Commit Graph

1792 Commits

Author SHA1 Message Date
2f7a386aaf
HTML parser updates
HTML parser wasn't correctly handling img tags.
Now it also by defaults disabled external schemas to prevent
deanonymisation (even though the renderer actually doesn't support
external schemas at the moment)

Addresses #178
2016-02-25 17:14:24 +08:00
2f9501fa1a
Do not allow port 0
Attackers injected node addresses with port 0 into the network. Port 0
is unusable on many OSes and can't be listened on. PyBitmessage won't
accept nodes that have port 0 anymore.
2016-02-20 11:14:42 +01:00
0dae345ce5
Constant time decryption
Always try to decrypt with all keys.
2016-02-18 16:01:30 +01:00
0e59102f11
Sleep on invalid getdata
- postpone initial sleep until the first getdata is received
- also sleep when received a getdata request for an object that hasn't
been advertised to the other node yet
2016-02-18 00:53:42 +01:00
f99d499d85
Process gateway registration rejections
A message from gateway registration addres regarding registration
rejection is processed and a dialog displayed to get a new email
address.

Fixes #14
2016-02-15 08:20:12 +01:00
5029386000
Email gateway updates
- settings option available
- reduce max TTL to 2 days
2016-02-14 21:38:15 +01:00
3b22f0ff0c
Email gateway account status query
- addresses #14
2016-02-14 20:13:36 +01:00
a0d43eb982
Search improvements
- selecting a new folder will apply search
- newly arrived message will consider search
- fixes #166
2016-02-14 19:56:52 +01:00
9fc8a1106d
Better error reporting for log config
Fixes #174
2016-02-13 22:16:44 +01:00
cd20ac985a
Sent message status on ACK
Fixes #176
2016-02-13 19:34:23 +01:00
51b043684d
Mitigate active internal intersection attack
There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.

This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.

This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
2016-02-13 12:55:15 +01:00
84f2202745
Don't send ACK on subscribed chans
If somehow you manage to send a message that includes an ACK part into a
chan, the subscribers would send the ACK back. This shouldn't happen.
2016-02-13 00:30:51 +01:00
d2b9c16d5f
blacklist rendering edit fix
Editing of blacklist labels affected the rerendering, because it emits
the changed signal too, and it caused an exception because the address
field was missing at that time. This works around both.
2016-02-13 00:09:52 +01:00
2f6c36cab2
Don't send unnecessary ACKs
In some situations, it's not necessary to send an ACK. For example, when
the sender is blacklisted, when the message has no content, or when the
address has ACK sending disabled.

Also it's not necessary to rebroadcast empty messages into a mailing
list.
2016-02-12 23:36:00 +01:00
mirrorwish
0db41adfd7
Save changes to blacklist labels
Fixes mailchuck/PyBitmessage#175

