range(1, 4): # Retry 3 times + for retry in range(3): try: if not self.connection: # this is redundant, already established that self.connection is present @@ -165,7 +165,7 @@ class Peer(object): if "error" in res: self.log("%s error: %s" % (cmd, res["error"])) self.onConnectionError("Response error") - break + return res else: # Successful request, reset connection error num self.connection_error = 0 self.time_response = time.time() @@ -183,9 +183,9 @@ class Peer(object): "%s (connection_error: %s, hash_failed: %s, retry: %s)" % (Debug.formatException(err), self.connection_error, self.hash_failed, retry) ) - time.sleep(1 * retry) + time.sleep(retry+1) self.connect() - return None # Failed after 4 retry + return None # Failed after 3 attempts # Get a file content from peer def getFile(self, site, inner_path, file_size=None, pos_from=0, pos_to=None, streaming=False): From 0fa90c5d176377fdbc1c6b083d65a64c9a7f3dda Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 5 Dec 2022 10:45:26 +0000 Subject: [PATCH 35/53] update CHANGELOG --- CHANGELOG.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 9f5c9062..2140701d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,7 @@ ### zeronet-conservancy 0.7.8.1+ +- better debugging of update non-propagation +- sec update of msgpck dependency (@chncaption) +- deprecate python-3.6 as it apparently is no longer used (by active users) ### zeronet-conservancy 0.7.8.1 (2022-11-28) (0054eca9df0c9c8c2f4a78) maintainers: @caryoscelus From ab9fc61efc8e179fddbf9627e8fc2c4559f79d65 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 5 Dec 2022 16:50:10 +0000 Subject: [PATCH 36/53] Update README (NixOS dev instructions) thanks @fgaz for explanations fixes #189 --- README.md | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index df1d39e4..4a10fdf6 100644 --- a/README.md +++ b/README.md @@ -87,7 +87,7 @@ if you're on NixOS (thanks @fgaz for making & maintaining the package) -### Install from source (recommended) +### Install from source #### System dependencies @@ -108,7 +108,7 @@ Install autoconf and other basic development tools, python3 and pip, then procee - (optional) `pkg install tor` - (optional) run tor via `tor --ControlPort 9051 --CookieAuthentication 1` command (you can then open new session by swiping to the right) -#### Building python dependencies & running +#### Building python dependencies venv & running - clone this repo (NOTE: on Android/Termux you should clone it into "home" folder of Termux, because virtual environment cannot live in `storage/`) - `python3 -m venv venv` (make python virtual environment, the last `venv` is just a name, if you use different you should replace it in later commands) - `source venv/bin/activate` (activate environment) @@ -119,6 +119,11 @@ Install autoconf and other basic development tools, python3 and pip, then procee - `source venv/bin/activate` - `python3 zeronet.py` +#### (alternatively) On NixOS +- clone this repo +- `nix-shell '' -A zeronet-conservancy` to enter shell with installed dependencies +- `./zeronet.py` + #### (alternatively) Build Docker image - build 0net image: `docker build -t 0net-conservancy:latest . -f Dockerfile` - or build 0net image with integrated tor: `docker build -t 0net-conservancy:latest . -f Dockerfile.integrated_tor` From 30bf28df12e4c8b9a29f8c5f811ea1603763e9fc Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 5 Dec 2022 16:52:54 +0000 Subject: [PATCH 37/53] update CHANGELOG --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2140701d..32e431fb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,6 @@ ### zeronet-conservancy 0.7.8.1+ +maintainers: @caryoscelus +- update README (build/dev instructions; thanks to @fgaz) - better debugging of update non-propagation - sec update of msgpck dependency (@chncaption) - deprecate python-3.6 as it apparently is no longer used (by active users) From da10d2fb762ae96dfe6758d58ff956b7dcc33ee6 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 6 Dec 2022 12:38:05 +0000 Subject: [PATCH 38/53] update README (windows instruction minor change) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 4a10fdf6..fe0ead3f 100644 --- a/README.md +++ b/README.md @@ -151,7 +151,7 @@ Install autoconf and other basic development tools, python3 and pip, then procee - `cd zeronet-conservancy` - `python -m venv venv` (create virtual python environment) - `venv\Scripts\activate` (this activates the environment) -- `pip install -r requirements.txt` (install python dependencies) +- `pip install -r requirements.txt` (install python dependencies) (some users reported that this command doesn't successfully install requirements and only manual installation of dependencies one by one works) - (NOTE: if previous step fails, it most likely means you haven't installed c/c++ compiler successfully) - [optional for tor for better connectivity and anonymity] launch Tor Browser - (NOTE: windows might show a window saying it blocked access to internet for "security reasons" — you should allow the access) From 091323d4e34096d4e4dd8d466de080008c3a4e0b Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 6 Dec 2022 15:59:52 +0000 Subject: [PATCH 39/53] TODO comments --- src/Ui/UiWebsocket.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/Ui/UiWebsocket.py b/src/Ui/UiWebsocket.py index e982b990..e6f2f405 100644 --- a/src/Ui/UiWebsocket.py +++ b/src/Ui/UiWebsocket.py @@ -511,6 +511,8 @@ class UiWebsocket(object): # Sign and publish content.json def actionSitePublish(self, to, privatekey=None, inner_path="content.json", sign=True, remove_missing_optional=False, update_changed_files=False): + # TODO: check certificates (https://github.com/zeronet-conservancy/zeronet-conservancy/issues/190) + # TODO: update certificates (https://github.com/zeronet-conservancy/zeronet-conservancy/issues/194) if sign: inner_path = self.actionSiteSign( to, privatekey, inner_path, response_ok=False, From 5e39f37fba7dfaf9b14e4cb9e5179d7c22786a2f Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 6 Dec 2022 16:59:18 +0000 Subject: [PATCH 40/53] docker-ignore data/ directory --- .dockerignore | 1 + 1 file changed, 1 insertion(+) diff --git a/.dockerignore b/.dockerignore index df655837..06de9748 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,2 +1,3 @@ venv Dockerfile* +data From 3c7670a70327e164c119bad54b2bfd4970931fa1 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sat, 10 Dec 2022 16:39:18 +0000 Subject: [PATCH 41/53] fix debug messages --- src/Content/ContentManager.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/Content/ContentManager.py b/src/Content/ContentManager.py index d6086e19..350370d0 100644 --- a/src/Content/ContentManager.py +++ b/src/Content/ContentManager.py @@ -85,16 +85,16 @@ class ContentManager(object): new_ts = int(float(new_content.get('modified', 0))) old_ts = int(float(old_content.get('modified', 0))) if new_ts < old_ts: - self.log.debug('got older version of {content_inner_path} ({new_ts} < {old_ts}), ignoring') + self.log.debug(f'got older version of {content_inner_path} ({new_ts} < {old_ts}), ignoring') return [], [] elif new_ts == old_ts: - self.log.debug('got same timestamp version of {content_inner_path} ({new_ts}), ignoring') + self.log.debug(f'got same timestamp version of {content_inner_path} ({new_ts}), ignoring') return [], [] except Exception as err: self.log.warning(f'{content_path} load error: {Debug.formatException(err)}') return [], [] else: - self.log.debug("Content.json not exist: %s" % content_path) + self.log.debug(f'Content.json not exist: {content_path}') return [], [] # Content.json not exist try: From b5380f6b260588416ca897758e073c2a97417d0a Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 11 Dec 2022 17:48:37 +0000 Subject: [PATCH 42/53] Fix /raw readdress fixes #199 --- src/Ui/UiRequest.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/Ui/UiRequest.py b/src/Ui/UiRequest.py index 1b2d5cf3..d30ff4e3 100644 --- a/src/Ui/UiRequest.py +++ b/src/Ui/UiRequest.py @@ -176,7 +176,7 @@ class UiRequest(object): return self.actionConsole() # Wrapper-less static files elif path.startswith("/raw/"): - return self.actionSiteMedia(path.replace("/raw", "/media", 1), header_noscript=True) + return self.actionSiteMedia(path.replace("/raw", "/media", 1), header_noscript=True, raw=True) elif path.startswith("/add/"): return self.actionSiteAdd() @@ -647,7 +647,7 @@ class UiRequest(object): return None # Serve a media for site - def actionSiteMedia(self, path, header_length=True, header_noscript=False): + def actionSiteMedia(self, path, header_length=True, header_noscript=False, raw=False): try: path_parts = self.parsePath(path) except SecurityError as err: @@ -657,7 +657,8 @@ class UiRequest(object): addr = path_parts['address'] path = path_parts['inner_path'] query = self.env['QUERY_STRING'] - return self.actionRedirect(f"/{addr}/{path}?