diff --git a/README.md b/README.md index 4277f9b5..37131d1d 100644 --- a/README.md +++ b/README.md @@ -89,6 +89,7 @@ built in Norway ๐Ÿ‡ณ๐Ÿ‡ด with contributions from [not-norway](https://github.com * [other flags](#other-flags) * [descript.ion](#description) - add a description to each file in a folder * [dothidden](#dothidden) - cosmetically hide specific files in a folder + * [thumbnail pregen](#thumbnail-pregen) - if you want to pre-generate everything on startup * [database location](#database-location) - in-volume (`.hist/up2k.db`, default) or somewhere else * [metadata from audio files](#metadata-from-audio-files) - set `-e2t` to index tags on upload * [metadata from xattrs](#metadata-from-xattrs) - unix extended file attributes diff --git a/copyparty/__version__.py b/copyparty/__version__.py index a7229506..9d2458c4 100644 --- a/copyparty/__version__.py +++ b/copyparty/__version__.py @@ -1,8 +1,8 @@ # coding: utf-8 -VERSION = (1, 20, 13) +VERSION = (1, 20, 14) CODENAME = "sftp is fine too" -BUILD_DT = (2026, 3, 23) +BUILD_DT = (2026, 4, 24) S_VERSION = ".".join(map(str, VERSION)) S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT) diff --git a/copyparty/up2k.py b/copyparty/up2k.py index 35c3ae29..6245085a 100644 --- a/copyparty/up2k.py +++ b/copyparty/up2k.py @@ -5714,7 +5714,7 @@ def up2k_hashlist_from_file(path: str) -> tuple[list[str], os.stat_result]: fsz = st.st_size csz = up2k_chunksize(fsz) ret = [] - with open(fsenc(path), "rb", 256*1024) as f: + with open(fsenc(path), "rb", 256 * 1024) as f: while fsz > 0: hashobj = hashlib.sha512() rem = min(csz, fsz) diff --git a/copyparty/util.py b/copyparty/util.py index c4eb0766..1f7b9cec 100644 --- a/copyparty/util.py +++ b/copyparty/util.py @@ -62,7 +62,7 @@ def noop(*a, **ka): pass -def lprint(*a: Any, **ka: Any) -> None: +def lprint(*a: "Any", **ka: "Any") -> None: eol = ka.pop("end", "\n") txt = " ".join(unicode(x) for x in a) + eol lprinted.append(txt) @@ -73,7 +73,7 @@ def lprint(*a: Any, **ka: Any) -> None: lprinted: list[str] = [] -LOG: list[Callable[[Any], None]] = [lprint] +LOG: list["Callable[..., None]"] = [lprint] try: diff --git a/docs/changelog.md b/docs/changelog.md index df426d4e..e7427dde 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,74 @@ +โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€ +# 2026-0323-0328 `v1.20.13` dothidden + +## ๐Ÿงช new features + +* #1351 add [.hidden](https://github.com/9001/copyparty/#dothidden) support (thx @NecRaul!) beb634dc 134e378e + * cosmetic filter to exclude specific files from directory listings by adding their filenames to a textfile named `.hidden` similar to many linux desktop file managers + * the files are still easily available from various APIs; this is **not** a security feature, just a way to keep things neat and tidy +* #1381 thumbnail pregeneration 7d6b037d + * usually/generally not a good idea; [readme explains it](https://github.com/9001/copyparty/#thumbnail-pregen) +* shares: now possible to grant the `.` permission to see dotfiles 66f9c950 + +## ๐Ÿฉน bugfixes + +* #1372 #1333 no thumbnails if the server OS was too old to have JXL support and the webbrowser was asking for JXL 1afe48b8 +* #1363 new-version alert would only appear if the visitor had the Admin permission in the webroot specifically; now `A` in any volume is sufficient 6eb4f0ad +* 66f1ef63 should have blocked mkdir too and now it does (thx @restriction!) ac60a1da +* setting the `nohtml` or `noscript` volflags on the webroot would break the web-UI eb028c92 +* shares: the [-ed](https://copyparty.eu/cli/#g-ed) global-option did not make dotfiles visible in shares 66f9c950 + * the `dots` volflag still doesn't, but that one is intentional + +## ๐Ÿ”ง other changes + +* tried to stop libvips from gobbling up ram while creating jxl thumbnails; didn't really work abdbd69a + * jxl support in libvips is now default-disabled unless the libc is musl and the allocator is mallocng, which means alpine linux + * in other words, libvips is still fully enabled in the `iv` and `dj` docker images if you do not enable mimalloc + * all other deployments will now have slightly slower jxl thumbnail generation by using ffmpeg instead (it's fine really) + * new global-option [--th-vips-jxl](https://copyparty.eu/cli/#g-th-vips-jxl) lets you force-enable it if you dare +* volflags `nohtml` and `noscript` now available as global-options `--no-html` and `--no-script` 5f3b76c8 + * and the `-ss` paranoia option now also enables `--no-html --no-readme --no-logues` +* [--flo 2](https://copyparty.eu/cli/#g-flo) now removes colors from logfiles even if [-q](https://copyparty.eu/cli/#g-q) is not set 8c6d8a3c +* update dompurify to 3.3.3 6a9e6da8 +* docs: + * #1360 versus.md: more readable headers (thx @eugenesvk!) e71e1900 + * #1367 mention [--shr-who](https://copyparty.eu/cli/#g-shr-who) in the readme (thx @TWhiteShadow!) 