Signed-off-by: Peter Surda <surda@economicsofbitcoin.com>
2016-02-12 22:20:32 +01:00
mailchuck
1690597b0b
Unused variable 2016-01-26 13:02:39 +01:00
mailchuck
a04f0c15e8
Cleanup lockfile on exit
singleton.py design was broken.
Fixed Bitmessage#775
2016-01-26 13:01:40 +01:00
mailchuck
12b71d53bb
private IP range checks
When advertising nodes and when establishing connections, private IP
range checks were not done. This could cause private IPs to be
advertised across the network. Also, some of the checks weren't
IPv6-aware.
Fixes Bitmessage#768
2016-01-26 12:04:12 +01:00
mailchuck
42833f35e5
Thread names for IPv6
Thread names for IPv6 contained ":". This caused problems in log
parsers.
2016-01-26 11:54:21 +01:00
mailchuck
6861dbb147
Newly arrives messages sorting
There could be cases where newly arrives message is not added correctly.
It won't necessarily go to the top, that depends on the sort.
2016-01-25 23:52:46 +01:00
mailchuck
ce31dacd95
Version bump for 0.5.7 2016-01-24 22:40:21 +01:00
mailchuck
58dc091536
Unread count refresh on change 2016-01-24 21:27:19 +01:00
mailchuck
573ef9211f
Typo 2016-01-24 18:50:42 +01:00
mailchuck
6503782958
Test cleanup
Safer this way
2016-01-24 18:25:35 +01:00
mailchuck
fa73cfd53e
Popup menu on folders
There are no functions associated with it but sometimes it popped up so
disable it.
2016-01-24 18:25:12 +01:00
mailchuck
6bc57f9e80
updateText was deleted so no need to call it 2016-01-24 18:23:40 +01:00
mailchuck
40fcc285be
Tree rerendering cleanup
Fixes #76
2016-01-24 18:21:27 +01:00
mailchuck
276d603777
Unread count cleanup
Addresses #128
2016-01-24 12:16:55 +01:00
mailchuck
cb28fa1b6a
BlackWhitelist rerendering
It used to show entries with no address.
Fixes #170
2016-01-24 10:55:15 +01:00
mailchuck
c5eb7f5d5e
Disabling subscriptions should rerender addressbook
Addresses #76
2016-01-24 01:16:07 +01:00
mailchuck
67d09006fb
Addressbook / Tree / Messagelist rendering
Some changes that didn't propagate correctly before now do.
Addresses #76
2016-01-23 22:18:13 +01:00
mailchuck
65127f1d8f
TreeWidget and Addressbook editing propagation
If you change, add or remove an item in a treewidget or addressbook,
messagelists will now autoupdate labels, and sender comboboxes will also
update if applicable.
Fixes #69
2016-01-23 20:24:57 +01:00
mailchuck
31b3bca252
Scroll/zoom in message composing widget
Fixes #169
2016-01-23 12:22:06 +01:00
mailchuck
18e40b3772
Messagelist subscription color
Fixes Bitmessage#842
2016-01-23 10:14:14 +01:00
mailchuck
28d9c4171f
Quoting fixes
Message compose sometimes misinterpreted quoted message as HTML, causing
rendering screwups. Since we don't support HTML composing, we will treat
all quoted messages as plain text.
2016-01-23 09:56:22 +01:00
mailchuck
550de529fc
Zooming info percent based an single step
Zooming in message body view / compose works in single steps
irrespective of wheel sensitivity, and info about zoom level is
displayed in percent rather than font pixel size.
2016-01-23 09:55:24 +01:00
mailchuck
82f7577671
Message body display handling of spaces
After the changes in the message body renderer, spaces were not
correctly handled. Fixes #168
2016-01-23 09:53:31 +01:00
mailchuck
a0c09b6bb2
Sent folder new message selection fix
Fixes Bitmessage#838
2016-01-22 20:21:14 +01:00
mailchuck
d7a52893ea
Message editor updates
- Does not allow changing fonts (it's ignored once it's sent anyway),
fixes #167
- Allows zooming, fixes #163
2016-01-22 19:17:00 +01:00
mailchuck
00e90bd38f
singleWorker shutdown fix
if singleWorker crashed, the thread couldn't be joined. This both makes
it so that it doesn't crash, as well as reorders the shutdown sequence
so that it is less likely to be triggered.
Fixes Bitmessage#549
2016-01-22 14:47:44 +01:00
mailchuck
d925ab61b3
objectProcessorQueue fixes
- it didn't shutdown correctly
- it didn't handle exception correctly (however, if I understand
correctly, this will never be triggered if using blocking get, so it
doesn't affect PyBitmessage)
- flushing size check changed from 1 to 0 (I don't know why it was 1)
2016-01-22 14:13:12 +01:00
fe0106bdce
Object processor queue class
Previous commit didn't include the class. This class takes care of queue
size monitoring so that the system doesn't run out of memory.
2016-01-22 13:49:28 +01:00
e781420f4d
Flood mitigation optimisation
Flood mitigation was done both in the ObjectProcessorQueue as well as
receiveData threads. This patch removes the mitigation in receiveData
threads and cleans up the one in the ObjectProcessorQueue
2016-01-22 11:17:10 +01:00
mailchuck
5c4cafbcc7
Typo 2016-01-21 18:13:15 +01:00
mailchuck
aa740a9d49
Typo 2016-01-21 18:03:25 +01:00
mailchuck
ebfe20dc66
OpenSSL version for support contact form 2016-01-21 17:57:10 +01:00
mailchuck
e7d2ea5e8a
Improve OpenSSL library finder 2016-01-21 17:56:21 +01:00
mailchuck
d486b251a5
DLL path fix in frozen mode
Addresses #152
2016-01-20 22:31:33 +01:00
mailchuck
313ede4487
Don't test for Qt in daemon mode
Initialisation of the daemon variable was missing at launch.

Fixes #161
2016-01-17 14:26:27 +01:00
itsexe
07bc673329
fixed some spelling errors 2016-01-13 18:59:25 +01:00