{query}") + raw = "/raw" if raw else "" + return self.actionRedirect(f"{raw}/{addr}/{path}?{query}") if not path_parts: return self.error404(path) From 26d7e17c32d93c92899d9693c22506ef933f0993 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 3 Jan 2023 08:04:13 +0000 Subject: [PATCH 43/53] modularize greeting --- greet.py | 35 +++++++++++++++++++++++++++++++++++ zeronet.py | 39 ++------------------------------------- 2 files changed, 37 insertions(+), 37 deletions(-) create mode 100644 greet.py diff --git a/greet.py b/greet.py new file mode 100644 index 00000000..d918bd6c --- /dev/null +++ b/greet.py @@ -0,0 +1,35 @@ +def grad(n): + s = 0x08 + r = 0xff + g = 0x00 + b = 0x00 + for i in range(n): + if r >= s and b < s: + r -= s + g += s + elif g >= s and r < s: + g -= s + b += s + elif b >= s and g < s: + b -= s + r += s + return f'#{r:02x}{g:02x}{b:02x}' + +def fancy_greet(version): + from rich.console import Console + from rich.text import Text + zc_msg = f''' +||| . . _ _._|_ _. . . _ .__ _.. _. . __.. _ __. . +||| //\|/ |/_| | == / / \|/ |( /_||/ | | __||/ |/ \_| +||| \_/| |\_ |. \__\_/| |_) \_ | \/ |__|| |\__ _/ +||| +||| v{version} +''' + lns = zc_msg.split('\n') + console = Console() + for l in lns: + txt = Text(l) + txt.stylize('bold') + for i in range(len(l)): + txt.stylize(grad(i), i, i+1) + console.print(txt) diff --git a/zeronet.py b/zeronet.py index 9d9cec79..1106c925 100755 --- a/zeronet.py +++ b/zeronet.py @@ -3,49 +3,14 @@ import os import sys from src.Config import config -def grad(n): - s = 0x08 - r = 0xff - g = 0x00 - b = 0x00 - for i in range(n): - if r >= s and b < s: - r -= s - g += s - elif g >= s and r < s: - g -= s - b += s - elif b >= s and g < s: - b -= s - r += s - return f'#{r:02x}{g:02x}{b:02x}' - -def fancy_greet(): - from rich.console import Console - from rich.text import Text - zc_msg = f''' -||| . . _ _._|_ _. . . _ .__ _.. _. . __.. _ __. . -||| //\|/ |/_| | == / / \|/ |( /_||/ | | __||/ |/ \_| -||| \_/| |\_ |. \__\_/| |_) \_ | \/ |__|| |\__ _/ -||| -||| v{config.version} -''' - lns = zc_msg.split('\n') - console = Console() - for l in lns: - txt = Text(l) - txt.stylize('bold') - for i in range(len(l)): - txt.stylize(grad(i), i, i+1) - console.print(txt) - def main(): if sys.version_info.major < 3: print("Error: Python 3.x is required") sys.exit(0) if '--silent' not in sys.argv: - fancy_greet() + from greet import fancy_greet + fancy_greet(config.version) main = None try: From 8706f5f712faef07afa96b69b538ade38ba610d3 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 14 Mar 2023 12:18:42 +0000 Subject: [PATCH 44/53] revert circular import style in Site/SiteManager fixes #203 --- src/Site/SiteManager.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Site/SiteManager.py b/src/Site/SiteManager.py index 5c051a9f..d7ba6e94 100644 --- a/src/Site/SiteManager.py +++ b/src/Site/SiteManager.py @@ -14,7 +14,6 @@ from Config import config from util import helper from util import RateLimit from util import Cached -from .Site import Site from Debug import Debug @PluginManager.acceptPlugins @@ -31,6 +30,7 @@ class SiteManager(object): # Load all sites from data/sites.json @util.Noparallel() def load(self, cleanup=True, startup=False): + from .Site import Site self.log.info("Loading sites... (cleanup: %s, startup: %s)" % (cleanup, startup)) self.loaded = False address_found = [] @@ -169,6 +169,7 @@ class SiteManager(object): return site def add(self, address, all_file=True, settings=None, **kwargs): + from .Site import Site self.sites_changed = int(time.time()) # Try to find site with differect case for recover_address, recover_site in list(self.sites.items()): From 62d1c9d27a2f63b02c8acc71aea10a9e639432f2 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 2 Jul 2023 03:35:34 +0000 Subject: [PATCH 45/53] improve zeronet.py: don't reimport config and fix name clash previously due to zeronet.py and most of the source files living in different import 'namespaces', Config module was imported twice. this if fixed by editing sys.modules --- CHANGELOG.md | 1 + zeronet.py | 9 ++++++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 