Commit Graph

2731 Commits

Author SHA1 Message Date
b202ac6fab Do not allow port 0
Attackers injected node addresses with port 0 into the network. Port 0
is unusable on many OSes and can't be listened on. PyBitmessage won't
accept nodes that have port 0 anymore.
2016-05-02 15:00:24 +02:00
9239813ebb Constant time decryption
Always try to decrypt with all keys.
2016-05-02 15:00:24 +02:00
4c2ce7208c Sleep on invalid getdata
- postpone initial sleep until the first getdata is received
- also sleep when received a getdata request for an object that hasn't
been advertised to the other node yet
2016-05-02 15:00:24 +02:00
1a92db54c9 Process gateway registration rejections
A message from gateway registration addres regarding registration
rejection is processed and a dialog displayed to get a new email
address.

Fixes #14
2016-05-02 15:00:24 +02:00
6b8f255a60 Email gateway updates
- settings option available
- reduce max TTL to 2 days
2016-05-02 15:00:24 +02:00
2b6bffc7ff Email gateway account status query
- addresses #14
2016-05-02 15:00:24 +02:00
db84d699db Search improvements
- selecting a new folder will apply search
- newly arrived message will consider search
- fixes #166
2016-05-02 15:00:24 +02:00
218bdf38e1 Better error reporting for log config
Fixes #174
2016-05-02 15:00:24 +02:00
ab974abce0 Sent message status on ACK
Fixes #176
2016-05-02 15:00:24 +02:00
8f5d305242 Mitigate active internal intersection attack
There was a report that by quickly asking a large number of nodes if
they have an ACK object (which the attacker knows but it is injected
into the network by the recipient of the message), it can estimate how
an object propagates through the network, and eventually pinpoint an
originating IP address of the injection, i.e. the IP address of the
message recipient.

This patch mitigates against it by stalling when asked for a nonexisting
object (so that the attacker can't spam requests), and also upon
connection before sending its own inventory list (so that reconnecting
won't help the attacker). It estimates how long a short message takes to
propagate through the network based on how many nodes are in a stream
and bases the stalling time on that. Currently that is about 15 seconds.
Initial connection delay takes into account the time that already passed
since the connection was established.

This basically gives the attacker one shot per a combination of his own
nodes and the nodes he can connect to, and thus makes the attack much
more difficult to succeed.
2016-05-02 15:00:24 +02:00
f43e01ed0e Don't send ACK on subscribed chans
If somehow you manage to send a message that includes an ACK part into a
chan, the subscribers would send the ACK back. This shouldn't happen.
2016-05-02 15:00:23 +02:00
40f0ff381e blacklist rendering edit fix
Editing of blacklist labels affected the rerendering, because it emits
the changed signal too, and it caused an exception because the address
field was missing at that time. This works around both.
2016-05-02 15:00:23 +02:00
0bd89103a7 Don't send unnecessary ACKs
In some situations, it's not necessary to send an ACK. For example, when
the sender is blacklisted, when the message has no content, or when the
address has ACK sending disabled.

Also it's not necessary to rebroadcast empty messages into a mailing
list.
2016-05-02 15:00:23 +02:00
mirrorwish
80c174e417 Save changes to blacklist labels
Fixes mailchuck/PyBitmessage#175

