From cafe53c055f8960be9a941a5aeb2b0cbc35cd871 Mon Sep 17 00:00:00 2001 From: ed Date: Sun, 20 Aug 2023 22:02:40 +0000 Subject: [PATCH] v1.9.0 --- README.md | 8 ++++---- copyparty/__main__.py | 2 +- copyparty/__version__.py | 6 +++--- copyparty/httpcli.py | 2 +- copyparty/multicast.py | 2 ++ copyparty/up2k.py | 2 ++ docs/changelog.md | 23 +++++++++++++++++++++++ 7 files changed, 36 insertions(+), 9 deletions(-) diff --git a/README.md b/README.md index 4b722c85..8fd93ea2 100644 --- a/README.md +++ b/README.md @@ -1244,18 +1244,18 @@ example webserver configs: ## prometheus -metrics/stats can be enabled at `/.cpr/s/metrics` for grafana / prometheus / etc. +metrics/stats can be enabled at URL `/.cpr/metrics` for grafana / prometheus / etc (openmetrics 1.0.0) -must be enabled with `--stats` since it reduces startup time a tiny bit +must be enabled with `--stats` since it reduces startup time a tiny bit, and you probably want `-e2dsa` too -the endpoint is only accessible by `admin` accounts, meaning the `a` in `rwmda` of the following example commandline: `python3 -m copyparty -a ed:wark -v /mnt/nas::rwmda,ed` +the endpoint is only accessible by `admin` accounts, meaning the `a` in `rwmda` in the following example commandline: `python3 -m copyparty -a ed:wark -v /mnt/nas::rwmda,ed --stats -e2dsa` follow a guide for setting up `node_exporter` except have it read from copyparty instead; example `/etc/prometheus/prometheus.yml` below ```yaml scrape_configs: - job_name: copyparty - metrics_path: /.cpr/s/metrics + metrics_path: /.cpr/metrics basic_auth: password: wark static_configs: diff --git a/copyparty/__main__.py b/copyparty/__main__.py index 68536e7c..99b93984 100755 --- a/copyparty/__main__.py +++ b/copyparty/__main__.py @@ -964,7 +964,7 @@ def add_hooks(ap): def add_stats(ap): ap2 = ap.add_argument_group('grafana/prometheus metrics endpoint') - ap2.add_argument("--stats", action="store_true", help="enable stats at /.cpr/s/metrics for admin accounts") + ap2.add_argument("--stats", action="store_true", help="enable openmetrics at /.cpr/metrics for admin accounts") ap2.add_argument("--nos-hdd", action="store_true", help="disable disk-space metrics (used/free space)") ap2.add_argument("--nos-vol", action="store_true", help="disable volume size metrics (num files, total bytes, vmaxb/vmaxn)") ap2.add_argument("--nos-dup", action="store_true", help="disable dupe-files metrics (good idea; very slow)") diff --git a/copyparty/__version__.py b/copyparty/__version__.py index 78f7332e..db05e0cf 100644 --- a/copyparty/__version__.py +++ b/copyparty/__version__.py @@ -1,8 +1,8 @@ # coding: utf-8 -VERSION = (1, 8, 8) -CODENAME = "argon" -BUILD_DT = (2023, 7, 25) +VERSION = (1, 9, 0) +CODENAME = "prometheable" +BUILD_DT = (2023, 8, 20) S_VERSION = ".".join(map(str, VERSION)) S_BUILD_DT = "{0:04d}-{1:02d}-{2:02d}".format(*BUILD_DT) diff --git a/copyparty/httpcli.py b/copyparty/httpcli.py index 7068d8e1..506dee4a 100644 --- a/copyparty/httpcli.py +++ b/copyparty/httpcli.py @@ -822,7 +822,7 @@ class HttpCli(object): self.reply(b"", 301, headers=h) return True - if self.vpath == ".cpr/s/metrics": + if self.vpath == ".cpr/metrics": return self.conn.hsrv.metrics.tx(self) path_base = os.path.join(self.E.mod, "web") diff --git a/copyparty/multicast.py b/copyparty/multicast.py index 995a54db..8547b1e6 100644 --- a/copyparty/multicast.py +++ b/copyparty/multicast.py @@ -346,6 +346,8 @@ class MCast(object): # linux does leaves/joins twice with 0.2~1.05s spacing time.sleep(1.2) + if not self.running: + return for srv in self.srv.values(): self.hop(srv, True) diff --git a/copyparty/up2k.py b/copyparty/up2k.py index 21a169b8..4dc56634 100644 --- a/copyparty/up2k.py +++ b/copyparty/up2k.py @@ -2413,6 +2413,8 @@ class Up2k(object): except: # missing; restart if not self.args.nw and not n4g: + t = "forgetting deleted partial upload at {}" + self.log(t.format(path)) del reg[wark] break diff --git a/docs/changelog.md b/docs/changelog.md index 7b66619a..7835d781 100644 --- a/docs/changelog.md +++ b/docs/changelog.md @@ -1,3 +1,26 @@ +▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ +# 2023-0725-1550 `v1.8.8` just boring bugfixes + +final release until late august unless something bad happens and i end up building this thing on a shinkansen + +## recent security / vulnerability fixes +* there is a [discord server](https://discord.gg/25J8CdTT6G) with an `@everyone` in case of future important updates +* [v1.8.7](https://github.com/9001/copyparty/releases/tag/v1.8.7) (2023-07-23) - [CVE-2023-38501](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38501) - reflected XSS +* [v1.8.2](https://github.com/9001/copyparty/releases/tag/v1.8.2) (2023-07-14) - [CVE-2023-37474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37474) - path traversal (first CVE) + * all serverlogs reviewed so far (5 public servers) showed no signs of exploitation + +## bugfixes +* range-select with shiftclick: + * don't crash when entering another folder and shift-clicking some more + * remember selection origin when lazy-loading more stuff into the viewport +* markdown editor: + * fix confusing warnings when the browser cache decides it *really* wants to cache + * and when a document starts with a newline +* remember intended actions such as `?edit` on login prompts +* Windows: TLS-cert generation (triggered by network changes) could occasionally fail + + + ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ # 2023-0723-1543 `v1.8.7` XSS for days