32e431fb..ce2cb131 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ maintainers: @caryoscelus - better debugging of update non-propagation - sec update of msgpck dependency (@chncaption) - deprecate python-3.6 as it apparently is no longer used (by active users) +- improvement in imports and naming (@caryoscelus) ### zeronet-conservancy 0.7.8.1 (2022-11-28) (0054eca9df0c9c8c2f4a78) maintainers: @caryoscelus diff --git a/zeronet.py b/zeronet.py index 1106c925..6f0e63b9 100755 --- a/zeronet.py +++ b/zeronet.py @@ -3,7 +3,11 @@ import os import sys from src.Config import config -def main(): +# fix further imports from src dir +sys.modules['Config'] = sys.modules['src.Config'] + +def launch(): + '''renamed from main to avoid clashes with main module''' if sys.version_info.major < 3: print("Error: Python 3.x is required") sys.exit(0) @@ -12,7 +16,6 @@ def main(): from greet import fancy_greet fancy_greet(config.version) - main = None try: import main main.start() @@ -131,7 +134,7 @@ def start(): import update update.update() else: - main() + launch() if __name__ == '__main__': From e36f7bb3a5ad74024c0bc539429e59acc88977c8 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 2 Jul 2023 03:37:46 +0000 Subject: [PATCH 46/53] siteSign accepts absolute paths as well as paths relative to working directory - also store working_dir in config so it's possible to use from other actions as well fixes #209 --- CHANGELOG.md | 1 + src/main.py | 13 +++++++++++++ zeronet.py | 1 + 3 files changed, 15 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ce2cb131..86a9aa72 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ maintainers: @caryoscelus - sec update of msgpck dependency (@chncaption) - deprecate python-3.6 as it apparently is no longer used (by active users) - improvement in imports and naming (@caryoscelus) +- siteSign accepts absolute paths as well as paths relative to working directory (@caryoscelus) ### zeronet-conservancy 0.7.8.1 (2022-11-28) (0054eca9df0c9c8c2f4a78) maintainers: @caryoscelus diff --git a/src/main.py b/src/main.py index a5e15070..b4b656db 100644 --- a/src/main.py +++ b/src/main.py @@ -234,6 +234,19 @@ class Actions(object): # Not found in users.json, ask from console import getpass privatekey = getpass.getpass("Private key (input hidden):") + # inner_path can be either relative to site directory or absolute/relative path + if os.path.isabs(inner_path): + full_path = os.path.abspath(inner_path) + else: + full_path = os.path.abspath(config.working_dir + '/' + inner_path) + print(full_path) + if os.path.isfile(full_path): + if address in full_path: + # assuming site address is unique, keep only path after it + inner_path = full_path.split(address+'/')[1] + else: + # oops, file that we found seems to be rogue, so reverting to old behaviour + logging.warning(f'using {inner_path} relative to site directory') try: succ = site.content_manager.sign( inner_path=inner_path, privatekey=privatekey, diff --git a/zeronet.py b/zeronet.py index 6f0e63b9..bb53404f 100755 --- a/zeronet.py +++ b/zeronet.py @@ -123,6 +123,7 @@ def restart(): def start(): + config.working_dir = os.getcwd() app_dir = os.path.dirname(os.path.abspath(__file__)) os.chdir(app_dir) # Change working dir to zeronet.py dir sys.path.insert(0, os.path.join(app_dir, "src/lib")) # External liblary directory From 2cd22720e8883d3e9cb840e92fbba188ae8a5d18 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 2 Jul 2023 03:40:57 +0000 Subject: [PATCH 47/53] properly attribute @imachug in CHANGELOG this was not done initially to avoid spreading the vulnerability information before users updated --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86a9aa72..e380eae1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -100,6 +100,7 @@ maintainers: @caryoscelus ### zeronet-conservancy 0.7.3 (2022-01-21) Rev5000 maintainers: @caryoscelus - forked from the latest py3 branch of ZeroNet +- fixed potential vulnerability discovered by @imachug - onion v3 support (thanks to @anonymoose, @zeroseed and @geekless) - partial readme rewrite (thanks to @mitya57) - disable updating through zite (unsafe) From 053eb8e7d6e83a332cffb5a93a7dd229d431d3c4 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 2 Jul 2023 03:45:59 +0000 Subject: [PATCH 48/53] updated trackers from