4688410f + +## ๐ŸŒ  fun facts + +* it is easter soon edc20175 + + + +โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€ +# 2026-0311-0042 `v1.20.12` fix shares in ftp/sftp + +## โš ๏ธ ATTN: this release fixes an ftp/sftp issue with shares + +* [GHSA-67rw-2x62-mqqm](https://github.com/9001/copyparty/security/advisories/GHSA-67rw-2x62-mqqm): when a share is created for just one or more files inside a folder, it was possible to use FTP or SFTP to access the other files inside that folder by guessing the filenames + * so ignore this issue if you did not enable [ftp](https://copyparty.eu/cli/#g-ftp) or [sftp](https://copyparty.eu/cli/#g-sftp) in the server config +* it was not possible to descend into subdirectories in this manner; only the sibling files were accessible +* NOTE: this does NOT affect filekeys; this is specifically regarding the [shr](https://copyparty.eu/cli/#g-shr) global-option +* password-protected shares were not affected through SFTP, only FTP + +this release also fixes [GHSA-rcp6-88mm-9vgf](https://github.com/9001/copyparty/security/advisories/GHSA-rcp6-88mm-9vgf) but that one is nothing to worry about + +## ๐Ÿงช new features + +* features? in this econonmy?? ain't nobody got time for that + +## ๐Ÿฉน bugfixes + +* 66f1ef63547a8c5f45dc2472801d2a973ff997cc [GHSA-67rw-2x62-mqqm](https://github.com/9001/copyparty/security/advisories/GHSA-67rw-2x62-mqqm) (shares) +* 9f9d30f42c89d1d5fc79ae745f136a9d5f857192 [GHSA-rcp6-88mm-9vgf](https://github.com/9001/copyparty/security/advisories/GHSA-rcp6-88mm-9vgf) (the other thing) + +## ๐ŸŒ  fun facts + +* the [first cve](https://github.com/9001/copyparty/security/advisories/GHSA-pxfv-7rr3-2qjg) is still by far the worst, none of the others even close... so at least that's nice + * if you saw the cve notification and got all worked up, here's some [comfy music to relax and upgrade copyparty to](https://www.youtube.com/watch?v=A4zlH2mzMHw&list=PLRKwPvvniAjauumQljdrWAImRQGF3mCRU&index=1) + + + โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€โ–€ # 2026-0308-2106 `v1.20.11` what? nohtml is evolving! diff --git a/docs/notes.sh b/docs/notes.sh index cfb5bbf1..43383109 100644 --- a/docs/notes.sh +++ b/docs/notes.sh @@ -264,6 +264,7 @@ sz=3321225472; csz=16777216; sz=4394967296; csz=25165824; sz=6509559808; csz=33554432; sz=138438953472; csz=50331648; +sz=85932900352; csz=$((1024*1024*4)); # flippy bd f=csz-$csz; truncate -s $sz $f; sz=$((sz/16)); step=$((csz/16)); ofs=0; while [ $ofs -lt $sz ]; do dd if=/dev/urandom of=$f bs=16 count=2 seek=$ofs conv=notrunc iflag=fullblock; [ $ofs = 0 ] && ofs=$((ofs+step-1)) || ofs=$((ofs+step)); done # py2 on osx diff --git a/scripts/deps-docker/Dockerfile b/scripts/deps-docker/Dockerfile index cc6f5fa3..9f236e88 100644 --- a/scripts/deps-docker/Dockerfile +++ b/scripts/deps-docker/Dockerfile @@ -2,7 +2,7 @@ FROM alpine:3.23 WORKDIR /z ENV ver_hashwasm=4.12.0 \ ver_marked=4.3.0 \ - ver_dompf=3.4.0 \ + ver_dompf=3.4.1 \ ver_mde=2.18.0 \ ver_codemirror=5.65.18 \ ver_fontawesome=5.13.0 \ diff --git a/scripts/docker/base/verchk.sh b/scripts/docker/base/verchk.sh index fda3cfe0..ab05830e 100755 --- a/scripts/docker/base/verchk.sh +++ b/scripts/docker/base/verchk.sh @@ -21,6 +21,6 @@ echo zlib=$zlib ff=$ff [ "$1" ] && exit -[ $zlib ] && { make zlib; cp -pv 1 2 ../cver/; } -[ $ff ] && { make ff; cp -pv 3 ../cver/; } +[ $zlib ] && { make -C.. zlib; cp -pv 1 2 ../cver/; } +[ $ff ] && { make -C.. ff; cp -pv 3 ../cver/; } rm -rf cver2 diff --git a/scripts/toc.sh b/scripts/toc.sh index 611e092a..26d9ea01 100755 --- a/scripts/toc.sh +++ b/scripts/toc.sh @@ -27,7 +27,7 @@ cat $f | awk ' sub(/\[/,""); sub(/\]\([^)]+\)/,""); bab=$0; - gsub(/ /,"-",bab); + gsub(/[ :]+/,"-",bab); gsub(/\./,"",bab); h=sprintf("%" ((lv-1)*4+1) "s [%s](#%s)", "*",$0,bab); next