Signed-off-by: Peter Surda <surda@economicsofbitcoin.com>
2016-05-02 15:00:23 +02:00
mailchuck
bcae62938a Unused variable 2016-05-02 15:00:23 +02:00
mailchuck
24a2deed8f Cleanup lockfile on exit
singleton.py design was broken.
Fixed Bitmessage#775
2016-05-02 15:00:23 +02:00
mailchuck
4f26bf1059 private IP range checks
When advertising nodes and when establishing connections, private IP
range checks were not done. This could cause private IPs to be
advertised across the network. Also, some of the checks weren't
IPv6-aware.
Fixes Bitmessage#768
2016-05-02 15:00:23 +02:00
mailchuck
47f1c0c267 Thread names for IPv6
Thread names for IPv6 contained ":". This caused problems in log
parsers.
2016-05-02 15:00:23 +02:00
mailchuck
89752faceb Newly arrives messages sorting
There could be cases where newly arrives message is not added correctly.
It won't necessarily go to the top, that depends on the sort.
2016-05-02 15:00:23 +02:00
mailchuck
3bde549e5c Version bump for 0.5.7 2016-05-02 15:00:23 +02:00
mailchuck
185d212cb2 Unread count refresh on change 2016-05-02 15:00:23 +02:00
mailchuck
8f1e753cf0 Typo 2016-05-02 15:00:23 +02:00
mailchuck
140b3ddbb8 Test cleanup
Safer this way
2016-05-02 15:00:23 +02:00
mailchuck
66e1a26b33 Popup menu on folders
There are no functions associated with it but sometimes it popped up so
disable it.
2016-05-02 15:00:23 +02:00
mailchuck
7c99899248 updateText was deleted so no need to call it 2016-05-02 15:00:23 +02:00
mailchuck
2dc230db90 Tree rerendering cleanup
Fixes #76
2016-05-02 15:00:23 +02:00
mailchuck
1cc4fac7f4 Unread count cleanup
Addresses #128
2016-05-02 15:00:23 +02:00
mailchuck
f5187e16a0 BlackWhitelist rerendering
It used to show entries with no address.
Fixes #170
2016-05-02 15:00:23 +02:00
mailchuck
aae5b713b1 Disabling subscriptions should rerender addressbook
Addresses #76
2016-05-02 15:00:23 +02:00
mailchuck
4e4da254fa Addressbook / Tree / Messagelist rendering
Some changes that didn't propagate correctly before now do.
Addresses #76
2016-05-02 15:00:23 +02:00
mailchuck
f159133f14 TreeWidget and Addressbook editing propagation
If you change, add or remove an item in a treewidget or addressbook,
messagelists will now autoupdate labels, and sender comboboxes will also
update if applicable.
Fixes #69
2016-05-02 15:00:23 +02:00
mailchuck
e6c379cca6 Scroll/zoom in message composing widget
Fixes #169
2016-05-02 15:00:23 +02:00
mailchuck
a4c48228fc Messagelist subscription color
Fixes Bitmessage#842
2016-05-02 15:00:23 +02:00
mailchuck
484bdb0782 Quoting fixes
Message compose sometimes misinterpreted quoted message as HTML, causing
rendering screwups. Since we don't support HTML composing, we will treat
all quoted messages as plain text.
2016-05-02 15:00:23 +02:00
mailchuck
2597ac63f6 Zooming info percent based an single step
Zooming in message body view / compose works in single steps
irrespective of wheel sensitivity, and info about zoom level is
displayed in percent rather than font pixel size.
2016-05-02 15:00:23 +02:00
mailchuck
d36d6f300e Message body display handling of spaces
After the changes in the message body renderer, spaces were not
correctly handled. Fixes #168
2016-05-02 15:00:23 +02:00
mailchuck
056512a715 Sent folder new message selection fix
Fixes Bitmessage#838
2016-05-02 15:00:23 +02:00
mailchuck
9353e8eff7 Message editor updates
- Does not allow changing fonts (it's ignored once it's sent anyway),
fixes #167
- Allows zooming, fixes #163
2016-05-02 15:00:23 +02:00
mailchuck
32b0d24be2 singleWorker shutdown fix
if singleWorker crashed, the thread couldn't be joined. This both makes
it so that it doesn't crash, as well as reorders the shutdown sequence
so that it is less likely to be triggered.
Fixes Bitmessage#549
2016-05-02 15:00:23 +02:00
mailchuck
ec4a16b388 objectProcessorQueue fixes
- it didn't shutdown correctly
- it didn't handle exception correctly (however, if I understand
correctly, this will never be triggered if using blocking get, so it
doesn't affect PyBitmessage)
- flushing size check changed from 1 to 0 (I don't know why it was 1)
2016-05-02 15:00:23 +02:00
47f0df6c0b Object processor queue class
Previous commit didn't include the class. This class takes care of queue
size monitoring so that the system doesn't run out of memory.
2016-05-02 15:00:23 +02:00
e4f31d25fc Flood mitigation optimisation
Flood mitigation was done both in the ObjectProcessorQueue as well as
receiveData threads. This patch removes the mitigation in receiveData
threads and cleans up the one in the ObjectProcessorQueue
2016-05-02 15:00:23 +02:00
mailchuck
2043d796dd Typo 2016-05-02 15:00:23 +02:00
mailchuck
a0da175d45 Typo 2016-05-02 15:00:23 +02:00
mailchuck
c137e334d2 OpenSSL version for support contact form 2016-05-02 15:00:23 +02:00
mailchuck
dc34c00f38 Improve OpenSSL library finder 2016-05-02 15:00:23 +02:00
mailchuck
b7e24fab4a DLL path fix in frozen mode
Addresses #152
2016-05-02 15:00:23 +02:00
mailchuck
6a965cd31a Don't test for Qt in daemon mode
Initialisation of the daemon variable was missing at launch.

Fixes #161
2016-05-02 15:00:23 +02:00
itsexe
72f9e29931 fixed some spelling errors 2016-05-02 15:00:23 +02:00
mailchuck
98fab9c568 Message body focus on reply
Fixes #156
2016-05-02 15:00:23 +02:00