Syncronite by @Styromaniac --- CHANGELOG.md | 1 + src/Config.py | 87 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index e380eae1..91e45147 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ maintainers: @caryoscelus - deprecate python-3.6 as it apparently is no longer used (by active users) - improvement in imports and naming (@caryoscelus) - siteSign accepts absolute paths as well as paths relative to working directory (@caryoscelus) +- updated trackers from Syncronite by @Styromaniac ### zeronet-conservancy 0.7.8.1 (2022-11-28) (0054eca9df0c9c8c2f4a78) maintainers: @caryoscelus diff --git a/src/Config.py b/src/Config.py index f4f48619..b6824771 100644 --- a/src/Config.py +++ b/src/Config.py @@ -92,6 +92,93 @@ trackers = [ 'udp://vibe.sleepyinternetfun.xyz:1738/announce', 'udp://www.skynetcenter.me:6969/announce', 'udp://www.torrent.eu.org:451/announce', + 'zero://194.5.98.39:15441', + 'zero://145.239.95.38:15441', + 'zero://178.128.34.249:26117', + 'zero://217.18.217.143:39288', + 'zero://83.246.141.203:22207', + 'zero://syncronite.loki:15441', + 'zero://2a05:dfc1:4000:1e00::a:15441', + 'zero://2400:6180:100:d0::8fd:8001:21697', + 'zero://2001:19f0:8001:1d2f:5400:2ff:fe83:5bf7:30530', + 'zero://73pyhfwfwsrhfw76knkjfnw6o3lk53zfo7hlxdmxbj75sjcnol5cioad.onion:15442', + 'zero://fzlzmxuz2bust72cuy5g4w6d62tx624xcjaupf2kp7ffuitbiniy2hqd.onion:15441', + 'zero://rlcjomszyitxpwv7kzopmqgzk3bdpsxeull4c3s6goszkk6h2sotfoad.onion:15441', + 'zero://tqmo2nffqo4qc5jgmz3me5eri3zpgf3v2zciufzmhnvznjve5c3argad.onion:15441', + 'http://107.189.31.134:6969/announce', + 'http://119.28.71.45:8080/announce', + 'http://129.146.193.240:6699/announce', + 'http://159.69.65.157:6969/announce', + 'http://163.172.29.130:80/announce', + 'http://185.130.47.2:6969/announce', + 'http://45.67.35.111:6969/announce', + 'http://61.222.178.254:6969/announce', + 'http://83.31.30.182:6969/announce', + 'http://93.158.213.92:1337/announce', + 'http://95.217.167.10:6969/announce', + 'udp://102.223.180.235:6969/announce', + 'udp://103.122.21.50:6969/announce', + 'udp://104.131.98.232:6969/announce', + 'udp://104.244.77.87:6969/announce', + 'udp://107.189.11.58:6969/announce', + 'udp://107.189.31.134:6969/announce', + 'udp://139.144.68.88:6969/announce', + 'udp://149.28.239.70:6969/announce', + 'udp://15.204.205.14:6969/announce', + 'udp://156.234.201.18:80/announce', + 'udp://158.101.161.60:3131/announce', + 'udp://163.172.29.130:80/announce', + 'udp://167.99.185.219:6969/announce', + 'udp://176.31.250.174:6969/announce', + 'udp://176.56.4.238:6969/announce', + 'udp://178.32.222.98:3391/announce', + 'udp://184.105.151.166:6969/announce', + 'udp://185.102.219.163:6969/announce', + 'udp://185.181.60.155:80/announce', + 'udp://185.217.199.21:6969/announce', + 'udp://185.44.82.25:1337/announce', + 'udp://185.68.21.244:6969/announce', + 'udp://192.3.165.191:6969/announce', + 'udp://192.3.165.198:6969/announce', + 'udp://192.95.46.115:6969/announce', + 'udp://193.176.158.162:6969/announce', + 'udp://193.37.214.12:6969/announce', + 'udp://193.42.111.57:9337/announce', + 'udp://198.100.149.66:6969/announce', + 'udp://20.100.205.229:6969/announce', + 'udp://207.241.226.111:6969/announce', + 'udp://207.241.231.226:6969/announce', + 'udp://209.141.59.16:6969/announce', + 'udp://212.237.53.230:6969/announce', + 'udp://23.153.248.2:6969/announce', + 'udp://23.254.228.89:6969/announce', + 'udp://37.187.111.136:6969/announce', + 'udp://37.27.4.53:6969/announce', + 'udp://38.7.201.142:6969/announce', + 'udp://45.154.253.6:6969/announce', + 'udp://45.63.30.114:6969/announce', + 'udp://45.9.60.30:6969/announce', + 'udp://46.38.238.105:6969/announce', + 'udp://49.12.76.8:8080/announce', + 'udp://5.102.159.190:6969/announce', + 'udp://5.196.89.204:6969/announce', + 'udp://51.15.79.209:6969/announce', + 'udp://51.159.54.68:6666/announce', + 'udp://51.68.174.87:6969/announce', + 'udp://51.81.222.188:6969/announce', + 'udp://52.58.128.163:6969/announce', + 'udp://61.222.178.254:6969/announce', + 'udp://77.73.69.230:6969/announce', + 'udp://83.102.180.21:80/announce', + 'udp://83.31.30.182:6969/announce', + 'udp://85.206.172.159:6969/announce', + 'udp://85.239.33.28:6969/announce', + 'udp://86.57.161.157:6969/announce', + 'udp://91.216.110.52:451/announce', + 'udp://93.158.213.92:1337/announce', + 