- when running a hidden service, the IP of the tor relay was a part of
the verack message. In setups where it's not 127.0.0.1 it may leak
info about network topology
- thanks for an anonymous bug report
- will send the correct combination of hostname and port
- if proxyhostname is a hostname and an IP address, it will now allow
multiple parallel connections for hidden service
- PyBitmessage can now run as a hidden service on Tor
- three new variables in keys.dat: onionhostname, onionport, onionbindip
- you need to manually add a hidden service to tor
- bitmsghash should now build and run on BSD (thanks for
FreeBSD/Dragonfly maintainers for assistance)
- if it cannot detect the number of cores, will default to one thread
(previously it broke)
Two file merge conflicts, __init__.py and upnp.py, were not resolved
correctly by the automatic resolving (probably because the affected code
was written by other people and I merged them into mailchuck fork). This
changes it to the same code that is in the mailchuck fork)
On Windows, the encoding was always the default windows encoding and
didn't change when you use a language in BM that required a different
encoding. This affected mainly date & time in the received column and
the startup info on the network status tab.
The plural/paucal form support was not compatible with pylupdate4, it
didn't correctly parse the 3-argument calls to translate.
This fixes it, and updates the sources accordingly.
Some parts of strings did not use the proper locale. For example, date
and time strings was always output with the US locale. This fixes it.
There are still some cases where localisation is not implemented, and
could be changed from str(string) to locale.str(string).
- it shows that it needs to wait for PoW to finish
- it waits a bit for new objects to be distributed
- it displays a better progress indicator in the status bar
Previously, people who don't understand how PyBitmessage works sometimes
shut it down immediately after they wrote a message. This would have
caused the message to be stuck in the queue locally and not sent. Now,
it will indicate that the PoW still needs to work, and it will wait a
bit longer so that the message can spread. It's not a completely correct
approach, because it does not know whether the message was really
retrieved after the "inv" notification was sent.
Now only in status bar and no more popup window.
Previously, it only showed once until a restart, but now it shows every
time it detects a new version online. Since it does not show a popup
window it's not a big deal.
The language combo box is generated dynamically from the list of
available translations in the translations directory. This allows the
users to add their own translations without having to change the code.
Added a RetranslateMixin. Since PyQT does not support automated language
changes of UI files (like the C++ QT does), this implements something
similar. It assumes that the UI file has the same name as the class, but
lowercase.
Added RetraslateMixin to the new blacklist and networkstatus interfaces.
- UPnP handles errors better
- it tries to bind external interface (previously sometimes it searched
on 127.0.0.1 resulting in no routers being detected)
The quick navigation key disrupted keybindings with keyboard modifiers,
like Ctrl-C for copy. This restricts the quick navigation only where no
keyboard modifiers are active.
Fixes#184
- delete key now works when message body is focused as well
- N for next message (down)
- P for previous message (up)
- R for reply
- C for compose
- F for find
- Find is now dynamic if the search text is least 3 characters long
Fixes Bitmessage#655
Addresses #155
Rows are deleted from a message list in multiple places, and this is an
attempt to refactor it so that it is done in one function. It's not used
anywhere yet.
MessageView does not currently load external resources (QTextBrowser by
default interprets all external resources as local file names and tries
to load them like that. This can, in the future, be implemented. For
example, if SOCKS (Tor) is used, the resource could be loaded through
the SOCKS too.
This commit is a skeleton for it that does not actually do anything and
can be filled with an implementation that does the loading.
Email addresses and URIs are now clickable when viewing a message in
plain text mode. Clicking an email address moves to the Send tab, while
clicking an URI has the same result as clicking an URI in html mode, it
will ask for confirmation before opening it in external handler.
HTML parser wasn't correctly handling img tags.
Now it also by defaults disabled external schemas to prevent
deanonymisation (even though the renderer actually doesn't support
external schemas at the moment)
Addresses #178
Attackers injected node addresses with port 0 into the network. Port 0
is unusable on many OSes and can't be listened on. PyBitmessage won't
accept nodes that have port 0 anymore.
- postpone initial sleep until the first getdata is received
- also sleep when received a getdata request for an object that hasn't
been advertised to the other node yet
There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.
This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.
This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
Editing of blacklist labels affected the rerendering, because it emits
the changed signal too, and it caused an exception because the address
field was missing at that time. This works around both.
In some situations, it's not necessary to send an ACK. For example, when
the sender is blacklisted, when the message has no content, or when the
address has ACK sending disabled.
Also it's not necessary to rebroadcast empty messages into a mailing
list.
When advertising nodes and when establishing connections, private IP
range checks were not done. This could cause private IPs to be
advertised across the network. Also, some of the checks weren't
IPv6-aware.
Fixes Bitmessage#768
If you change, add or remove an item in a treewidget or addressbook,
messagelists will now autoupdate labels, and sender comboboxes will also
update if applicable.
Fixes#69
Message compose sometimes misinterpreted quoted message as HTML, causing
rendering screwups. Since we don't support HTML composing, we will treat
all quoted messages as plain text.
Zooming in message body view / compose works in single steps
irrespective of wheel sensitivity, and info about zoom level is
displayed in percent rather than font pixel size.
if singleWorker crashed, the thread couldn't be joined. This both makes
it so that it doesn't crash, as well as reorders the shutdown sequence
so that it is less likely to be triggered.
Fixes Bitmessage#549