'udp://94.103.87.87:6969/announce', + 'udp://95.216.74.39:6969/announce', + 'udp://95.31.11.224:6969/announce', ] class Config(object): From f966a4203fe33bd9f35695ee89893f5938f569e0 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Sun, 2 Jul 2023 03:46:37 +0000 Subject: [PATCH 49/53] v0.7.9 no longer officially maintained --- CHANGELOG.md | 7 +++++-- README.md | 8 +++++++- src/Config.py | 4 ++-- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 91e45147..378cb429 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,7 @@ -### zeronet-conservancy 0.7.8.1+ -maintainers: @caryoscelus +### zeronet-conservancy 0.7.9+ + +### zeronet-conservancy 0.7.9 (2023-07-02) +maintainers: @caryoscelus -> none - update README (build/dev instructions; thanks to @fgaz) - better debugging of update non-propagation - sec update of msgpck dependency (@chncaption) @@ -7,6 +9,7 @@ maintainers: @caryoscelus - improvement in imports and naming (@caryoscelus) - siteSign accepts absolute paths as well as paths relative to working directory (@caryoscelus) - updated trackers from Syncronite by @Styromaniac +- no longer officially maintained ### zeronet-conservancy 0.7.8.1 (2022-11-28) (0054eca9df0c9c8c2f4a78) maintainers: @caryoscelus diff --git a/README.md b/README.md index fe0ead3f..3d5a64f2 100644 --- a/README.md +++ b/README.md @@ -10,6 +10,12 @@ zeronet-conservancy is a fork/continuation of [ZeroNet](https://github.com/Hello (that has been abandoned by its creator) that is dedicated to sustaining existing p2p network and developing its values of decentralization and freedom, while gradually switching to a better designed network +## No active maintainer warning + +This fork was created and maintained by @caryoscelus, but due to vanishing interest and in order to avoid having +another one-person project, they stepped down. This means there currently is no active maintainer (you're are +welcome to become one!), however some development might still happen. + ## Why fork? During onion-v3 switch crisis, we needed a fork that worked with onion-v3 and didn't depend on trust to one or @@ -213,7 +219,7 @@ need to know their alternatives. ### Financially support maintainers -Currently the lead developer / maintainer of this fork is @caryoscelus. You can +This fork was created and maintained by @caryoscelus. You can see ways to donate to them on https://caryoscelus.github.io/donate/ (or check sidebar if you're reading this on github for more ways). As our team grows, we will create team accounts on friendly crowdfunding platforms as well. diff --git a/src/Config.py b/src/Config.py index b6824771..f19b9bbe 100644 --- a/src/Config.py +++ b/src/Config.py @@ -184,10 +184,10 @@ trackers = [ class Config(object): def __init__(self, argv): - self.version = "0.7.8.1+" + self.version = "0.7.9" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit - self.rev = 5041 + self.rev = 5100 self.user_agent_rev = 8192 self.argv = argv self.action = None From 8355b82eeff154c1fd5716ea88649605ce9334ef Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 3 Jul 2023 15:19:30 +0000 Subject: [PATCH 50/53] CHANGELOG: re-attribute @purplesyringa's contributions to her new nickname https://github.com/zeronet-conservancy/zeronet-conservancy/commit/2cd22720e8883d3e9cb840e92fbba188ae8a5d18 --- CHANGELOG.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 378cb429..4fc71e22 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -104,7 +104,7 @@ maintainers: @caryoscelus ### zeronet-conservancy 0.7.3 (2022-01-21) Rev5000 maintainers: @caryoscelus - forked from the latest py3 branch of ZeroNet -- fixed potential vulnerability discovered by @imachug +- fixed potential vulnerability discovered by @purplesyringa - onion v3 support (thanks to @anonymoose, @zeroseed and @geekless) - partial readme rewrite (thanks to @mitya57) - disable updating through zite (unsafe) @@ -193,7 +193,7 @@ maintainers: shortcutme a.k.a nofish a.k.a HelloZeroNet a.k.a Tamas Kocsis - Link to site's sidebar with "#ZeroNet:OpenSidebar" hash ### Changed - - Allow .. in file names [Thanks to imachug] + - Allow .. in file names [Thanks to purplesyringa] - Change unstable trackers - More clean errors on sites.json/users.json load error - Various tweaks for tracker rating on unstable connections @@ -204,12 +204,12 @@ maintainers: shortcutme a.k.a nofish a.k.a HelloZeroNet a.k.a Tamas Kocsis ### Fixed - Fix parsing config lines that have no value - - Fix start.py [Thanks to imachug] + - Fix start.py [Thanks to purplesyringa] - Allow multiple values of the same key in the config file [Thanks ssdifnskdjfnsdjk for reporting] - Fix parsing config file lines that has % in the value [Thanks slrslr for reporting] - Fix bootstrapper plugin hash reloads [Thanks geekless for reporting] - Fix CryptMessage plugin OpenSSL dll loading on Windows (ZeroMail errors) [Thanks cxgreat2014 for reporting] - - Fix startup error when using OpenSSL 1.1 [Thanks to imachug] + - Fix startup error when using OpenSSL 1.1 [Thanks to purplesyringa] - Fix a bug that did not loaded merged site data for 5 sec after the merged site got added - Fix typo that allowed to add new plugins in public proxy mode. [Thanks styromaniac for reporting] - Fix loading non-big files with "|all" postfix [Thanks to krzotr] @@ -232,10 +232,10 @@ Note: The fix is also back ported to ZeroNet Py 2.x version (Rev3870) - Generated SSL certificate randomization to avoid protocol filters (Thanks to ValdikSS) - Offline mode - P2P source code update using ZeroNet protocol - - ecdsaSign/Verify commands to CryptMessage plugin (Thanks to imachug) + - ecdsaSign/Verify commands to CryptMessage plugin (Thanks to purplesyringa) - Efficient file rename: change file names instead of re-downloading the file. - Make redirect optional on site cloning (Thanks to Lola) - - EccPrivToPub / EccPubToPriv functions (Thanks to imachug) + - EccPrivToPub / EccPubToPriv functions (Thanks to purplesyringa) - Detect and change dark/light theme based on OS setting (Thanks to filips123) ### Changed @@ -254,7 +254,7 @@ Note: The fix is also back ported to ZeroNet Py 2.x version (Rev3870) - Fix site download as zip file - Fix displaying sites with utf8 title - Error message if dbRebuild fails (Thanks to Lola) - - Fix browser reopen if executing start.py again. (Thanks to imachug) + - Fix browser reopen if executing start.py again. (Thanks to purplesyringa) ### ZeroNet 0.6.5 (2019-02-16) Rev3851 (Last release targeting Python 2.7.x) @@ -343,7 +343,7 @@ Affected versions: All versions before ZeroNet Rev3616 - Detect network level tracker blocking and easy setting meek proxy for tracker connections. - Support downloading 2GB+ sites as .zip (Thx to Radtoo) - Support ZeroNet as a transparent proxy (Thx to JeremyRand) - - Allow fileQuery as CORS command (Thx to imachug) + - Allow fileQuery as CORS command (Thx to purplesyringa) - Windows distribution includes Tor and meek client by default - Download sites as zip link to sidebar - File server port randomization @@ -406,7 +406,7 @@ Affected versions: All versions before ZeroNet Rev3616 ### Added - New plugin: Chart - Collect and display charts about your contribution to ZeroNet network - - Allow list as argument replacement in sql queries. (Thanks to imachug) + - Allow list as argument replacement in sql queries. (Thanks to purplesyringa) - Newsfeed query time statistics (Click on "From XX sites in X.Xs on ZeroHello) - New UiWebsocket API command: As to run commands as other site - Ranged ajax queries for big files @@ -427,7 +427,7 @@ Affected versions: All versions before ZeroNet Rev3616 - Only zoom sidebar globe if mouse button is pressed down ### Fixed - - Open port checking error reporting (Thanks to imachug) + - Open port checking error reporting (Thanks to purplesyringa) - Out-of-range big file requests - Don't output errors happened on gevent greenlets twice - Newsfeed skip sites with no database @@ -507,7 +507,7 @@ Affected versions: All versions before ZeroNet Rev3616 - Opened port checking (Thanks l5h5t7 & saber28 for reporting) - Standalone update.py argument parsing (Thanks Zalex for reporting) - uPnP crash on startup (Thanks Vertux for reporting) - - CoffeeScript 1.12.6 compatibility (Thanks kavamaken & imachug) + - CoffeeScript 1.12.6 compatibility (Thanks kavamaken & purplesyringa) - Multi value argument parsing - Database error when running from directory that contains special characters (Thanks Pupiloho for reporting) - Site lock violation logging From d16c71966b119c3c456e0614e32615eb9fa0f008 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Mon, 3 Jul 2023 21:19:40 +0000 Subject: [PATCH 51/53] fix ReDoS in file editor (UiFileManager plugin) due to outdated codemirror just patched from updated version, ideally codemirror dependency should be included during build stage, but there's no infrastructure for that (yet) --- CHANGELOG.md | 3 ++- plugins/UiFileManager/media/codemirror/all.js | 5 ++++- plugins/UiFileManager/media/codemirror/mode/javascript.js | 5 ++++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4fc71e22..2aa0a146 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ ### zeronet-conservancy 0.7.9+ +- fixed ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus) -### zeronet-conservancy 0.7.9 (2023-07-02) +### zeronet-conservancy 0.7.9 (2023-07-02) (f966a4203fe33bd9f35) maintainers: @caryoscelus -> none - update README (build/dev instructions; thanks to @fgaz) - better debugging of update non-propagation diff --git a/plugins/UiFileManager/media/codemirror/all.js b/plugins/UiFileManager/media/codemirror/all.js index ef2a423a..4b87e42d 100644 --- a/plugins/UiFileManager/media/codemirror/all.js +++ b/plugins/UiFileManager/media/codemirror/all.js @@ -17366,7 +17366,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) { var kw = keywords[word] return ret(kw.type, kw.style, word) } - if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false)) + // backported ReDoS fix from + // https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36 + // https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 + if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false)) return ret("async", "keyword", word) } return ret("variable", "variable", word) diff --git a/plugins/UiFileManager/media/codemirror/mode/javascript.js b/plugins/UiFileManager/media/codemirror/mode/javascript.js index 9c751d23..ba590d18 100644 --- a/plugins/UiFileManager/media/codemirror/mode/javascript.js +++ b/plugins/UiFileManager/media/codemirror/mode/javascript.js @@ -126,7 +126,10 @@ CodeMirror.defineMode("javascript", function(config, parserConfig) { var kw = keywords[word] return ret(kw.type, kw.style, word) } - if (word == "async" && stream.match(/^(\s|\/\*.*?\*\/)*[\[\(\w]/, false)) + // backported ReDoS fix from + // https://github.com/codemirror/codemirror5/blob/a0854c752a76e4ba9512a9beedb9076f36e4f8f9/mode/javascript/javascript.js#L130C36-L130C36 + // https://security.snyk.io/vuln/SNYK-JS-CODEMIRROR-1016937 + if (word == "async" && stream.match(/^(\s|\/\*([^*]|\*(?!\/))*?\*\/)*[\[\(\w]/, false)) return ret("async", "keyword", word) } return ret("variable", "variable", word) From 1f19ab604e54563a20330b66933205cd87e44915 Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Wed, 5 Jul 2023 15:03:44 +0000 Subject: [PATCH 52/53] update merkletools dep --- CHANGELOG.md | 3 ++- requirements.txt | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2aa0a146..9186fbb5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ ### zeronet-conservancy 0.7.9+ -- fixed ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus) +- update merkletools dependency to avoid legacy pysha3 (@caryoscelus) +- fix ReDoS in file editor (UiFileManager plugin) due to outdated codemirror (@caryoscelus) ### zeronet-conservancy 0.7.9 (2023-07-02) (f966a4203fe33bd9f35) maintainers: @caryoscelus -> none diff --git a/requirements.txt b/requirements.txt index 4444b3f4..4298ed61 100644 --- a/requirements.txt +++ b/requirements.txt @@ -2,7 +2,8 @@ setuptools>=65.5.1 # not directly required, pinned by Snyk to avoid a vulnerabil gevent>=20.9.0 msgpack>=0.6.0 base58 -merkletools +# for some reason nobody released fresh merkletools that don't require on outdated pysha3 +git+https://github.com/Tierion/pymerkletools.git@f10d71e2cd529a833728e836dc301f9af502d0b0 rsa PySocks>=1.6.8 pyasn1 From 8b7d7d5f7c425ad1415b45a172919f172c18c10a Mon Sep 17 00:00:00 2001 From: caryoscelus Date: Tue, 18 Jul 2023 19:40:45 +0000 Subject: [PATCH 53/53] bump version --- src/Config.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Config.py b/src/Config.py index f19b9bbe..9f5de779 100644 --- a/src/Config.py +++ b/src/Config.py @@ -184,10 +184,10 @@ trackers = [ class Config(object): def __init__(self, argv): - self.version = "0.7.9" + self.version = "0.7.9+" self.user_agent = "conservancy" # DEPRECATED ; replace with git-generated commit - self.rev = 5100 + self.rev = 5110 self.user_agent_rev = 8192 self.argv = argv self.action = None